danhill at umich.edu
Sun Feb 13 23:54:30 GMT 2005
Last year at Tech-Ed I lobbied (unsuccessfully) for Microsoft to
provide a PE boot CD that would guarantee authenticity of critical
Windows OS pieces such as gina.dll, lsass.exe and the windows APIs that
lists running processes and accepts passwords. Such a disk could insure
that a system, when booted would not have replacement "shim" code that
captures passwords or hides processes. There was considerable interest,
but no commitment.
My basic argument is that if Microsoft wants "Trustworthy Computing"
then they needed to provide us with a tool that insures that we were
dealing with Microsoft code, and not talking to some hacker's code.
I urge everyone who speaks with Microsoft to demand that Microsoft
produce a tool that can certify system components as authentic.
Manager Technical Services
University of Michigan - MHRI
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Wes Young
Sent: Friday, February 11, 2005 1:35 PM
To: UNIversity Security Operations Group
Subject: [unisog] HXD
-----BEGIN PGP SIGNED MESSAGE-----
What (if you've seen it) has been your best ally against Hacker Defender
(and other comperable rt kits) that have all the goodies: self destruct,
password crackers etc...
Will running SAV in safe mode help get rid of most of these, or are
there other ways around it that I am just missing (short of a system
rebuild, which doesn't help much without rebuilding your password
structure as well)...
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----
unisog mailing list
unisog at lists.sans.org
More information about the unisog