Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:uh - by design? (Score 1) 163

by megabeck42 (#48667083) Attached to: Thunderbolt Rootkit Vector

I agree. I call bullshit.

What he describes is plausible, especially if the flash is socketed. But, not bloody likely. Considering that this malware would have to add itself to the existing flash image as an option rom or by infecting and rewriting part of the bios code and then writing that back to the rom.. Unless this was a targeted attack, the malware author would have to work out logic for each one of the major base BIOSes in use - phoenix, award, dell, lenovo, etc to be able to infect them. This is ignoring lots of machines which prevent either prevent rewriting the flash without physical access or require the new system image to be signed. Also, keep in mind that testing this ahead of time is rather difficult given the wide range of different BIOSes on different motherboards, etc. any unexpected bug could render an infected machine unbootable. So, hell of a lot of work for the malware/virus author with quite a lot of risk for failure.. especially when there's a lot of lower hanging fruit.

I don't doubt that it's happened to someone out there.

Also, I do believe this is one of the scenarios Intel TXT is for.

Comment: Re:Open SSL (Score 0, Offtopic) 351

by megabeck42 (#46701903) Attached to: Isolated Tribes Die Shortly After We Meet Them
Are you new here? I'm surprised he isn't citing a petrified Natalie Portman covered in grits and vetted by the GNAA. "Netcraft confirms X" is an old, old, late 90s slashdot comment "joke." Granted, it's as funny as those forwarded email I get from my aunt; but it's the thought that counts, right?

+ - WebM support on 4chan ->

Submitted by Anonymous Coward
An anonymous reader writes "Today we added support for WebM files on 4chan’s image boards.

While WebM is technically a video file format, it offers many advantages over animated GIFs—namely superior image quality, support for more than 256 colors, and reduced file size. Its main disadvantage is browser compatibility, however 86% of 4chan’s visits come from browsers that include full or partial support for WebM, and plug-ins are available for those that don’t (like Internet Explorer and Safari)."

Link to Original Source

+ - Fifty Years Ago IBM 'Bet the Company' on the 360 Series Mainframe

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com (2995471) writes "Those of us of a certain age remember well the breakthrough that the IBM 360 series mainframes represented when it was unveiled fifty years ago on 7 April 1964. Now Mark Ward reports at BBC that the first System 360 mainframe marked a break with all general purpose computers that came before because it was possible to upgrade the processors but still keep using the same code and peripherals from earlier models. "Before System 360 arrived, businesses bought a computer, wrote programs for it and then when it got too old or slow they threw it away and started again from scratch," says Barry Heptonstall. IBM bet the company when they developed the 360 series. At the time IBM had a huge array of conflicting and incompatible lines of computers, and this was the case with the computer industry in general at the time, it was largely a custom or small scale design and production industry, but IBM was such a large company and the problems of this was getting obvious: When upgrading from one of the smaller series of IBM computers to a larger one, the effort in doing that transition was so big so you might as well go for a competing product from the "BUNCH" (Burroughs, Univac, NCR, CDC and Honeywell). Fred Brooks managed the development of IBM's System/360 family of computers and the OS/360 software support package and based his software classic "The Mythical Man-Month" on his observation that "adding manpower to a late software project makes it later." The S/360 was also the first computer to use microcode to implement many of its machine instructions, as opposed to having all of its machine instructions hard-wired into its circuitry. Despite their age, mainframes are still in wide use today and are behind many of the big information systems that keep the modern world humming handling such things as airline reservations, cash machine withdrawals and credit card payments. "We don't see mainframes as legacy technology," says Charlie Ewen. "They are resilient, robust and are very cost-effective for some of the work we do.""

Comment: Re:No contract, wifi-only (Score 1) 126

by megabeck42 (#46488397) Attached to: Replicant OS Developers Find Backdoor In Samsung Galaxy Devices
If you're the same anonymous coward, then I am flattered that you returned to check your post for my reply.

> And pardon me, but could you explain to me what the need is for a(n undocumented!) way to gain access to "certain files" on a phone by a remote person ? As far as I can tell there is nothing on a phone a remote person should have access to without the explicit say-so of the owner.

Sweet jesus. The system is not an undocumented way to allow a reomte, third party unauthenticated arbitrary access to your data. It's a system used to allow the modem firmware running on a separate DSP core to save and recall information. Yes, there exists a <b>possibility</b> that a flaw in the modem firmware could allow a third party to command the modem to make IPC requests to the device's host processor to read information and then, potentially, transmit it back. There is no evidence to suggest that such a flaw exists.

> You mean to say that as they all have got similar backdoors (do they ?) its OK ? Strange reasoning ...

