Optical media (CD, DVD, Blue-ray) are immune to EMPs. Just make a backup of the books on CD. If all computers in the world are EMPed up, you have worst problems than losing books.
If you don't reboot that means you didn't patched the kernel (Seriously, how many of you uses ksplice?) If you didn't patch the kernel you have security vulnerabilities. If you have security vulnerabilities, you can be pwnd.
Isn't scary that I can know remotely your uptime and then I know exactly which exploit use against you? Go ahead, brag about your uptime all that you want, but it is not a good thing.
I'm sure people are familar with LoJack for Laptops, where either due to a hook in BIOS (Dells and HPs have an option that will reinstall the LoJack software even if the BIOS is reflashed and all disks are zapped) or other means it gets loaded.
It's not a hook, LoJack comes with every BIOS. That's why it survives reflashing, you don't have the option of a BIOS without it. I co-wrote some article about this not long ago.
How to fix? The obvious fix would be signing the flash BIOS, but this completely locks out homebrewers wanting to do something different. Another fix would be having the flash process be offline, such as only though a USB port with a usb flash drive. However, NICs won't have USB ports present. Still another possible avenue would be a slot for a MicroSD card, but that adds complexity to the device. So, this isn't something easy to deal with. The only thing that might come close would be a DIP switch toggle to allow for unsigned images to be flashed (which is shipped off), and all updates signed.
None of this would work. Maybe it will make it more difficult, but can't protect you against a logical flaw in the firmware that allows you to execute code. Firmware is like any other software, what happens if you sign code that executes any code? then all code is automatically "signed".
The solution IMHO is complex, expensive and involves signing+software protections in the NIC and in the OS (I.E. iommu, etc.) and WILL fail with a sufficiently resourceful attacker.
I'm one of the affected million and I will have to change ISPs. Fibertel used to throttle youtube all the time, but apart from that the service was good, if a little expensive. They are part of a huge news-controlling monopoly, broke the law, and they got what they deserve. There are many choices of broadband internet over here, so I basically don't give a sh*t.
When you are writing malware and scanning IP ports, it doesn't matter that there are many millions MACs, all those IPs will be PCs.
Back in the day, there were a 15% possibility that you will randomly hit a MAC, it's about 1% now, that's why there is no malware for Macs. It's the same than in biology. Vaccines don't protect 100% population, they only immunize about 80%, and that's enough to isolate viruses, as only a few victims will be vulnerable to them.
You really think someone submitted this news to Slashdot and then got accepted?
Do your research. This is a press-release from Businesswire, a news agency.
It's like this: You want people to pay attention to your "news", you pay a PR agency u$s 5000 to u$s 10000 and they send your "news" to their buddies at Reuters, Asocciated Press or Businesswire.
All newspapers, TVs (And reporters like kdawson) are subscribed to this news "collectors" and they pick up the news they want. It has been like this for years.
the BIOS ceases running as soon as Windows starts booting.
Nothing further than the truth. BIOS stays resident and executes all the time in the form of SMM (System managament mode). It's used *specially* in power managament rutines.
How do you think that a USB keyboard works in DOS whitout USB drivers? is the SMM BIOS doing the conversion.
Yeah, you think that when you run Linux or BSD you ar in complete control of the machine and no propietary code runs? NO. RTFM.
I have an X1600. The method in that site don't work, the only way to get some powersaving in ATI cards is with their propietary driver, I used to go from 30 watts to 20 watts easy with power saving, but ATI sadly don't support my card any more and I'm stuck with the free drivers, at >30 Watts:\
With respect to the kernel...My X60 consumes 7 watts with windows and more than 13 with linux, that's sucks IMHO
Acer also have computrace, in fact it has the newer version, probably more secure. In fact, some Sony models also have it. Look for "ABSOLUTE" in a dmidecode dump. I think that most Netbooks don't have it, bot we don't have every notebook model to check.
Is disabled, yes. How do you know that? did you read the source? it's closed. If you want to have software that can remotely erase or read your data in your notebook, is up to you to trust Intel or Absolute.
Disabling it in the BIOS don't work.
Don't miss interpret us, they have a useful product. But it must be a little more secure, and *optional*.
For my first job interview, many years ago, I had to do a programming exercise (A graphical delphi app) on a borrowed computer in a *room full of girls drinking*.
