By now you've probably heard of security researcher Joanna Rutkowska's "Blue Pill" concept -- a way take advantage of hardware virtualization features of AMD and Intel processors to surreptitiously log keystrokes or do whatever else an attacker might want. This technique was demonstrated in front of a live audience at the recent Black Hat conference.Morpheus: Do you believe in fate, Neo?
Morpheus: Why not?
Neo: 'Cause I don't like the idea that I'm not in control of my life.
-- The Matrix
Despite statements from Austin Wilson, director of the Windows client group at Microsoft that "What she showed was legitimate and a very real threat," many have labeled Blue Pill as some kind of hoax. Tom Yager called it "an attention-whoring non-threat". Anthony Liguori of the Xen project said in an interview that "anti-malware software will always be able to detect this sort of attack".
This kind of rhetoric reminds me of a certain head of state standing on an aircraft carrier and saying "Bring 'em on". What do you think is the most effective way to make crackers want to exploit this concept? Tell them it's stupid and impossible, and to not dare try anything because they will be detected. Thanks guys.
For more information on Blue Pill see Joanna's blog.