Blue Pill: No hoax

Summary:By now you've probably heard of Joanna Rutkowska's "Blue Pill" concept attack using hardware virtualization features of AMD and Intel processors. This technique was demonstrated in front of a live audience at the recent Black Hat conference but some refuse to believe it. Their rhetoric is only encouraging the crackers.

By now you've probably heard of security researcher Joanna Rutkowska's "Blue Pill" concept -- a way take advantage of hardware virtualization features of AMD and Intel processors to surreptitiously log keystrokes or do whatever else an attacker might want. This technique was demonstrated in front of a live audience at the recent Black Hat conference.

Morpheus: Do you believe in fate, Neo?
Neo: No.
Morpheus: Why not?
Neo: 'Cause I don't like the idea that I'm not in control of my life.
-- The Matrix

Despite statements from Austin Wilson, director of the Windows client group at Microsoft that "What she showed was legitimate and a very real threat," many have labeled Blue Pill as some kind of hoax. Tom Yager called it "an attention-whoring non-threat". Anthony Liguori of the Xen project said in an interview that "anti-malware software will always be able to detect this sort of attack". 

This kind of rhetoric reminds me of a certain head of state standing on an aircraft carrier and saying "Bring 'em on". What do you think is the most effective way to make crackers want to exploit this concept? Tell them it's stupid and impossible, and to not dare try anything because they will be detected. Thanks guys.

For more information on Blue Pill see Joanna's blog

Topics: Virtualization


Ed Burnette has been hooked on computers ever since he laid eyes on a TRS-80 in the local Radio Shack. Since graduating from NC State University he has programmed everything from serial device drivers and debuggers to web servers. After a delightful break working on commercial video games, Ed reluctantly returned to business software. He... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.