Adamo has a ULV processor, SU9300 according google, while Macbook air is a LV processor. The difference is in power consumption. LV thermal design is 15 Watts max, while ULV is 5 watts max. That helps with the battery but the most bigger difference IMHO is the heat. ULV processors runs *cool* even at 100% while LV processors, while cooler than normal processors, put a fairy quantity of heat directly on your hands, and that sucks. I know by experience that the ULV processor of the lenovo X200 is dead cool, while the LV of my X60 get hot sometimes. But ULV is slower, yes.
I can't beleive how nobody on slashdot got this right. A guy even removed the WE pins on the Flash chip. What a stupid, you need to connect it to VCC!! I think this is a sign that a proper paper is required, as our slides can't be used to infer any reliable information of the talk.
To be fair countries that have lower wages also have lower costs of living so it balances out.
Bullshit. I live in Argentina, and work as a software Engineer. My salary is normal for my profession, about 1/4 of a US salary. Houses and cars are often 10% to 20% *more* expensive here than in the US. As a result, myself and most of my coworkers with 10 years of experience don't own a car or a house. I'm starving? far from it, but balances out my ass.
Even if I'm very underpaid. But I know that this profession is not a good future investment. You mind got somewhat tainted: Some ex-coworkers have been fired from programming works because they can't stop pointing at security bugs in people's work. You would think that they will be glad that you are helping, but in fact, people get mad at you.
Slashdot Mirror
It's a cool trick but I don't see the point. Proving you can dissassemble-reassemble a game system?
I think that's the idea, to stop developers from relying on version # and start coding to standards.
Optical media (CD, DVD, Blue-ray) are immune to EMPs. Just make a backup of the books on CD. If all computers in the world are EMPed up, you have worst problems than losing books.
You have linux? There is a directory /dev/shm, it's exactly what you describe. Variable size RAM disk, always activated and available.
Is to use what is know as a "web browser" to quickly surf the "internet"
If you don't reboot that means you didn't patched the kernel (Seriously, how many of you uses ksplice?) If you didn't patch the kernel you have security vulnerabilities. If you have security vulnerabilities, you can be pwnd.
Isn't scary that I can know remotely your uptime and then I know exactly which exploit use against you? Go ahead, brag about your uptime all that you want, but it is not a good thing.
I'm sure people are familar with LoJack for Laptops, where either due to a hook in BIOS (Dells and HPs have an option that will reinstall the LoJack software even if the BIOS is reflashed and all disks are zapped) or other means it gets loaded.
It's not a hook, LoJack comes with every BIOS. That's why it survives reflashing, you don't have the option of a BIOS without it. I co-wrote some article about this not long ago.
How to fix? The obvious fix would be signing the flash BIOS, but this completely locks out homebrewers wanting to do something different. Another fix would be having the flash process be offline, such as only though a USB port with a usb flash drive. However, NICs won't have USB ports present. Still another possible avenue would be a slot for a MicroSD card, but that adds complexity to the device. So, this isn't something easy to deal with. The only thing that might come close would be a DIP switch toggle to allow for unsigned images to be flashed (which is shipped off), and all updates signed.
None of this would work. Maybe it will make it more difficult, but can't protect you against a logical flaw in the firmware that allows you to execute code. Firmware is like any other software, what happens if you sign code that executes any code? then all code is automatically "signed".
The solution IMHO is complex, expensive and involves signing+software protections in the NIC and in the OS (I.E. iommu, etc.) and WILL fail with a sufficiently resourceful attacker.
BTW, awesome work.
I'm one of the affected million and I will have to change ISPs. Fibertel used to throttle youtube all the time, but apart from that the service was good, if a little expensive. They are part of a huge news-controlling monopoly, broke the law, and they got what they deserve. There are many choices of broadband internet over here, so I basically don't give a sh*t.
When you are writing malware and scanning IP ports, it doesn't matter that there are many millions MACs, all those IPs will be PCs.
Back in the day, there were a 15% possibility that you will randomly hit a MAC, it's about 1% now, that's why there is no malware for Macs. It's the same than in biology. Vaccines don't protect 100% population, they only immunize about 80%, and that's enough to isolate viruses, as only a few victims will be vulnerable to them.
