Backups [was Re: Is tape dead?]

Liam Proven lproven at gmail.com
Sun Sep 20 05:57:17 CDT 2015


On 20 September 2015 at 05:58, John Foust <jfoust at threedee.com> wrote:
> Someone's demonstrated you can hide in the firmware of hard drives.

And access the hypervisor layer of an OS in various ways from programs
executing inside a VM.

So, for instance, much malware self-inactivates if it detects that
it's running inside a guest instance, so that anti-malware
investigators cannot examine its behaviour.

What is now being investigated (doubtless by both sides) is malware
that can inject code into the hypervisor from within a guest. Once
you've reached x86-64 Ring -1, then you're a god, you can do anything
you like to any VM and no anti-malware in the VMs can prevent it.

There is also research into using the increasingly industry-standard
remote-management features in core chipsets to hide or distribute
malware, again out of reach of any OS-level task.

And there is the very controversial claim of malware that could
transmit itself from machine to machine using speakers and microphone.

It's a jungle out there, with all that that implies about parasitism,
zombieism, concealment and stealth and creepy disgusting infections
that hide for a lifetime then apparently explode out of nowhere.


-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lproven at cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven at hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)


More information about the cctalk mailing list