Sunday, March 04, 2007

rootkit defense -- not so fast

A recent demonstration at Black Hat DC by Joanna Rutkowska shows how hardware based rootkit defense may not be sufficient when facing an elite hacker. Rutkowska showed how the image of volatile memory as seen by the CPU can be different from the image in memory.

This is significant as it shows that monitoring at the hardware level is not fool-proof and defenders must use a combination of hardware and software monitoring.

Read the article.

Actual implementation of this attack does not seem very likely due to the complexity.

No comments: