Thread: Vulnerability
View Single Post
  #4   (View Single Post)  
Old 20th March 2009
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I found an old interview with Duflot whic may be helpful, describing SMM and the X11-based weakness for *nix systems in more detail.

I did not recall the issue clearly, when I wrote above that X uses SMM. It doesn't. SMM uses legacy video RAM memory, and that is where the weakness lies. But I had read this interview 3 years ago, as I remembered the title:

http://www.securityfocus.com/columnists/402

BSDfan's Wiki reference has a link in the footnotes to an article describing a demonstration SMM-based rootkit shown at the Black Hat '08 conference. The key to such things is that OS's and their applications do not have access to SMM datablocks, and would be blind to code hidden therein.
Reply With Quote