No I don't mean to say all have any backdoors; a backdoor is a camouflaged or otherwise hidden system installed to circumvent access restrictions. This is niether camouflaged nor hidden. It's purpose is not to circumvent access controls. It is not a backdoor.

> Bottom line: A phone which has got RPC file-IO calls from the cellular into the smart part of the phone is at least questionable.

Questionable? Yes, of course. But do not attribute to malice what is adequately explained as incompetence.

Comment: Re:OTA updates (Score 1) 126

by megabeck42 (#46475925) Attached to: Replicant OS Developers Find Backdoor In Samsung Galaxy Devices

I'm replying again because it occurred to me. to check the dictionary.

A backdoor is an indirect and devious system conceived for the purpose of allowing access to resources by circumventing security protections.

This is not. This is a set of IPC requests an "API" to allow the modem firmware to store non-volatile information in a specific location of the host phone's filesystem.

You're absolutely right that a backdoor is a backdoor; however, this is not a backdoor. If they'd really meant to introduce backdoors, don't you think they'd have made even a trivial effort to hide or obfuscate it? For example, D-Link's special request header “xmlset_roodkcableoj28840ybtide” that would bypass the web admin authentication. That's a backdoor. Minterpreting wrappers for read() and write() is not.

Comment: Re:No contract, wifi-only (Score 1) 126

by megabeck42 (#46475811) Attached to: Replicant OS Developers Find Backdoor In Samsung Galaxy Devices

I do believe you missed the point of my comment entirely. These IPC requests for doing file I/O are there to allow the to read and write to a small subset of files constrained to a specific portion of directory hierarchy.

Yes, the modem could potentially read other files - limited by unix access controls, but it cannot read nor write from arbitrary files.

> Maybe you're right and it should be called "criminal negligence" instead.

I was growing the impression you'd authored a post with value worth contributing to the discussion until I noticed this statement. I thank you for announcing your ignorance so clearly.

Want to prevent people from destroying/modifying your IMEI using a yet-unknown-and-incredibly-unlikely-but-still-technically-possible hypothetical remote privilege escalation? Use the chmod(1) command with the argument 640 to remove the group write permissions.

Really, how is this unlike any other phone that has a cellmodem with firmware and nvram?

If you really wanted to limit what files the rild could interact with on behalf of the modem, a trivial bind mount and chroot( ) would suffice.

Comment: Re:OTA updates (Score 1) 126

by megabeck42 (#46475563) Attached to: Replicant OS Developers Find Backdoor In Samsung Galaxy Devices

Unfortunately, the daemon that opens, reads, and writes files on behalf of the modem, is running as a specific unprivileged user, radio (uid 1001 on my phone.) It could only wipe out the information I have in /efs and a few specific files in /data. Nothing bars it from triggering some other system/daemon/process responsible for more thorough wiping of data.

Comment: Re:No contract, wifi-only (Score 3, Informative) 126

by megabeck42 (#46469857) Attached to: Replicant OS Developers Find Backdoor In Samsung Galaxy Devices

Two things, "Even Ham radio operators?" When did they become the retards of the RF world - I thought that title belonged to CB'ers? Honestly, hams are not interested in your phone.

While, yes, technically anyone can communicate with your modem; anyone can communicate with your wifi card or your bluetooth adapter as well. And it would appear that the samsung radio interface IPC layer at least has a modicum less access to the entirety of your device than your wifi driver - which is in the kernel. People have, in the past, exploited mistakes in wifi drivers and wifi card firmware to remote exploit via wifi. (*: The specific instance I remember, was with an old intel 802.11b/g card and specially crafted management frames which could be trivially spoofed and didn't need to be encrypted to be accepted by the wireless card. The proof of concept was able to issue busmaster DMA read/writes which, ostensibly, would allow rewriting arbitrary kernel ram, etc.)

Across the scope of samsung phones I was able to check (ok, two of them), the radio interface, the android host side of this communications channel, runs as uid 1001 (radio). As far as my cursory inspection revealed, meant that the radio/modem can read/write the files in /efs and only read a number of other places, such as /sdcard. Granted, /sdcard contains a lot of your personal data. My point is that, in this case, a compromised modem is still less privileged than a compromised android service or, worse, compromised driver/kernel. Also, given that these IPC instructions are used for reading/writing modem "nvram" data such as the handset IMEI, to describe them as a "backdoor" is horribly inappropriate.

So, yeah, as you said, "huge technological challenge." Agreed. But, the idea that a data modem may be exploitable is by no means new.

Real Users find the one combination of bizarre input values that shuts down the system for days.