As you may have noticed, phrack #65 is out.
Those who already have read it may have seen an interesting article about a new rootkit technique (which they say has been out for 8 years already, "on the wild")
This technique relies on the Intel debug registers
You can read the full article ("Mystifying the debugger for ultimate stealthness") here:
Since phrack.org seems to be down ATM, you can download the .tgzed issue from my website:
I've seen that grsecurity already did put efforts in rootkit prevention, such as the /dev/[k]mem RO support
I wonder if it's the case that we put some effort against this too, since it seems to be something serious.
I wait for your opinions...