Secure Coding mailing list archives
Silver Bullet 49: Ivan Arce + informIT on Virtual PC vulnerability
From: gem at cigital.com (Gary McGraw)
Date: Fri, 30 Apr 2010 10:20:15 -0400
hi sc-l, Ivan Arce is the CTO and co-founder of Core. He's a very knowledgeable guy and well-respected among the breakers of stuff, especially when it comes to low-level attacks against BIOS, kernels, and VMs. Ivan is Silver Bullet podcast victim 49: http://www.cigital.com/silverbullet/show-049/ We discuss the attacker's perspective, geek life in Argentina, embedded systems attacks, and an important vulnerability in Virtual PC that Core is having a very hard time convincing Microsoft to fix. On that last point, Ivan and I wrote this month's informIT column about the as yet unfixed the Virtual PC problem: Assume Nothing: Is Microsoft Forgetting a Crucial Security Message? http://www.informit.com/articles/article.aspx?p=1588145 It seems Microsoft is overlooking one of the most important lessons from Exploiting Software...assume nothing. As always, your feedback on Silver Bullet and the informIT series is welcome. gem company www.cigital.com blog www.cigital.com/justiceleague book www.swsec.com
Current thread:
- Silver Bullet 49: Ivan Arce + informIT on Virtual PC vulnerability Gary McGraw (Apr 30)