zlacker

[parent] [thread] 3 comments
1. tptace+(OP)[view] [source] 2012-09-04 01:15:30
Joanna Rutkowska is famous in computer security circles and highly credible on this particular topic.

The "black hat sorts of exploits" attributed to her tend to be things like, "abusing odd, barely-documented corners of x86 chipsets to bypass hardware-encrypted trusted boot roots". Thinking less of a professional in my field for having exploits attributed to them tends to be a bad idea, but it's a uniquely bad idea in Rutkowska's case.

Outside of conference presentations, Rutkowska doesn't have much peer-reviewed work in the literature. That's because Rutkowska is originally from the malware/rootkit/virus part of the industry. For obvious reasons, antivirus doesn't generate a lot of peer-reviewed academic research. One of those obvious reasons is that they're too busy printing money hats to bother. (This to my chagrin; I am very much not from the AV/malware part of the field).

I'm not vouching for Qubes or even saying that I think the approach (of semi-transparently allocating secure VMs for each application or trust domain on the system) is viable. But Rutkowska is worth taking seriously.

replies(2): >>virapt+c1 >>ChuckM+u2
2. virapt+c1[view] [source] 2012-09-04 01:38:56
>>tptace+(OP)
> Outside of conference presentations, ...

Almost on topic: I have to say the team is also really cool and approachable at conferences - and for that I'm very grateful as a member of the unexperienced audience. They can really adjust the explanations to the right level for the general crowd, which must be quite hard considering the topic.

replies(1): >>daeken+Z4
3. ChuckM+u2[view] [source] 2012-09-04 02:17:32
>>tptace+(OP)
Thank you for the background. Perhaps this time it is posted it will get a bit more traction/pageviews. My history was from early in the Java group trying to do security work in what was clearly going to be targeted as an exploit vector. For a variety of reasons that work didn't get out into Java 1.0 but pieces of it made it out into the crypto API and elsewhere. Folks with solutions to the 'trusted computing' problem that were both simple and wrong were a dime a dozen.

The meta issue here is that clearly the black hat work has some 'trade secret'ness too it in terms of competitors but it cries out for being published/peer reviewed post-money making opportunity or something.

◧◩
4. daeken+Z4[view] [source] [discussion] 2012-09-04 03:17:04
>>virapt+c1
Generally security people are fairly approachable. If you're at BlackHat, all you have to do is say "I saw your presentation -- neat work, but I have some questions" or "want to grab a beer?" and you'll most likely have a good conversation.
[go to top]