[Lazarus] Embarcadero vs Lazarus/FPC (Oracle vs Google)
Lukasz Sokol
el.es.cr at gmail.com
Thu May 10 13:41:08 CEST 2012
On 10/05/2012 12:03, Mark Morgan Lloyd wrote:
> Lukasz Sokol wrote:
>> On 08/05/2012 10:00, Mark Morgan Lloyd wrote:
>>> Hans-Peter Diettrich wrote:
>>>
>>>> In the last c't magazine I found an side-cut on the German
>>>> "Bundestrojaner", a spy software developed for the secret
>>>> service:
>>>>
>>>> "Since the AV software is booted from a clean CD, and has full
>>>> control over the machine, there is no disk space where a
>>>> rootkit or other spyware could hide itself."
>>> Never a safe assumption: a rootkit can hide itself in Flash, and
>>> in particular can hide itself in the "hidden" System Management
>>> Mode BIOS space (Phrack 65).
>>>
>>
>> Hans grumbled on this in next line ;)
>
> No, he grumbled that money had been spent writing something that
> could be defeated by loading a different operating system.
Quoting Hans :
"Millions of taxes, spent for the development of that software, are burnt by an simple update of already existing software (Linux and AV). <grumble> "
which I gather is that he /is/ grumbling about /the/ same assumption
you deemed /not safe/...
> I'm
> pointing out that there are at least two categories of malware (or
> state-sanctioned spyware) which apply to any OS, since they are
> hidden at a lower level (Flash or SMM BIOS).
>
... which you are going into more detail here...
> It's very much comparable to Geohot's hack of the Sony Playstation:
> he attacked the MMU before Sony's loader attempted to run, and was
> able to extract compromising information.
>
... and here :)
To recap, I had an impression you were rebutting what Hans wrote where
in reality you both wrote about the same thing :)
(this is getting too off topic, EOT from me ;)
L.
More information about the Lazarus
mailing list