You really think someone submitted this news to Slashdot and then got accepted?
Do your research. This is a press-release from Businesswire, a news agency.
It's like this: You want people to pay attention to your "news", you pay a PR agency u$s 5000 to u$s 10000 and they send your "news" to their buddies at Reuters, Asocciated Press or Businesswire.
All newspapers, TVs (And reporters like kdawson) are subscribed to this news "collectors" and they pick up the news they want. It has been like this for years.
This is a paid advertisement. Open your eyes.
Awesome aurelianito, thanks for the clarification!
And thanks to Nico too!
Why you can't mount the BeagleBoard on the back of an LCD? it comes with a very nice acrylic case, you know.
The study uses the assumption that LEDs last 2.5 times as long as LEDs, and 25 times longer than incandescents.
Error: Stack overflow.
Sun basically bought apt-get when it hired the guy that created it. Now it's integrated in OpenSolaris.
Nothing further than the truth. BIOS stays resident and executes all the time in the form of SMM (System managament mode). It's used *specially* in power managament rutines.
How do you think that a USB keyboard works in DOS whitout USB drivers? is the SMM BIOS doing the conversion.
Yeah, you think that when you run Linux or BSD you ar in complete control of the machine and no propietary code runs? NO. RTFM.
I have an X1600. The method in that site don't work, the only way to get some powersaving in ATI cards is with their propietary driver, I used to go from 30 watts to 20 watts easy with power saving, but ATI sadly don't support my card any more and I'm stuck with the free drivers, at >30 Watts :\
With respect to the kernel...My X60 consumes 7 watts with windows and more than 13 with linux, that's sucks IMHO
Google is your friend,
http://www.absolute.com/company/pressroom/news/2009/06/Absolute-Acer-IntelAT
Acer also have computrace, in fact it has the newer version, probably more secure. In fact, some Sony models also have it. Look for "ABSOLUTE" in a dmidecode dump. I think that most Netbooks don't have it, bot we don't have every notebook model to check.
Is disabled, yes. How do you know that? did you read the source? it's closed. If you want to have software that can remotely erase or read your data in your notebook, is up to you to trust Intel or Absolute.
Disabling it in the BIOS don't work.
Don't miss interpret us, they have a useful product. But it must be a little more secure, and *optional*.
Please read the paper. The configuration is saved in NVRAM and there are many ways to reverse it. We even found a software-only way.
Never say never.
I know it's hard to believe. When doing our research (I'm Alfredo, hi!) we couldn't find a notebook *without* the Computrace agent. It's bad.
For my first job interview, many years ago, I had to do a programming exercise (A graphical delphi app) on a borrowed computer in a *room full of girls drinking*.
Now, tell me if that isn't difficult.
PS. I got the job :)
... but you are not a computer wizard either.
Adamo has a ULV processor, SU9300 according google, while Macbook air is a LV processor.
The difference is in power consumption. LV thermal design is 15 Watts max, while ULV is 5 watts max.
That helps with the battery but the most bigger difference IMHO is the heat. ULV processors runs *cool* even at 100% while LV processors, while cooler than normal processors, put a fairy quantity of heat directly on your hands, and that sucks. I know by experience that the ULV processor of the lenovo X200 is dead cool, while the LV of my X60 get hot sometimes. But ULV is slower, yes.
I can't beleive how nobody on slashdot got this right.
A guy even removed the WE pins on the Flash chip. What a stupid, you need to connect it to VCC!!
I think this is a sign that a proper paper is required, as our slides can't be used to infer any reliable information of the talk.
The real problems are buffers overflows caused by the insecure C string librarAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA PWNED! DISREGARD THAT LOL
To be fair countries that have lower wages also have lower costs of living so it balances out.
Bullshit. I live in Argentina, and work as a software Engineer. My salary is normal for my profession, about 1/4 of a US salary. Houses and cars are often 10% to 20% *more* expensive here than in the US. As a result, myself and most of my coworkers with 10 years of experience don't own a car or a house. I'm starving? far from it, but balances out my ass.
Even if I'm very underpaid. But I know that this profession is not a good future investment. You mind got somewhat tainted: Some ex-coworkers have been fired from programming works because they can't stop pointing at security bugs in people's work.
You would think that they will be glad that you are helping, but in fact, people get mad at you.