a slashdot article was the first i'd heard of this, anyone else aware of the details here?
Rutkowska Faces 'Blue Pill' Rootkit Challenge
Rutkowska already thought of [the issue of 50/50 odds] (as well as a couple of other things)
Rutkowska Faces 'Blue Pill' Rootkit Challenge
"Three high-profile security researchers — Thomas Ptacek of Matasano Security, Nate Lawson of Root Labs and Symantec's Peter Ferrie — have issued a challenge to Joanna Rutkowska to prove that her 'Blue Pill' technology can create "100 percent undetectable" malware. The Black Hat 2007 challenge will feature two untouched laptops of the make/model of Rutkowska's choosing for her to plant Blue Pill on one. From the article: 'She picks one in secret, installs her kit, sets them up however she wants,' Lawson explained in an interview. 'We get to install our software on both and run it, [and] we point out which machine [Blue Pill] is on. If we're wrong, she keeps the laptop.' No word on whether Rutkowska will accept the challenge."
"First, we believe that 2 machines are definitely not enough, because the chance of correct guess, using a completely random (read: unreliable) detection method is 50%. Thus we think that the reasonable number is 5 machines."
She then goes on to detail how at least one but no more than four of the machines are infected and that the detection method must be automatic and return only "infected" or "not infected" as output.
There are some other details she proposes, some of which are head-scratchers such as "The detector can not consume significant amount of CPU time (say > 90%) for more then, say 1 sec."
She then goes on to detail how at least one but no more than four of the machines are infected and that the detection method must be automatic and return only "infected" or "not infected" as output.
There are some other details she proposes, some of which are head-scratchers such as "The detector can not consume significant amount of CPU time (say > 90%) for more then, say 1 sec."
Comment