Thread: Idle fun for net hackers..
View Single Post
  #127   Report Post  
Posted to uk.d-i-y
Andy Champ[_2_] Andy Champ[_2_] is offline
external usenet poster
  
Posts: 2,397
Default Idle fun for net hackers..
On 01/03/2012 14:50, The Natural Philosopher wrote:
Jules Richardson wrote:
On Thu, 01 Mar 2012 06:30:06 +1100, Rod Speed wrote:

Tim Watts wrote
The Natural Philosopher wrote
exactly, An undetectable change that results in no detectable activity
by anyone in the whole universe is not a security risk.
You may have a "potentially detectable" change, but for any practical
detection mechanism, I feel fairly safe in asserting that it could
potentially be hacked so as not to leave a trace *detectable by the
detection mechanism".
Doesnt matter if you are fairly certain or not, there are obvious
examples where that isnt possible. Most obviously with a full restore
from image using a machine that isnt even net accessible.

Technically, is it possible to re-flash a PC's BIOS from a binary
running with sufficient permissions under the host OS, such that
malicious code could potentially run undetected following reboot,
regardless of whether hard disk contents were restored from an image
on another system?


It is not clear that Linux uses the BIOS at all, except to boot..

I SUPPOSE the bios might write something to the disk during boot..


It's not necessary to write anything to the disc. You just have to
alter what it reads. Or for that matter, most discs these days can have
their own firmware altered...

I've never heard of it happening, but I'm curious whether it could in
theory be done.


Its sort of along the lines of 'well you have smashed down the front
door and all you are going to steal is a magazine?'

in other words, given that sort of access, you could find easier targets.

Obviously what you want to build is a daemon that doesn't show up in the
process table, either as a process or in terms of RAM used,... doesn't
get logged, whose internet accesses don't get recorded in the machines
ethernet statistics.. so its probably going to be a new ethernet
driver..oh, and it must have the same file length and checksum as the
proper one. And you must erase all entries in all logfiles relating to
your access to install it.

Most of that can be overcome. For example the file doesn't have to be
the same length, it merely needs to be reported as the same length. It
won't show up in the process table because it's intercepted the
"getNextProcess" call to leave itself out. Or whatever mechanisms your
OS uses.

Whilst all that is theoretically possible, I am not sure that I could
actually find a way to implement it, let alone install it. And YOU want
a boot ROM to do that?


It's vanishingly unlikely that anyone could do it. But that isn't ZERO
probability any more than the national debt is infinite.

Now then the risk that you could shoot off my kneecap without me
noticing? As has been said, it depends what else is going on. If you
cut my head off at the same moment I'm quite likely not to notice.

Now I'm sure beyond reasonable doubt that my machine is clean. I'm not
certain - the men in the black helicopters _could_have got to Intel and
AMD to make all the worlds processors misbehave just for me. (But I'm
not _that_ paranoid)

Now then: How many angels can dance on the head of a pin? This is a
similar question in a way - is the answer infinite, or some arbitrary
finite number?

Andy
Reply With QuoteReply With Quote