Originally posted by SteveRiley
View Post
Announcement
Collapse
No announcement yet.
Lenovo on international security blacklist for firmware backdoors
Collapse
This topic is closed.
X
X
-
Originally posted by SteveRiley View PostNext time I'm at an airport, I'm going to open a bunch of console windows, cat the entire Linux source tree in each of them, and then walk away from the computer for while to observe people's reactions
- Top
- Bottom
Comment
-
These people know something. I want full cavity searches. Everyone. Go deep on 'em.
- Top
- Bottom
Comment
-
Pan-Galactic QuordlepleenSo Long, and Thanks for All the Fish
- Jul 2011
- 9524
- Seattle, WA, USA
- Send PM
Originally posted by Feathers McGraw View PostWorst idea ever, unless you like being _thoroughly_ searched by security guards? Lol
Originally posted by tek_heretik View PostI build my own stuff, no spyrmware in mine, lol. ;-D
- Top
- Bottom
Comment
-
Originally posted by tek_heretik View PostI build my own stuff, no spyrmware in mine, lol. ;-D
Ken Thompson described the debug code he wrote into the UNIX login code so that every time the code was compiled it would insert his secret login password. http://cm.bell-labs.com/who/ken/trust.html (Ken's paper is better described here.)
The next step is to take the bugged binary and compile a C compiler source that has the bug in it. Then take that compiled binary and recompile the C compiler, without the backdoor source code in it, to produce a C compiler that compiles a backdoor into every UNIX login utility even though the source of both the C compiler AND the login utlility show no trace of hacked login code.
There is a counter to that attack:http://www.acsa-admin.org/2005/abstracts/47.html
However, consider that not only can one write an invisible back door into a C compiler, the C compiler rides on an OS that rides on firmware microcode. The same kind of backdoor can be added to a C compiler via the microcode. Just add the code to the microcode assembly source, compile it, etc.....
Who has access to the microcode of the firmware and probably of the CPU microcode as well? Consider where most are made. I've come to the conclusion that there is no such thing as a secure computer, even IF you compile all software yourself from vetted code. But, while all computers have the same security risks below the OS lever, some operating systems are more secure than others at levels above the firmware. That's why I run Linux. Less likely to be hacked into by Joe Scriptkiddy.Last edited by GreyGeek; Dec 17, 2013, 03:39 PM."A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.
- Top
- Bottom
Comment
-
Pan-Galactic QuordlepleenSo Long, and Thanks for All the Fish
- Jul 2011
- 9524
- Seattle, WA, USA
- Send PM
Comment