On Thu, Mar 19, 2009 at 11:05 AM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
http://www.networkworld.com/community/node/39825?netht=rn_031809nladname=031809
Details are rather sketchy, but it does sound ominous.
This caught my eye:
... privilege escalation from Ring 0 to the
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Thursday, March 19, 2009 11:17 AM
To: NT System Admin Issues
Subject: Re: Rut roh Raggy: Exploit code targeting major Intel chip flaw to be
posted 3/19/09
On Thu, Mar 19, 2009 at 11:05 AM, Micheal Espinola Jr
michealespin
System Admin Issues
Subject: Re: Rut roh Raggy: Exploit code targeting major Intel chip flaw to
be posted 3/19/09
On Thu, Mar 19, 2009 at 11:05 AM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
http://www.networkworld.com/community/node/39825?netht=rn_031809nladname=031809
Details
Issues
Subject: Re: Rut roh Raggy: Exploit code targeting major Intel chip flaw
to be posted 3/19/09
That's how I interpreted it as well, but I dont know anything about SMM.
--
ME2
On Thu, Mar 19, 2009 at 12:31 PM, John Hornbuckle
john.hornbuc...@taylor.k12.fl.us wrote:
The article said
Ever since the PIII Intel has included a microcode update mechanism.
Not all processor errata are fixable though, and the microcode update
needs to be applied on every boot.
Microsoft has use it in the past to fix CPU specific reliability problems:
http://support.microsoft.com/kb/936357
Thomas
Apparently at least one of these SMM rootkits has been around since May of last
year:
Hackers Find a New Place to Hide Rootkits
http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_pl
ace_t o_hide_rootkits.html
or here if the above wraps unusably:
Are you suggesting that such a thing could survive a cold boot?
The rootkit has to be stored somewhere it can execute from, and I don't
think it'll have much success storing itself in the BIOS.
Angus Scott-Fleming wrote:
Since it's at the hardware level, even booting off a cleanup CD won't be
Ben Scott wrote:
Sounds like yet another reason to run as an regular user, not with
administrator rights. (Ring 0 being supervisor mode on i386; Ring 3
is user mode, IIRC.)
In this case ring 0 is the kernel. All user level processes - regardless
of whether the user is root or Administrator
On Thu, Mar 19, 2009 at 1:41 PM, Phil Brutsche p...@optimumdata.com wrote:
In this case ring 0 is the kernel. All user level processes - regardless
of whether the user is root or Administrator or john.smith - run in ring
3.
Right, but administrators can do things like inject kernel code.
[mailto:p...@optimumdata.com]
Sent: Thursday, March 19, 2009 1:41 PM
To: NT System Admin Issues
Subject: Re: Rut roh Raggy: Exploit code targeting major Intel chip flaw to be
posted 3/19/09
Ben Scott wrote:
Sounds like yet another reason to run as an regular user, not with
administrator rights. (Ring
Brutsche [mailto:p...@optimumdata.com]
Sent: Thursday, March 19, 2009 10:41 AM
To: NT System Admin Issues
Subject: Re: Rut roh Raggy: Exploit code targeting major Intel chip flaw to be
posted 3/19/09
Are you suggesting that such a thing could survive a cold boot?
The rootkit has to be stored
11 matches
Mail list logo