Okay, every self-proclaimed security douchebag expert has weighed in on this issue. It's time for me to dump my load.
This argument is nothing more than an egotistical pissing contest. Why do you need a big challenge for such a common sense issue? The hypervisor rootkit needs to understand how it's being detected in order to completely avoid detection. Any detection routines examining code in the same security context of the rootkit needs to understand the evasion techniques employed in order to effectively detect the kit.
Shame on Joanna for not understanding basic security principles. ...and why the hell do you need $400k+ to do an implementation rather than provide a rational conceptual explanation?
Shame on all these Matasano/Symantec/Root Labs retards for even wasting their time "challenging" Joanna.
This argument is nothing more than an egotistical pissing contest. Why do you need a big challenge for such a common sense issue? The hypervisor rootkit needs to understand how it's being detected in order to completely avoid detection. Any detection routines examining code in the same security context of the rootkit needs to understand the evasion techniques employed in order to effectively detect the kit.
Shame on Joanna for not understanding basic security principles. ...and why the hell do you need $400k+ to do an implementation rather than provide a rational conceptual explanation?
Shame on all these Matasano/Symantec/Root Labs retards for even wasting their time "challenging" Joanna.
Shame on me for being so damn shameful.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/537/2028#2028