On Tue, Feb 17, 2015 at 9:28 AM, Russell Senior <russ...@personaltelco.net> wrote:
> >>>>> "Michael" == Michael Rasmussen <mich...@jamhome.us> writes: > > Michael> Or so reports Kaspersky. > Michael> > http://www.thestar.com/business/2015/02/17/us-can-permanently-spy-on-sabotage-foreign-computers-kaspersky-lab-report-says.html > > One thing the articles about this problem keep saying and which doesn't > make complete sense is that "this infection is immune to removal". > There is a method to get the infection into spare sectors and into > firmware, which seems to me to mean that there *is* a way to see those > raw sectors and/or firmware in a such a way as to a) see what's there; > and b) remodify the firmware. > > It might be that if you are dependent on the firmware to inspect or > replace the firmware, then the infected firmware could just lie to you > in order to hide itself. In which case, these devices really need to > have some offline way of inspecting their flash sufficient to generate > dumps and checksums to verify they are running what you think they are > running. > > What tools currently exist on linux to inspect the hard disk firmware? > I recall updating some hard disk firmware (several years ago), but > perhaps using a vendor supplied freedos-based software kit. > > > Also you would think that anything headed for that special area of the disk would have some sort of signature that could be searched for before it got sent to the mysterious firmware. Bill Barry _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
