LISTSERV mailing list manager LISTSERV 16.0

Help for LINUX-L Archives


LINUX-L Archives

LINUX-L Archives


LINUX-L@LISTS.UFL.EDU


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Monospaced Font

LISTSERV Archives

LISTSERV Archives

LINUX-L Home

LINUX-L Home

LINUX-L  2007

LINUX-L 2007

Subject:

Re: Jordan on /.

From:

Jordan Wiens <[log in to unmask]>

Reply-To:

Platform Independent Linux List! <[log in to unmask]>

Date:

Wed, 21 Feb 2007 09:16:21 -0500

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (31 lines)

Yeah, TPM, for all the possible ill uses has a couple of nice benefits
and that's one. I haven't looked closely at encrypted BIOS in a while.
  Restricting bios updates via a bios setting that's not accessible to
the OS is the easiest fix. Want to update your bios? Reboot, go into
bios, disable protection, reboot again. Similar to the old bootsector
protection some BIOS used to have built into them to defend against
bootsector viruses.

The hypervisor rootkits are another bit of fun for the recent intel and
amd chipsets that do hw virtualization. The trick there is basically
just make sure you either disable virt or enable it and install your own
hypervisor right away since only one can exist at a time.

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061


Matt wrote:
> Its too bad I am not in Gainesville anymore. It seems like there are
> some good activities going on. Anyway, since we have such renowned
> security expert(s) ;-) on the list I would like to pose a question.
> There has been much talk of lower level rootkits like the Blue Pill that
> subvert the kernel using virtualization and ones that hide in the
> motherboard BIOS or peripheral BIOS. How can one be sure that nothing
> sneaks in the boot phase before control is handed to the OS? I have
> read about secure booting that uses a mostly encrypted, custom BIOS to
> compare hashes of the peripheral firmware and HDD boot sectors (e.g.,
> http://www.cs.umd.edu/~waa/pubs/oakland97.pdf). I am thinking a TPM
> would also be a viable solution?

Top of Message | Previous Page | Permalink

Advanced Options


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Subscribe or Unsubscribe

Subscribe or Unsubscribe


Archives

2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997

ATOM RSS1 RSS2



LISTS.UFL.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager