[unisog] HXD

Hill, Dan danhill at umich.edu
Sun Feb 13 23:54:30 GMT 2005


  Last year at Tech-Ed I lobbied (unsuccessfully) for Microsoft to
provide a PE boot CD that would guarantee authenticity of critical
Windows OS pieces such as gina.dll, lsass.exe and the windows APIs that
lists running processes and accepts passwords.  Such a disk could insure
that a system, when booted would not have replacement "shim" code that
captures passwords or hides processes.  There was considerable interest,
but no commitment.  
  My basic argument is that if Microsoft wants "Trustworthy Computing"
then they needed to provide us with a tool that insures that we were
dealing with Microsoft code, and not talking to some hacker's code. 
  I urge everyone who speaks with Microsoft to demand that Microsoft
produce a tool that can certify system components as authentic.
---  
Dan Hill
Manager Technical Services
University of Michigan - MHRI


-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Wes Young
Sent: Friday, February 11, 2005 1:35 PM
To: UNIversity Security Operations Group
Subject: [unisog] HXD

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What (if you've seen it) has been your best ally against Hacker Defender
(and other comperable rt kits) that have all the goodies: self destruct,
password crackers etc...

Will running SAV in safe mode help get rid of most of these, or are
there other ways around it that I am just missing (short of a system
rebuild, which doesn't help much without rebuilding your password
structure as well)...

thanks!
- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCDPrg1M5o0FsrrbERAk1ZAJ0WfZnTI8EUhwaD0bhadlikWLz3oQCgkX48
Kh5i1wH+/qbn3777U0l5NzM=
=5Ruz
-----END PGP SIGNATURE-----
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list