flat assembler
Message board for the users of flat assembler.

Index > Heap > CONFidence 2009

Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
I want to inform you about computer security conference "CONFidence 2009" that will happen on 15-16 may 2009, in Krakow. Key speakers are Bruce Schneier and Joanna Rutkowska. I happened to be invited too, so it is now my task to inform everyone about it Smile

Conference site: http://2009.confidence.org.pl/

If anyone from this forum is coming, please let me know. This is also good chance to meet with Tomasz Grysztar. Twisted Evil
Post 21 Mar 2009, 13:23
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8864
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
awesome cool, all the geniuses gathered around in one place ....
are they going to crack internet browsers?? Razz

i think every male programmer in love with her (Joanna Rutkowska) Razz
vid, please update us from time ot time... with pictures of course..
Post 21 Mar 2009, 14:01
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
i think every male programmer in love with her (Joanna Rutkowska) Razz

I'll just leave this here...

Quote:
vid, please update us from time ot time... with pictures of course..

I am not the type who keeps taking photos all the time, so don't count on me too much.
Post 21 Mar 2009, 16:44
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Also this
Post 21 Mar 2009, 17:22
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2887
Location: [RSP+8*5]
bitRAKE
Wow, Jan got rooted. Twisted Evil
...or he chose to take the Blue Pill? Laughing
Post 22 Mar 2009, 01:28
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Yeah, it is absolutely horrifying, how some hidden things are 100% undetectable (by common means of detection)...
Post 22 Mar 2009, 09:34
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
I don't get the point? can he polymorph or something? Confused
Post 22 Mar 2009, 15:51
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Yes, modern virtualization can make things appear different than they are at the root. Hence it can be used to hide facts that you don't want your guests to detect.
Post 22 Mar 2009, 17:09
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2887
Location: [RSP+8*5]
bitRAKE
vid, AFAIK it is very difficult to hide the brow ridge.
(not impossible, of course)
Post 22 Mar 2009, 17:45
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
I think that if you compare the particular feature you mentioned on baremetal system to one that is possibly virtualized, you will notice that there is little difference between the two, making it a bad candidate for detection of virtualization. Careful analysis of cache or look-aside-buffers might bear decisive answer about presence of virtualization on particular system. But not only it would require privileged access to system, and undertake risk of nondeterministic behavior, consequences of positive result may be quite unpleasant - there is good reason for calling function to detect virtualization IsGameOver().
Post 22 Mar 2009, 18:35
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2887
Location: [RSP+8*5]
bitRAKE
A bare metal system ignores the environment in which the system operates. There would be a range of features - of which a collection could trigger further caution, and testing similar to what you've indicated. Privileged access is not aways possible or desirable, and yet we can expect some relative safety. For example, a more privileged process could seek additional verification, and a trust matrix would develop. Some might argue that that is where we are, now.
Post 22 Mar 2009, 20:20
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
Some might argue that that is where we are, now.

As would I. IsGameOver() still remains a function that all detectors are reluctant to call. It is better to keep our stack clean.
Post 22 Mar 2009, 20:31
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2887
Location: [RSP+8*5]
bitRAKE
Even a stackless system would be vulnerable to the same kind of attacks. A graceful de-escalation of privileges might be possible by BluePill'ing the BluePill - not nesting VMs, but under-cutting the present VM. This has lead to the present work on Xen/SMM. So few people benefit from playing into an end game.
Post 22 Mar 2009, 20:53
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.