Re: Death of antivirus software imminent

2008-01-02 Thread Bill Frantz
On Dec 29, 2007, at 6:37 PM, Anne Lynn Wheeler wrote: Virtualization still hot, death of antivirus software imminent My favorite virtual machine use is for the virus to install itself as a virtual machine, and run the OS in the virtual machine. This technique should be really good for hiding

Re: Storm, Nugache lead dangerous new botnet barrage

2008-01-02 Thread Brandon Enright
On Fri, 28 Dec 2007 09:06:44 -0800 or thereabouts ' =JeffH ' [EMAIL PROTECTED] wrote: Storm, Nugache lead dangerous new botnet barrage By Dennis Fisher, Executive Editor 19 Dec 2007 | SearchSecurity.com http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286808

Re: Question on export issues

2008-01-02 Thread Florian Weimer
* Ivan Krstić: We've recently had to jump through the BIS crypto export hoops at OLPC. Our systems both ship with crypto built-in and, due to their Fedora underpinnings, allow end-user installation of various crypto libraries -- all open-source -- through our servers. It was a nightmare; the

Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered

2008-01-02 Thread markus reichelt
* markus reichelt [EMAIL PROTECTED] wrote: * Ralf-Philipp Weinmann [EMAIL PROTECTED] wrote: My colleague Erik took photos of the slides which I put up on Zooomr [0]. A video recording of the talk should be available shortly and will be linked here. preliminary link for the video:

Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered

2008-01-02 Thread Marcos el Ruptor
The 48-bit Philips Hitag2 algorithm has been completely reverse- engineered a long time ago: http://cryptolib.com/ciphers/hitag2/ Ruptor - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to

Re: Death of antivirus software imminent

2008-01-02 Thread Anne Lynn Wheeler
Bill Frantz wrote: My favorite virtual machine use is for the virus to install itself as a virtual machine, and run the OS in the virtual machine. This technique should be really good for hiding from virus scanners. re: http://www.garlic.com/~lynn/aadsm28.htm#2 Death of antivirus software

Re: Death of antivirus software imminent

2008-01-02 Thread Angelos D. Keromytis
There was a paper in IEEE Security Privacy 2006 by Sam King on how to do this kind of attack (his system was called SubVirt): http://www.eecs.umich.edu/virtual/papers/king06.pdf However, in practice it turns out this is a much harder than people think. See Tal Garfinkel's paper on

Re: Death of antivirus software imminent

2008-01-02 Thread Leichter, Jerry
Virtualization has become the magic pixie dust of the decade. When IBM originally developed VMM technology, security was not a primary goal. People expected the OS to provide security, and at the time it was believed that OS's would be able to solve the security problems. As far as I know, the

NSA upgrades its backup power

2008-01-02 Thread Perry E. Metzger
http://www.fas.org/blog/secrecy/2008/01/nsa_announces_power_upgrades_p.html -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

Samuel Snyder, early NSA cryptographer, dies.

2008-01-02 Thread Perry E. Metzger
Samuel S. Snyder, 96, who was honored this year for his contributions to code breaking during the 1940s and the conceptualization and design of computers in the 1950s at the National Security Agency and its predecessors, died Dec. 28[...]

RE: Death of antivirus software imminent

2008-01-02 Thread Charles Jackson
One virtualization approach that I have not see mentioned on this thread is to run the virtual machine on a more secure OS than is used by the applications of interest. For example, one could run VMware on SELinux and use VMware to host Windows/Vista. Thus, even if a virus subverts Windows it

RE: Death of antivirus software imminent

2008-01-02 Thread Leichter, Jerry
| One virtualization approach that I have not see mentioned on this | thread is to run the virtual machine on a more secure OS than is used | by the applications of interest. | | For example, one could run VMware on SELinux and use VMware to host | Windows/Vista. Thus, even if a virus subverts