joanna rutkowska

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Let users virtualize Vista because hypervisor rootkits are no threat

Ryan Naraine is on vacation. Guest editorial by Thomas Ptacek Several weeks ago, reports surfaced that the threat of super-sophisticated "hypervisor malware" was preventing Microsoft from allowing their Windows Vista Home Edition operating system from running within virtualization software. Now, Microsoft may have a lot of good reasons for restricting...

Tags: Windows Vista, Vulnerability research, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Microsoft, Hackers, Exploit code, Data theft, Browsers, Botnets, Black Hat, Apple

Blog posts 2007-07-05

Blue Pill hacker challenge update: It's a no-go

A quick update to the challenge handed down to hacker Joanna Rutkowska to prove that her Blue Pill technology creates "100% undetectable malware."Rutkowska says she is "ready to accept" the challenge but wants her two-person team to be paid $384,000 ($200 a day each for two people working full-time for...

Tags: Uncategorized

Blog posts 2007-06-29

Rutkowska faces '100% undetectable malware' challenge

At last year's Black Hat security conference, stealth malware researcher Joanna Rutkowska caused a stir with the introduction of Blue Pill, a new technology she claims can create malware that remains "100 percent undetectable."This year, a group of her peers will challenge Rutkowska to prove it, arguing that a...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Open source, Microsoft, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Apple

Blog posts 2007-06-27

Rutkowska launches Invisible Things Labs startup

Polish hacker Joanna Rutkowska has branched out on her own, launching a new security services startup called Invisible Things Labs. Rutkowska, an elite hacker who specializes in offensive rootkit research, said the new company will focus mainly on operating system security -- system compromises, stealth malware, anti-virus and HIPS...

Tags: Exploit code, Data theft, Browsers, Botnets, Black Hat, Hackers, Hirings and firings, Metasploit, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Vulnerability research, Windows Vista, Zero-day attacks

Blog posts 2007-05-15

Hardware-based rootkit detection proven unreliable

For years, weve been convinced by companies like Komoku and BBN Technologies that hardware-based RAM acquisition is the most reliable and secure way to sniff out the presence of a sophisticated rootkit on a compromised machine. Not so fast, says Joanna Rutkowska, a security researcher at COSEINC Malware Labs....

Tags: Black Hat, Data theft, Exploit code, Hackers, Pen testing, Responsible disclosure, Rootkits, Viruses and Worms, Vulnerability research, Zero-day attacks

Blog posts 2007-03-02

What the UAC 'hole' is really about

Fellow blogger Ryan Naraine had a blog "Hacker, Microsoft duke it out over Vista design flaw" where he reported on a disagreement between elite researcher Joanna Rutkowska (Singapore-based Coseinc) and elite programmer Mark Russinovich formerly Sysinternals and acquired by Microsoft. Ive spoken with both of these people and...

Tags: Desktop, Security, Vista

Blog posts 2007-02-14

Hacker, Microsoft duke it out over Vista design flaw

Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC User Account Control and found out -- from Microsoft officials -- that the default no-admin setting isnt even a security mechanism anymore....

Tags: Browsers, Data theft, Hackers, Microsoft, Pen testing, Punditocracy, Vulnerability research, Windows Vista

Blog posts 2007-02-13

Detecting the Blue Pill Hypervisor rootkit is possible but not trivial

There has been much skepticism over the claim that Blue Pill the first effective Hypervisor rootkit is 100% undetectable and I myself was very skeptical of Blue Pill when I first read about it. I had an extensive email conversation with Joanna Rutkowska (of Singapore-based COSEINC) weeks before her...

Tags: Blue Pill, Blue

Blog posts 2006-08-17

Impact of Vista x64 signed driver requirement bypass

At DEFCON 2006, I had a chance to sit down with Joanna Rutkowska who is a researcher from Poland working for Singapore-based Coseinc. Rutkowska had presented two security presentations at Black Hat 2006 (occurred right before DEFCON 2006). The first presentation detailed a way of bypassing Vista x64...

Tags: Joanna Rutkowska, Vista x64, Microsoft Windows Vista

Blog posts 2006-08-11

Hackers at Black Hat rise to Microsoft's challenge to break Vista's security (and succeed)

Looks like Microsoft has more work to do on Vista's security. According to InfoWorld:After security researcher Joanna Rutkowska demonstrated Thursday how it's possible to circumvent security in Microsoft's Vista beta software and install a rootkit called Blue Pill, Microsoft said it intends to find ways to stop both potential threats...

Tags: Microsoft Windows Vista, security

Blog posts 2006-08-04

Additional Resources

'Evil Maid' USB stick attack keylogs TrueCrypt passphrases

nonsenseanybody who is truly concerned about security will have set the BIOS to require a password at boot...and will set 'boot from USB' to 'Disabled'.Can't you password protect from even booting up?I assume we are talking about business class laptops.InterestingPhysical security is paramount - especially when it comes to data...

