News Researcher develops NIC rootkit

A security researcher has developed the technology for a network card rootkit.

http://www.bit-tech.net/news/bits/2010/11/24/researcher-develops-nic-rootkit-tech/1

 

scary stuff!

 

At what point is data encrypted? Is it encrypted on the NIC card, or by the processor. If it is the former then this is scary stuff indeed.... Big brother and all that...

 

I think it's very thoughtful of him to do all the casual hackers work for them.

Thanks, Delugré.

 

I wonder what his motivation was for such research. Seems unscrupulous.

 

Looking more and more like the safest machines are the ones not connected to anything at all.

 

Time to start developing bios or even hardware based anti virus. Only way to try and stop such attacks

 

Thnx to guys like this... we can be aware of the potential dangers we didnt imagine could exist and some ppl could use for the bad!!!... This is all for prevention and its good

Ofc... now that we are aware of such a threat being possible... who says great Uncle Sam havent been using this rootkit on all of us or a long time now ¬ ¬'... Google?... ¡¡¡damn Skynet!!!

 

I know a guy who unplugs everything from his computer when he stops using it.

Then he locks it in an ammo box XD

 

best way to prevent any form of attack is a good router with dedicated firewall for it.

firewall software on your desktop is pretty useless IMHO. low level attack such as this will be avaliable sooner or later, because all the standards are open source, as long as someone can be bothered to look at it, they should be able to make something to do low level attack.

 

Start with Killer NIC Bigfoot owners first, most are DBs with too much money anyways

 

As paisa666 says, it's good that a white hat hacker got there first.

There will now probably be a race (between NIC manufactures and black hatters) to see who can be the first (to solve or exploit this, respectively), but at least it's out there I guess.

 

Who sais a white hat hacker got there first? Perhaps someone else is using this exploit for years allready.

 

Do note that this is an older PCI card, so it might very well not apply to PCI Express based NICs, nor the various kinds built into the motherboard chipsets. Then again, it's possible that a similar hack is possible for them.

 

Indeed it's fairly true... I mean, who do you know (Who isn't an enthusiast) who downloads windows updates will notice one file that opens all this up called "Windows Sys32 update"?

but it's nice to see this avenue looked into aswell, especially if companies start up a nice big anti-virus hardware based stuff, be very cool for them to start doing.

 

Maybe he works for uncle Sam....
Otherwise Uncle Sam is going to be pretty **ssed off, as they've probably been using stuff at this level for a loooong time.

Now where's that tinfoil hat?

 

How long before he moves on to southbridge rootkits? :O

 

Most routers enable ALL outbound traffic to pass through. Which means if the NIC makes a outbound connection it can then have two way communication.

If the router was setup correctly to block all outbound except the ports you require it would help but then again nothing stopping them using something like port 80 which you would have open for web access.....

 

a really neat idea.. looks like another exploit to work on

hp had a problem with firmware in some integrated nics recently.. don't think this is related though

http://forums13.itrc.hp.com/service...47627+1290645796523+28353475&threadId=1416260

http://www.doecirc.energy.gov/bulletins/t-328.shtml