quartertime - Slashdot User

Submission + - Why the NSA builds its own hardware 1

Submitted by quartertime on Friday October 29, 2010 @10:54AM

quartertime writes: Remember Reflections on Trusting Trust, the seminal paper describing how to hide a nearly undetectable backdoor inside the C compiler? A new piece describes how to hide a nearly undetectable backdoor in a PCI card. The mechanism is to install some code in the PCI expansion ROM, which is run as part of
BIOS initialization, which patches the BIOS to patch grub to patch the kernel to insert a remote backdoor. I wonder whether with China's dominance of the computer assembly industry, this method has already been used as part of their espionage efforts? This I think makes clear why the NSA has its own chip fabrication plant.

Submission + - Why the NSA builds its own hardware

Submitted by quartertime on Friday October 29, 2010 @01:09AM

quartertime writes: Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating from CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage? This perhaps explains why the NSA has its own chip fabrication plant.

Submission + - Why the NSA builds its own hardware

Submitted by quartertime on Friday October 29, 2010 @12:56AM

quartertime writes: Remember Reflections on Trusting Trust, the seminal paper describing how to hide a nearly undetectable backdoor in a compiler? Here's a piece about how to hide a nearly undetectable backdoor in hardware. One can install a backdoor in the expansion ROM of a PCI card, which patches the BIOS to patch grub to patch the kernel to grant the attacker remote root access. Even after the victim reinstalls the operating system from CD, the backdoor will still be there. Given that China builds much of the world's computer hardware, I wonder whether this sort of thing is already part of the Chinese espionage playbook?

Submission + - Analysis of a hardware backdoor (ksplice.com)

Submitted by Anonymous Coward on Wednesday October 27, 2010 @04:41PM

An anonymous reader writes: Remember Reflections on Trusting Trust? We know we can't trust our compilers, or our operating systems, or our userspace software. Now even our hardware might be out to get us. This post describes how to install a backdoor in the "expansion ROM" of a PCI card, which patches the BIOS to patch GRUB to patch the Linux kernel to give the controller remote root access. The upshot is that even if the compromise is detected and the victim reinstalls the operating from CD, the backdoor will still be there. Now you know why the NSA builds all its own hardware!

Submission + - What Do You Do With A Disruptive Discovery? 3

Submitted by jcohen on Wednesday October 27, 2010 @04:27PM

jcohen writes: Suppose that you've just discovered a way of making a computationally hard bit of math very, very easy. You've written out your proof, you've verified it, you've written code, and now, say, you're factorizing colossal primes at the rate of 1,000 per second. What's next? The consequences could be huge. How do you get another set of eyes on it to make sure that you're not just another crackpot, and that your results are right? Do you disclose your discovery? How? To whom? To your country's intelligence agency? To the public? What are the conceivable answers to these questions that would have the best consequences for you or for the world?

Submission + - Linux kernel exploit aggressively rooting machines (seclists.org)

Submitted by Anonymous Coward on Sunday September 19, 2010 @09:53PM

An anonymous reader writes: Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and "Ac1db1tch3z" (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a "rebootless" version of the patch.

Submission + - Second major hole in Linux being exploited in wild

Submitted by quartertime on Sunday September 19, 2010 @02:22AM

quartertime writes: CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel has been quite a doozy! The bug affects all 64-bit kernels going back to 2.6.26 (and was also backported into RHEL 5's 2.6.18 kernel) and wasn't fixed until last week — shortly before "Ac1db1tch3z" published code to let any local user become root. The exploit works on most versions of Red Hat, Debian and Ubuntu. Several vendors, including Ubuntu and Debian but not Red Hat, have rushed out new kernels to address this bug over the last 2 days. Red Hat's recommended workaround, it turns out, didn't actually close the hole — it just makes the published exploit not work. And Ac1db1tch3z's exploit is more malicious than your typical demo exploit: it leaves a backdoor behind for itself to exploit later even if the hole is patched. Hot-updates vendor Ksplice wrote a tool to see if your system has the backdoor installed (meaning you've been exploited) and has rushed out a "rebootless" patch to plug the hole in advance of Red Hat's own fix.

