Language Selection

English French German Italian Portuguese Spanish

Do you need to worry about the new /dev/mem rootkit problem?

Filed under
Security

A new paper was presented in late March about using /dev/mem to inject and hide a rootkit (PDF), and the method has been getting some press, leading to a little concern. The first thing that you should understand is that this class of attack has been used before. We know how to protect against it.

If you read the paper, you'll find out two things:

1. We need a way to write to /dev/mem as a regular user, and
2. There's a kernel config which protects against this mechanism.

rest here




More in Tux Machines

Security: Trezor, Kaspersky and Secure [sic] Enclave Processor

Android Leftovers

Linux-loving lecturer 'lost' email, was actually confused by Outlook

ON-CALL Friday means a few things at El Reg: a new BOFH. A couple of beers. And another instalment of On-Call, our weekly column in which we take reader-contributed tales of being asked to do horrible things for horrible people, scrub them up and hope you click. This week, meet “Newt” who a dozen or more years ago worked at a College that “decided to migrate from a Linux system to Microsoft Outlook with an Exchange back end.” Read more

Looks Like Debian GNU/Linux Runs on Quite a Few Mobile Devices, Including Pyra

Debian Project's W. Martin Borgert reports today that work on making the famous and widely-used Debian GNU/Linux operating system run on various mobile devices continues these days. Read more