Federico Biancuzzi, 2006-05-10
Federico Biancuzzi interviews French researcher Loïc Duflot to learn about the System Management Mode attack, how to mitigate it, what hardware is vulnerable, and why we should be concerned with recent X Server bugs.
Colapse all |
Post comment
The quest for ring 0
2006-05-11
Anonymous (2 replies)
Anonymous (2 replies)
Re: The quest for ring 0
2006-05-11
Matthew Murphy (1 replies)
Matthew Murphy (1 replies)
Incorrect. This exploit enables an attacker (presumably in a root-limited environment) with root privileges to inject code into the kernel. As Loic said, it can be used to bypass some security protections (securelevels, chroot, etc.)...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: The quest for ring 0
2006-07-04
Anonymous (1 replies)
Anonymous (1 replies)
I can't see why you said "incorrect". Without root access, you can't get the chance to inject malicious code in kernel, can you? But with the root access, you can do everything, and mostly you can fulfill your tasks (attacking) more elegently/easily/destructively than injecting code in to the runing...
[ more ] [ reply ]
[ more ] [ reply ]
Interesting Start
2006-05-11
Matthew Murphy (1 replies)
Matthew Murphy (1 replies)
The introduction on this is really not very good, but the technical material discussed is pretty interesting. The Lord of the Rings is NOT relevant in an IS context. :-)...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Interesting Start
2006-05-12
Anonymous (1 replies)
Anonymous (1 replies)
Why not ?
For the fashion of Minas Tirith was such that it was built on seven levels,
each delved into a hill, and about each was set a wall, and in each wall
was a gate.
-- J.R.R. Tolkien, "The Return of the King"
[Quoted in "VMS Internals and Data Structures", V4.4...
[ more ] [ reply ]
For the fashion of Minas Tirith was such that it was built on seven levels,
each delved into a hill, and about each was set a wall, and in each wall
was a gate.
-- J.R.R. Tolkien, "The Return of the King"
[Quoted in "VMS Internals and Data Structures", V4.4...
[ more ] [ reply ]
Virtualization?
2006-05-11
Anonymous (1 replies)
Anonymous (1 replies)
What about virtualization barriers?
Does anyone know if OpenVZ/Virtuozzo is not vulnerable? Xen 3? Solaris/OpenSolaris Zones-Containers?
And what about Mac OS X?
...
[ more ] [ reply ]
Does anyone know if OpenVZ/Virtuozzo is not vulnerable? Xen 3? Solaris/OpenSolaris Zones-Containers?
And what about Mac OS X?
...
[ more ] [ reply ]
Re: Virtualization?
2006-05-12
Anonymous (1 replies)
Anonymous (1 replies)
SMI handler always get control when SMI happen no matter which privage level you are....
[ more ] [ reply ]
[ more ] [ reply ]
The quest for ring 0
2006-05-12
Derek W. Hudson (1 replies)
Derek W. Hudson (1 replies)
The Quest For Ring 0
2006-05-13
hylas
hylas
This fellow, Loïc Duflot is writing about the Holy Grail (for Crackers) here, you all need to really pay attention. This man is really hitting the proverbial nail on the head.
This is a Public Service Announcement.
Loïc Duflot is on to something here.
I'm hoping to flush out some others that ...
[ more ] [ reply ]
This is a Public Service Announcement.
Loïc Duflot is on to something here.
I'm hoping to flush out some others that ...
[ more ] [ reply ]
The quest for ring 0
2006-05-26
Drew Scott Daniels
Drew Scott Daniels
From ReactOS's Developer FAQ http://www.reactos.org/wiki/index.php/Developer_FAQ
* Q Why did Microsoft put the GUI in Ring 0?
* A Because this gives quite an advantage in speed. Contrary to a GUI-server, which will run in its own process, there are no context changes necessary when per...
[ more ] [ reply ]
* Q Why did Microsoft put the GUI in Ring 0?
* A Because this gives quite an advantage in speed. Contrary to a GUI-server, which will run in its own process, there are no context changes necessary when per...
[ more ] [ reply ]
[ more ] [ reply ]