(Today's earlier article on the H-Online on CVE-2010-3301 incorrectly refers to the workaround Red Hat has recommended for CVE-2010-3081 as a workaround for CVE-2010-3301. The workaround is not effective for either vulnerability.)

Submission + - The many faces of 3G (ksplice.com)

Submitted by Anonymous Coward on Friday August 20, 2010 @01:14PM

An anonymous reader writes: Did you ever notice how each new generation of cell-phone tech gets branded "3G", and the previous thing is retroactively downgraded to some lesser number of G's? An MIT engineer explains why in this brilliant essay about "3G" in the last 10 years, showing how the cell carriers have kept offering it and swiping it away to sell more stuff. He cites numerous Cingular/AT&T and Sprint press releases showing how the companies have made "3G" into a brand name ideally suited for amnesiac consumers. Meanwhile, no cell carrier is foolish enough to sell you bottom-line throughput like an ISP in 1996 — you could actually hold them to that.

Submission + - Choose Your Own Sysadmin Adventure

Submitted by Anonymous Coward on Friday July 30, 2010 @11:36AM

An anonymous reader writes: In celebration of the 11th Annual Sysadmin Appreciation Day, startup Ksplice created a Choose Your Own Sysadmin Adventure game in which you face server migrations, Win32 registry, and malware while trying to get home to play Starcraft II. I spent a good hour celebrating this holiday by reading it.

Submission + - Today is System Administrator Appreciation Day (sysadminday.com)

Submitted by ArbiterOne on Friday July 30, 2010 @12:09AM

ArbiterOne writes: The 11th Annual System Administrator Appreciation Day is today. Celebrated worldwide on the last Friday of July, this holiday honors those who fight in the digital trenches to keep the 'Net alive.

OpenDNS offers a way to remind your boss about the holiday, while another blogger shares war stories. The startup Ksplice created an homage to these heroes... in the style of Choose Your Own Adventure.

How are you celebrating Sysadmin Day?

Submission + - Traceroute in 40 lines of Python (ksplice.com)

Submitted by Anonymous Coward on Thursday July 29, 2010 @05:42PM

An anonymous reader writes: From the school of learning-by-doing comes a neat little step-by-step walk-through of making a simple implementation of the UNIX Traceroute command in about 40 lines of Python. I never knew it was so simple to write!

Submission + - Source Diving for Sysadmins (ksplice.com)

Submitted by Anonymous Coward on Thursday July 15, 2010 @01:19PM

An anonymous reader writes: Developers think sysadmins don't know how to debug. Screw them: here are 7 tips for source diving as a sysadmin.

Submission + - Writing filesystems now as easy as Web apps (reddit.com)

Submitted by Anonymous Coward on Thursday July 08, 2010 @02:45PM

An anonymous reader writes: Remember the old days of writing Web apps, when you had to parse the CGI arguments separately, do all the safety checks yourself and implement everything manually? Neither do I, but it looks like all the cool stuff from Web apps is making its way to writing filesystems. This guy shows how to writing an entire Linux filesystem in 50 lines of Python using "dispatch" techniques totally stolen from Ruby on Rails. Are we ready to give up the Web and go back to just using the filesystem for everything, the way Unix intended?

Security Vulnerability Bingo 21

Posted by samzenpus on Friday July 02, 2010 @02:28PM from the fun-and-games dept.

An anonymous reader writes "Ben Bitdiddle of MIT fame sends an open letter to system administrators encouraging them to stop patching their systems so they can play 'Security Vulnerability Bingo.'"

Submission + - Let's Play Security Vulnerability Bingo! (ksplice.com)

Submitted by Anonymous Coward on Thursday July 01, 2010 @01:19PM

An anonymous reader writes: Ben Bitdiddle of MIT fame sends an open letter to system administrators encouraging them to stop patching their systems so they can play "Security Vulnerability Bingo".

Slashdot Top Deals