- Atheism (2)
- Light Banter (1)
- Misc (7)
- Python 2.5 Lessons (1)
- Religion (2)
- Science (1)
- SciFi (2)
- Technology (6)
- 17. July 2011: Virtualize IOS and JunOS to run on any x86 platform
- 7. September 2010: VMWORLD 2010 Notes
- 9. April 2010: Checking out Virtual Device Interfaces
- 11. January 2010: I watched AVATAR opening night and it blew my mind
- 11. January 2010: Changing my identity from a Hindu Atheist to a Hindu Non-Theist
- 11. January 2010: Attending Digital Leakage Prevention and Encryption SANS Summit in New Orleans
- 19. March 2009: ITL announces the new attack against a major flaw affecting all newer Intel chipsets
- 18. March 2009: Report Card for Cisco's press release on Unified Computing Platform
- 24. February 2009: Cloud Computing from Managed Services Providers and Private Internet
- 23. February 2009: WOw, Be A Fine Girl, Kiss Me Right Now!
ITL announces the new attack against a major flaw affecting all newer Intel chipsets
The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. This particular exploit can hide itself in the SMM space when tied with a rootkit. While we are all concerned about a probable hypervisor exploit, the SMM attacks work at an even deeper hardware level of abstraction, as SMM is more privileged than a hypervisor. The Operating System cannot disable or ignore SMI calls. To disable SMM one has to disassemble the the firmware physically. Since SMI takes precedence over any OS call, an SMM rootkit is extremely stealthy. Rafal Wojtczuk released the paper explaining the exploit and the code. Now somebody has to integrate it with a hypervisor rootkit like Blue Pill or GMER.
The paper and the code can be found at:
http://sanjaysays.com/__oneclick_uploads/2009/03/smm_cache_fun1.pdf
20. March 2009 at 11:21
Lame story on an equally lame website…