Re: Bios programming...

[Steve Kudlak <chromazine () sbcglobal net>]

Good God Orwell was right. I mean this is all about terrrorizing and 
theatening people. It's just evil. It would be just as easy for some 
adware person to accidentally cause something like this to happen for 
other less noble reasons. There are probably some pathes we shouldn't go 
down nor aid others in going down them.

Have Fun,
Sends Steve



Matt Marooney wrote:

> Hmm... That's all true... Especially the motivated user part :)
>
> I'm banking on the probability that most people don't even know what a
> BIOS is.  If they go to a site, and sign up for the service, after
> entering their info, and email recipients, they would be prompted to
> continue and download a small piece of software onto their computer.
> The user would be assured that the software would not interfere with
> their normal computer use (and it won't) and that's that.  They would
> have no idea how the program is working, or where the program resides.  
>
> This ignorance, should, IMHO, keep MOST people from figuring out how to
> remove it (except you and me and everyone else on this list ;))  
>
> I want to exploit the fact that they don't know which protocols are
> being monitored, so they will be afraid to try to get around it.
> Psychologically, the unknown will be more of a deterrent than anything
> else.   
>
> I know that I have had a bear of a time removing spyware in the past,
> maybe we can leverage that technology for good somehow.  
>
>
> -----Original Message-----
> From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
> Sent: Thursday, March 03, 2005 3:57 PM
> To: Matt Marooney
> Cc: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Bios programming... 
>
>
> On Thu, 03 Mar 2005 15:33:09 EST, Matt Marooney said:
>
>  
>
> > The intent of the BIOS portion of the program was just to have a small
> >    
>
>  
>
> > bit of code that checked for the existence of the main monitoring 
> > program on the disk, and if it was not there, reload it somehow.
> >
> > The main program would run from the disk, not the BIOS.
> >    
>
> Like I said - all it takes is a Knoppix disk to screw over most of these
> schemes - you can't even disable booting from CD and put a BIOS password
> on, because you have the following:
>
> 1) A motivated user
>
> 2) Unmonitored, unobserved physical access (if you don't, there's
> *bigger* problems in this scenario ;)
>
> 3) Somewhere in there, there's a jumper that will reset the BIOS
> password....
>
> There's really *NO* way to do this on today's commodity hardware in a
> way that will stop a user who knows it's there and has physical access.
> At best, you can do it in a way that will surprise an *unsuspecting*
> person (which is what most of these anti-theft beacon programs do - the
> only reason they work is because the guy who jacked the laptop probably
> doesn't realize the program is installed, and thus doesn't take
> precautions to stop it).
>
> The only way you can make this work is if you have hardware that
> includes something like the TPM chipsets from NatSemi or Atmel.
> Unfortunately, if your operating system contains enough support for the
> chipset to use it so the person at the keyboard can't subvert it, it
> will almost certainly use it *itself* to stop people from doing exactly
> the sort of code insertion you're trying to do.
>
> So you're *still* screwed. :)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html