Tags: Notebooks, maid, BIOS, laptop computer, USB, Evil Maid, hard drive, Evil, attack

Discussion threads 2009-10-19

'Evil Maid' USB stick attack keylogs TrueCrypt passphrases

Security researcher Joanna Rutkowska has released a PoC proof of concept of a keylogger that is capable of logging TrueCrypt's disk encryption passphrase enabling the attacker to successfully decrypt the hard drive's content. Dubbed, the 'evil maid' attack due to its 'plug-and-exploit' functionality requiring 1-2 minutes for...

Tags: Disk, Passphrase, USB, Laptop Computer, Attack, TrueCrypt, Hotel Room, Mobile Proximity Alarm, Notebooks, Security, Hardware, Notebooks & Tablets, Dancho Danchev

Blog posts 2009-10-19

Intel ships BIOS fix for Rutkowska's Black Hat flaw

Intel has shipped a BIOS update with a fix for a privilege escalation vulnerability that was used by rootkit researcher Joanna Rutkowska to bluepill the Xen hypervisor. The vulnerability was discussed by Rutkowska at the Black Hat briefings earlier this month but details on the exploit were...

Tags: Black Hat, Hypervisor, Motherboard, BIOS Update, Intel Corp., Flaw, System Management Mode, Level Privilege, BIOS, Virtualization, Hardware, Components, Ryan Naraine

Blog posts 2008-08-27

Black Hat Las Vegas Day 2

Again, sorry for the late updates.  Vegas is the kind of place that demands a lot of a person.  Too many parties make it difficult to find time to blog on the conference.  Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but...

Tags: black hat, microsoft corp., applet, image, vegas, nathan mcfeters

Blog posts 2008-08-09

Debating the most influential security folks list

Debating the most influential security folks listNo way...You really think any large company doesn't have cisco solutions as part of their security strategy? How could someone at cisco not be influential?Never been to SANS?Never been to NetOp?Never been to Usenix?Geez - someone outta get their out of the internet...

Tags: influential security folk, security folk, security

Discussion threads 2008-02-13

Is there a rootkit stashed in your boot record?

Is there a rootkit stashed in your boot record?You mean Apple Macs aren't affected?Fascinating. This has been 'known about for some time', Windows 2K affected, XP is affected, Vista partially affected, Apple Mac NOT affected. Imagine that, yet another security drop off which only affects Microsoft Windows. Vista, the OS...

Tags: Rootkits, Microsoft Windows Vista (Longhorn), BIOS, Operating systems, rootkit, Microsoft Windows Vista, Microsoft Corp., Microsoft Windows, MBR

Discussion threads 2008-01-09

Is there a rootkit stashed in your boot record?

The latest rootkit in the wild hides on your hard drive's boot sector and is starting to infect Windows PCs, according to security researchers. And the real kicker: The rootkit can't be detected by most antivirus applications. Symantec has been tracking the latest rootkit--Trojan.Mebroot--and...

Tags: Symantec Corp., Microsoft Corp., SANS Institute, Trojan.Mebroot Kernel, Rootkits, Security, Spyware, Adware & Malware, Larry Dignan

Blog posts 2008-01-09

Microsoft hacker summit tackles security veil of virtualization

The Fall edition of Microsoft's Blue Hat hacker summit will kick off next week with a heavy focus on piercing the security veil of virtualization and process isolation. At Blue Hat v6, scheduled for September 27-28 in Redmond, external security researchers and internal Microsoft software engineers...

Tags: Microsoft Corp., Virtualization, Storage Management, Utility Computing, Rootkits, Hardware, Storage, Security, Spyware, Adware & Malware, Ryan Naraine

Blog posts 2007-09-21

Can Microsoft ever stop kernel tampering in Vista?

I was just going through the slides from Joanna Rutkowska's Black Hat talk (127-page .ppt file) and discovered that there's another unpatched driver flaw that exposes Windows Vista to kernel tampering. This flaw, in NVIDIA nTune, is similar to the recent ATI Technologies driver issue that provides...

Tags: Security, Tampering, Driver, Microsoft Windows Vista, Microsoft Windows, Microsoft Corp., Kernel, PatchGuard, Ryan Naraine

Blog posts 2007-08-21

UPDATE: ATI driver flaw exposes Vista kernel to attackers

See update below for official response from ATIAn unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows Vista kernel.Purple Pill, a utility released by Alex Ionescu and yanked an hour later after...

Tags: Attacker, Driver, Microsoft Windows Vista, Microsoft Corp., ATI Technologies Inc., Advanced Micro Devices Inc., Kernel, Tool, Flaw, Ryan Naraine

Blog posts 2007-08-09