On Sun, May 18, 2008 at 7:45 PM, Kurt Dillard <[EMAIL PROTECTED]> wrote: > Apparently Gadi doesn't understand either. Rootkits don't need to exploit > vulnerabilities in an OS, they leverage the design of the OS or the > underlying hardware platform. You don't 'patch' the design of something. You > want to stop rootkits in IOS? Don't allow it to run arbitrary code, run the > OS in firmware rather than from writable storage. Go study up on rootkits > for a few weeks before you complain about someone demonstrating one. Unlike > you guys I happen to know what I am talking about as I've been studying > malware including rootkits for over 10 years. By studying I mean taking them > apart, figuring out how they work, and finding tools to deal with them; not > reading some half-assed article on CNET or Ziff-Davis full of technical > errors. > > Over the past few years Cisco, Apple, and Oracle have behaved an awful lot > like Microsoft did 10 years ago, trying to pretend that their platforms are > immune to malware and refusing to approach vulnerabilities head-on with an > attitude of rational pragmatism. Dave Litchfield and his team have dragged > Oracle kicking and screaming to the world of reality, the same has yet to > happen with the other two firms.
As soon as this presentation is done, someone like HD Moore will work out whats going on and code something and do what he normally does and release some kind of point and click disaster for the script kids to use. Sebastian Muniz, he isn't planning to release any source code, but with brain boxes like HD Moore around he won't need to. He will pretty much hint to the HD Moore's of the world how its all happening, and then its going to be script kiddie hell as soon as the HD Moore's of the world release a point and click disaster. Folks like HD Moore are desperate for new things to leverage to get a name for themselves that will shock and awe the security world so that they will go down in the history books as some great hero of info sec. Trust me, I don't want the HD Moore's of the world working out how to do Cisco rootkits, because he will only code something and throw it out to the masses. This kind of Cisco rootkit should be placed under the secrecy act so its illegal to release this kind of thing that should only be used by the intelligence services. I think me and Gadi are right in saying, if this presentation goes ahead its going to be an absolute disaster as soon as HD Moore catches on how its done. I'm not technically gifted so I can't join in the technical discussion but I see a threat when I see one. All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/