MacOS X is not Invulnerable

Apple has fixed a nasty longstanding bug. This bug seems to enable user space programs to overwrite arbitrary locations in the kernel memory. The impact of this depends on how easy it is to guess the location of the target. A technique called Address Space Layout Randomization is expected to help here. Attackers need to guess the location of target variables or code for many computers in order to create a worm or rootkit that spreads using this vulnerability. However, it seems that the kernel memory is not randomized so all macs prior to the latest version of Leopard are vulnerable.

Rootkit Breaks TrueCrypt

There is an attack against TrueCrypt based on a rootkit which is installed in the MBR. Such things are well-known since rootkits have been invented, but this one seems to be targeted directly at TrueCrypt and also quite hard to detect.

Someone who can change the booting process of a PC without being noticed can always steal the keyboard input. However, I would suggest that a tool like TrueCrypt should do everything that as possible to detect rootkits. Also it was suggested to boot TrueCrypt from a physical CD-ROM. That fixes the MBR issue.

Of course a TPM would help here, too. Too bad it has been burned by the DRM industry.

Joanna Rutkowska on Processor-Level Security

Tomshardware runs an interview with Joanna Rutkowska on malware targetet against the BIOS and even the processor firmware. The issue here is that the operating system can't defend itself against malware targetting lower layers of the system like the processor firmware. Here Joanna sees a task for the vendors of BIOSes and firmware.