No announcement yet.

Black Hat 2007 "Blue Pill challenge"

  • Filter
  • Time
  • Show
Clear All
new posts

  • Black Hat 2007 "Blue Pill challenge"

    a slashdot article was the first i'd heard of this, anyone else aware of the details here?

    Rutkowska Faces 'Blue Pill' Rootkit Challenge
    "Three high-profile security researchers — Thomas Ptacek of Matasano Security, Nate Lawson of Root Labs and Symantec's Peter Ferrie — have issued a challenge to Joanna Rutkowska to prove that her 'Blue Pill' technology can create "100 percent undetectable" malware. The Black Hat 2007 challenge will feature two untouched laptops of the make/model of Rutkowska's choosing for her to plant Blue Pill on one. From the article: 'She picks one in secret, installs her kit, sets them up however she wants,' Lawson explained in an interview. 'We get to install our software on both and run it, [and] we point out which machine [Blue Pill] is on. If we're wrong, she keeps the laptop.' No word on whether Rutkowska will accept the challenge."
    Rutkowska already thought of [the issue of 50/50 odds] (as well as a couple of other things)
    "First, we believe that 2 machines are definitely not enough, because the chance of correct guess, using a completely random (read: unreliable) detection method is 50%. Thus we think that the reasonable number is 5 machines."

    She then goes on to detail how at least one but no more than four of the machines are infected and that the detection method must be automatic and return only "infected" or "not infected" as output.

    There are some other details she proposes, some of which are head-scratchers such as "The detector can not consume significant amount of CPU time (say > 90%) for more then, say 1 sec."
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

  • #2
    Re: Black Hat 2007 "Blue Pill challenge"

    June 29th
    She had 5 demands, the last one was a no-go.
    Maybe $384,000 as a prize, but she wanted it as payment.

    [QUOTE=Deviant Ollam;87763]a slashdot article was the first i'd heard of this, anyone else aware of the details here?

    A quick update to the challenge handed down to hacker Joanna Rutkowska to prove that her Blue Pill technology creates “100% undetectable malware.”

    Rutkowska says she is “ready to accept” the challenge but wants her two-person team to be paid $384,000 ($200/hr a day each for two people working full-time for six months), a demand that has dashed all hopes for a hacker face off at Black Hat this year.
    Synapses, the spaces between neurons, are the channels through which our most fundamental traits, preferences, and beliefs are encoded. In short, they enable each of us to function as a single, integrated individual
    -A synaptic self- from moment to moment, from year to year


    • #3
      Re: Black Hat 2007 "Blue Pill challenge"

      That is an insane demand though.


      • #4
        Re: Black Hat 2007 "Blue Pill challenge"

        Originally posted by 0x58 View Post
        That is an insane demand though.
        I thought so to, but her argument made sense as to why that amount. Honestly, if a company could create an AV or detection program that spotted her re-engineered blue pill 100% of the time, that kind of money should be a drop in the bucket compared to the advertisement value.

        That's also cheap R&D, when you get down to it.

        - Grendel