Re: how to fix rootkit?

To: debian-security@lists.debian.org
Subject: Re: how to fix rootkit?
From: "Milan P. Stanic" <mps@arvanta.net>
Date: Thu, 9 Feb 2012 12:49:43 +0100
Message-id: <20120209114943.GA5795@arvanta.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <g5bb09xbl5.ln2@news.roaima.co.uk>
References: <20120208125104.GA18436@thangorodrim.de> <CAM7p17PMimBO-Ouu4gRy7L7PXWdy=a2jRhYo6Wq-J0OKY0DGPw@mail.gmail.com> <4F328178.40209@ulg.ac.be> <4F328961.4040006@advan-ce.hu> <CAM7p17Nv7iF9voVWVOocTq78dLn9S9O_61VgBfzWQNaDoSvaxw@mail.gmail.com> <4F32A8E5.1060806@stummi.org> <CAM7p17MyvsWKTd-CH0SDoDCCU5VxqLXW_cPSC=_JkhqUn3+Kzg@mail.gmail.com> <4F32C157.5090206@stummi.org> <20120208193713.GA16409@arvanta.net> <g5bb09xbl5.ln2@news.roaima.co.uk>

On Wed, 2012-02-08 at 22:56, Chris Davies wrote:
> Milan P. Stanic <mps@arvanta.net> wrote:
> > What about statically linked binaries on the external media (CD, DVD,
> > USB ...) which is write protected with 'execute in place' mode?
> 
> You can no longer trust the kernel. Therefore you cannot trust
> ANY application that runs under that kernel, either directly or
> indirectly. Period.

Of course, you are right here. But then I don't trust the CPU's. How we
know that the manufacturer od CPU, Ethernet card or anything, didn't put
some secret code into device which could be triggered by some
specifically crafted code, data or even electrical sequence.

-- 
Kind regards,  Milan
--------------------------------------------------
Arvanta, IT Security        http://www.arvanta.net
Please do not send me e-mail containing HTML code or documents in
proprietary format (word, excel, pps and so on)

Reply to:

Follow-Ups:
- Re: how to fix rootkit?
  - From: Chris Davies <chris-usenet@roaima.co.uk>

References:
- Re: how to fix rootkit?
  - From: Alexander Schreiber <als@thangorodrim.de>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>
- Re: how to fix rootkit?
  - From: Leonor Palmeira <mlpalmeira@ulg.ac.be>
- Re: how to fix rootkit?
  - From: Repasi Tibor <repasi.tibor@advan-ce.hu>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>
- Re: how to fix rootkit?
  - From: Michael Stummvoll <michael@stummi.org>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>
- Re: how to fix rootkit?
  - From: Michael Stummvoll <michael@stummi.org>
- Re: how to fix rootkit?
  - From: "Milan P. Stanic" <mps@arvanta.net>
- Re: how to fix rootkit?
  - From: Chris Davies <chris-usenet@roaima.co.uk>

Prev by Date: Re: how to fix rootkit?
Next by Date: Re: how to fix rootkit?
Previous by thread: Re: bios infection (was: how to fix rootkit?)
Next by thread: Re: how to fix rootkit?
Index(es):
- Date
- Thread