[unisog] HXD

Hill, Dan danhill at umich.edu
Sun Feb 13 23:54:30 GMT 2005

  Last year at Tech-Ed I lobbied (unsuccessfully) for Microsoft to
provide a PE boot CD that would guarantee authenticity of critical
Windows OS pieces such as gina.dll, lsass.exe and the windows APIs that
lists running processes and accepts passwords.  Such a disk could insure
that a system, when booted would not have replacement "shim" code that
captures passwords or hides processes.  There was considerable interest,
but no commitment.  
  My basic argument is that if Microsoft wants "Trustworthy Computing"
then they needed to provide us with a tool that insures that we were
dealing with Microsoft code, and not talking to some hacker's code. 
  I urge everyone who speaks with Microsoft to demand that Microsoft
produce a tool that can certify system components as authentic.
Dan Hill
Manager Technical Services
University of Michigan - MHRI

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Wes Young
Sent: Friday, February 11, 2005 1:35 PM
To: UNIversity Security Operations Group
Subject: [unisog] HXD

Hash: SHA1

What (if you've seen it) has been your best ally against Hacker Defender
(and other comperable rt kits) that have all the goodies: self destruct,
password crackers etc...

Will running SAV in safe mode help get rid of most of these, or are
there other ways around it that I am just missing (short of a system
rebuild, which doesn't help much without rebuilding your password
structure as well)...

- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
Version: GnuPG v1.2.6 (GNU/Linux)

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list