[Gllug] Hacker Attack
David Damerell
damerell at chiark.greenend.org.uk
Wed Jan 11 14:07:04 UTC 2006
On Saturday, 7 Jan 2006, Martin A. Brooks wrote:
>Nix wrote:
>>... unless they're signed and the signing key is not on the machine, and
>>even then you can't trust your *kernel*
>If the machine has not been rebooted then you probably can trust your
>kernel. Not that that's a great deal of use, though :)
Not if you have loadable module support.
[Not that that's strictly required for a rootkit to patch the running
kernel, but AFAIK that's what's seen in the field.]
--
David Damerell <damerell at chiark.greenend.org.uk> Kill the tomato!
Today is Second Teleute, January.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list