Date: Fri, 20 Feb 2015 20:26:35 -0500 From: grarpamp <grarpamp@gmail.com> To: freebsd-security@freebsd.org Subject: Re: [Cryptography] trojans in the firmware Message-ID: <CAD2Ti2_CFB7JmJ1a%2B5XYjeRL6qASTN6w_FHam2v9xwT3VGtdDQ@mail.gmail.com> In-Reply-To: <CAD2Ti2_cA4Uzkdvt6fS176K0KXmh1Jgb0jdHCLm1Rg10z0a-nQ@mail.gmail.com> References: <E1YNSQU-0004pW-Oh@elasmtp-kukur.atl.sa.earthlink.net> <E3B30770-BB81-47F1-895D-14CF7FCFC0BE@lrw.com> <54E2B04C.9080707@av8n.com> <E1YNuOT-0004uN-CV@elasmtp-mealy.atl.sa.earthlink.net> <54E436FB.9000709@deadhat.com> <CAAMy4USCzQDO=k3yhZ_LVb4ivz4k5qTCasm3KCen%2By1yi8oa%2Bw@mail.gmail.com> <CAD2Ti29bD6f7tTq=FgGQDXD43C%2BzTW0fOWYrbCeTCBmiu0bBqA@mail.gmail.com> <E1YOGNA-0004BG-UT@elasmtp-banded.atl.sa.earthlink.net> <E1YOTjj-0004uI-59@elasmtp-mealy.atl.sa.earthlink.net> <A8BD647B-0156-4DA5-94F7-CF6EF4756044@lrw.com> <CAD2Ti2_cA4Uzkdvt6fS176K0KXmh1Jgb0jdHCLm1Rg10z0a-nQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
These were the links I was referring to that never made it past moderation/spam... > Alfred Hegemeier <molybdanstahl-hh@yahoo.co.uk> saith: > just encrypt the whole hard drive with Geli. GELI works under your control for what you store on the drive, and you can even enable the AES encryption feature of the drive itself as a no cost to performance extra freebie underneath that. However since the raw device interface is still accessible, neither of them do anything to block firmware updates. > Karl Denninger <karl@denninger.net> saith: > 1. The BIOS (which reads the boot sector) has not been compromised. > 2. Once the drive code has been tampered with These cases were addressed earlier... " Obviously. This is only meant to help protect clean systems, or prevent subsequent malicious commands if they happen to go through a user to firmware path that has for some reason not yet been compromised (say through the usual /dev to driver to hardware path). In all cases, having the logging capability for non production opcodes without having to postfilter them out of some debugging stream would be nice. Obviously again caveat parts of the system that have not been compromised. " > how many of these attacks are going to be loaded into your machine > through a _*running*_ modern BSD-style system? These for starters, then all the public hacker malware versions of the same thing both extant and coming... https://www.schneier.com/blog/archives/2014/01/iratemonk_nsa_e.html http://leaksource.files.wordpress.com/2013/12/nsa-ant-iratemonk.jpg https://www.schneier.com/blog/archives/2014/02/swap_nsa_exploi.html http://leaksource.files.wordpress.com/2013/12/nsa-ant-swap.jpg http://leaksource.files.wordpress.com/2013/12/nsa-ant-sierramontana.jpg http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf > I suspect the answer is > "few" and a false sense of security is worse than none at all. Defense in depth is not a false defense, even when thrown at the few. Given a clean system, the ability to block these opcodes would seem defensive.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_CFB7JmJ1a%2B5XYjeRL6qASTN6w_FHam2v9xwT3VGtdDQ>