On 09/11/2013 05:42 AM, Rudolf Leitgeb wrote: >> Second, low hanging fruit. > Contrary to what some hysterical reports may claim, and some violations > of rules aside, NSA is mostly after bad guys, some of which know quite > well what they are doing. These bad guys will not necessarily be kind > enough to present NSA with unpatched Windows desktops. > >> why bother with us ? people are most generally NOT careful. So, hey, >> what if you can't break in OpenBSD ? > This is not a marketing operation run by NSA which can claim success if > they catch the 90% dumbest. Quite to the contrary, they should be most > interested in the most sophisticated ones, and why wouldn't bad guys > use OpenBSD if they had the impression it was more secure? > > > As I have mentioned before: what good is perfect security in an OS if you > have no control over the hardware? Put some back doors into the CPU or the > networking hardware and OpenSSH will fall. There is really no point in > trying to outwit three letter agencies with our laptops. Disk drives are (presumably) trivial to take over. They have firmware and mechanisms to use alternate physical blocks for a given logical block.
Scenario: Reset - request for block 0 within a timeout window - substitute alternate boot record & subsequent interesting code. Modern drives contain enough spare sectors to have acomplete software universe hidden in them. no reset or timeout - request for block 0 -return "good" data Very hard to detect without a reasonably high level of suspicion and a properly set up test jig. The conditions for substituting "interesting" data could be made arbitrarily complexand/or sophisticated, including scanning data read and written for patterns. Almost anything with microcodeor firmware can be subverted with very few traces. That means network interfaces, CPUs, disk controllers, USB interfaces, ..... Oh yes - cars & trucks. Geoff Steckel
