Announcement

Collapse
No announcement yet.

Lenovo on international security blacklist for firmware backdoors

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by SteveRiley View Post
    Next time I'm at an airport, I'm going to open a bunch of console windows, cat the entire Linux source tree in each of them, and then walk away from the computer for while to observe people's reactions
    You're going to end up like that damned security guard at the Atlanta Olympics. We'll be watching you on CNN Breaking News... "Hacker attempts to hijack and bring down Sea-Tac Airport. States it was a misunderstanding. Suspected ties with "Anonymous..."
    I do not personally use Kubuntu, but I'm the tech support for my daughter who does.

    Comment


      #17
      Originally posted by SteveRiley View Post
      Next time I'm at an airport, I'm going to open a bunch of console windows, cat the entire Linux source tree in each of them, and then walk away from the computer for while to observe people's reactions
      Worst idea ever, unless you like being _thoroughly_ searched by security guards? Lol
      samhobbs.co.uk

      Comment


        #18
        These people know something. I want full cavity searches. Everyone. Go deep on 'em.

        Please Read Me

        Comment


          #19
          *shudder*
          samhobbs.co.uk

          Comment


            #20
            Originally posted by Feathers McGraw View Post
            Worst idea ever, unless you like being _thoroughly_ searched by security guards? Lol
            Depends on what they're offering. If I get to choose my favorite color rubber glove, I might go for it

            Originally posted by tek_heretik View Post
            I build my own stuff, no spyrmware in mine, lol. ;-D
            Spyrmware, Tek? Ew........................

            Comment


              #21
              Originally posted by tek_heretik View Post
              I build my own stuff, no spyrmware in mine, lol. ;-D
              You wish.

              Ken Thompson described the debug code he wrote into the UNIX login code so that every time the code was compiled it would insert his secret login password. http://cm.bell-labs.com/who/ken/trust.html (Ken's paper is better described here.)

              The next step is to take the bugged binary and compile a C compiler source that has the bug in it. Then take that compiled binary and recompile the C compiler, without the backdoor source code in it, to produce a C compiler that compiles a backdoor into every UNIX login utility even though the source of both the C compiler AND the login utlility show no trace of hacked login code.

              There is a counter to that attack:http://www.acsa-admin.org/2005/abstracts/47.html

              However, consider that not only can one write an invisible back door into a C compiler, the C compiler rides on an OS that rides on firmware microcode. The same kind of backdoor can be added to a C compiler via the microcode. Just add the code to the microcode assembly source, compile it, etc.....

              Who has access to the microcode of the firmware and probably of the CPU microcode as well? Consider where most are made. I've come to the conclusion that there is no such thing as a secure computer, even IF you compile all software yourself from vetted code. But, while all computers have the same security risks below the OS lever, some operating systems are more secure than others at levels above the firmware. That's why I run Linux. Less likely to be hacked into by Joe Scriptkiddy.
              Last edited by GreyGeek; Dec 17, 2013, 03:39 PM.
              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.

              Comment


                #22
                Originally posted by GreyGeek View Post
                I've come to the conclusion that there is no such thing as a secure computer, even IF you compile all software yourself from vetted code.
                Alas, I completely agree. We're all basically gambling on trust, to one degree or another.

                Comment

                Working...
                X