Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
http://www.theregister.co.uk/2012/09/19/win8_rootkit/ Starting with Windows Vista, 64-bit versions of Windows require all kernel mode drivers be signed with a certificate obtained from Microsoft. This proof of concept UEFI rootkit replaces the Windows 8 boot loader with a version that does not check for these signatures, permitting malware to have its way with the target system. While the POC is for Windows 8, the technique could be used to compromise any OS including Macintosh (the Macintosh UEFI POC demonstrated earlier this year at Black Hat inspired this Windows 8 POC) and GNU/Linux. There are no Linux UEFI rootkits yet that I am aware of, but if OS X can be compromised this way then it's only a matter of time before someone ports the POCs to Linux and *BSD. -- Rich P.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |