«

"This is the scariest, stealthiest, and most dangerous exploit I've
seen come around since the legendary Blue Pill! No, I'm not just
trying to sensationalize this or spread fear, uncertainty and doubt.
This is serious and represents a massive new security threat for us
all."

Kind of a panic post huh?

Just my luck I have an Intel Chip.

The exploit
http://www.networkworld.com/community/node/39825
How it works
http://blogs.techrepublic.com.com/security/?p=1130
Slashdot article
http://it.slashdot.org/article.pl?sid=09/03/19/179228


--

NYC Sitcom Map
http://23.media.tumblr.com/IwM8PIQ02...yo1_r1_500.png

wrote in
news::

>
> "This is the scariest, stealthiest, and most dangerous exploit I've
> seen come around since the legendary Blue Pill! No, I'm not just
> trying to sensationalize this or spread fear, uncertainty and doubt.
> This is serious and represents a massive new security threat for us
> all."
>
> Kind of a panic post huh?
>
> Just my luck I have an Intel Chip.
>
> The exploit
> http://www.networkworld.com/community/node/39825
> How it works
> http://blogs.techrepublic.com.com/security/?p=1130
> Slashdot article
> http://it.slashdot.org/article.pl?sid=09/03/19/179228
>
For article #1:

Big deal. It's called a hardware interrupt. *If* as he claims it happened in
386's, that's the *only* possibility. Of course the possibility that he's
commenting on something he neither understands nor knows *anything* about
- pointed to by his complete lack of details - is a strong possibility.


Apparently he *doesn't* know ****:

http://www.rcollins.org/ddj/Jan97/Jan97.html

For Article #2:

SMM exists in processors from the 386 onward. It's a physical *pin* on the chip
itself which is not unlike a hardware interrupt pin on earlier processors. That is
hardware *physically* on the motherboard sends a pulse to this pin telling the
computer it needs something done.


Finally in article #3 they actually *mention* and give a bloodly link to the article.

http://invisiblethingslab.com/itl/Resources.html


All the above of course would require a computer to be at *least* already infected
with malware to do *anything*.

--
(setq (chuck nil) car(chuck) )

chuckcar <> wrote:

>> Slashdot article
>> http://it.slashdot.org/article.pl?sid=09/03/19/179228
>>
>For article #1:

>Big deal. It's called a hardware interrupt. *If* as he claims it happened in
>386's, that's the *only* possibility.

Read the slashdot replies, one observes it will set in the BIOS and
there is a question of space for it.





--

NYC Sitcom Map
http://23.media.tumblr.com/IwM8PIQ02...yo1_r1_500.png

wrote:
> "This is the scariest, stealthiest, and most dangerous exploit I've
> seen come around since the legendary Blue Pill! No, I'm not just
> trying to sensationalize this or spread fear, uncertainty and doubt.
> This is serious and represents a massive new security threat for us
> all."
>
> Kind of a panic post huh?
>
> Just my luck I have an Intel Chip.
>
> The exploit
> http://www.networkworld.com/community/node/39825
> How it works
> http://blogs.techrepublic.com.com/security/?p=1130
> Slashdot article
> http://it.slashdot.org/article.pl?sid=09/03/19/179228
>
>
YEh...saw it on slashdot...too bad you have new kit...it wont touch my
old crap I get for free



--
http://www.palindeception.com/
http://palinpics4truth.blogspot.com

chuckcar <> wrote:

>Finally in article #3 they actually *mention* and give a bloodly link to the article.
>
>http://invisiblethingslab.com/itl/Resources.html

This is the release of the exploit, as posted by Rafal Wojtczuk and
Joanna Rutkowska as mentioned in the slashdot.org article.

Read the code and see for yourself what it does
http://invisiblethingslab.com/resour...sc09/o68-2.tgz
--

NYC Sitcom Map
http://23.media.tumblr.com/IwM8PIQ02...yo1_r1_500.png

wrote in
news::

> chuckcar <> wrote:
>
>>> Slashdot article
>>> http://it.slashdot.org/article.pl?sid=09/03/19/179228
>>>
>>For article #1:
>
>>Big deal. It's called a hardware interrupt. *If* as he claims it
>>happened in 386's, that's the *only* possibility.
>
> Read the slashdot replies, one observes it will set in the BIOS and
> there is a question of space for it.
>
Well, no matter what it *can't* do more than a virus does already: infect
the OS, put a hook on the MBR and possibly the BIOS nvram, delete files,
send mail. The limits of what can possibily be done by a trojan/virus are
reached by BIOS calls. If you go any lower, you loose capabilities *big*
time and have to *really* know machine language, which put it into the
camp of the hackers (original meaning here). This would mean that they're
far they're more likely to get caught quickly because the number of malware
pieces goes down severely along with the number of people actually doing
such code. Along with increased effort/desire to catch them.


--
(setq (chuck nil) car(chuck) )

On Fri, 20 Mar 2009 21:48:38 +0000 (UTC), chuckcar <>
wrote:

>Well, no matter what it *can't* do more than a virus does already:

Your advice is much worse than any virus could ever hope to be.
--
To reply via e-mail, remove The Obvious from my e-mail address.

chuckcar <> wrote:

> wrote in
>news: :
>
>> chuckcar <> wrote:
>>
>>>> Slashdot article
>>>> http://it.slashdot.org/article.pl?sid=09/03/19/179228
>>>>
>>>For article #1:
>>
>>>Big deal. It's called a hardware interrupt. *If* as he claims it
>>>happened in 386's, that's the *only* possibility.
>>
>> Read the slashdot replies, one observes it will set in the BIOS and
>> there is a question of space for it.

>Well, no matter what it *can't* do more than a virus does already:

You missed the point as usual, this makes in undetectable.
--

pics of the undersea volcanic eruptions near Tonga
http://www.boston.com/bigpicture/200...ear_tonga.html

wrote in
news::

> chuckcar <> wrote:
>
>>Finally in article #3 they actually *mention* and give a bloodly link to
>>the article.
>>
>>http://invisiblethingslab.com/itl/Resources.html
>
> This is the release of the exploit, as posted by Rafal Wojtczuk and
> Joanna Rutkowska as mentioned in the slashdot.org article.
>
> Read the code and see for yourself what it does
> http://invisiblethingslab.com/resour...sc09/o68-2.tgz

I saw the link by way of the slashdot article, I have no interest in
spending an hour to half a day decoding ML to no real point thankyou.

--
(setq (chuck nil) car(chuck) )

wrote in
news::

> chuckcar <> wrote:
>
>> wrote in
>>news: m:
>>
>>> chuckcar <> wrote:
>>>
>>>>> Slashdot article
>>>>> http://it.slashdot.org/article.pl?sid=09/03/19/179228
>>>>>
>>>>For article #1:
>>>
>>>>Big deal. It's called a hardware interrupt. *If* as he claims it
>>>>happened in 386's, that's the *only* possibility.
>>>
>>> Read the slashdot replies, one observes it will set in the BIOS and
>>> there is a question of space for it.
>
>>Well, no matter what it *can't* do more than a virus does already:
>
> You missed the point as usual, this makes in undetectable.

No, you're *not* rewriting the microcode. The x86/Px chip is *not* a
microcode reprogramable CPU. At worst you do as above. Somewhere there
will be a file storing the code and that file will show the malware is
present. That cannot be avoided. And since at least *one* of these files
is *always* the same (at least a part of it) it *is* detectable.

--
(setq (chuck nil) car(chuck) )