Re: Modern hw-killing virus feasible

[Crist Clark <crist.clark () GLOBALSTAR COM>]

"Juan M. Courcoul" wrote:
> "Mike A. Harris" wrote:

[snip]

> > *I* know how to fix such problems, but if I had my BIOS flashed,
> > for all intents and purposes, I would be buying a new board too
> > most likely because I don't have ready steady access to a EPROM
> > flasher, not to mention the time and effort involved in trying to
> > track down a copy of a rom - and thus time == money, yada yada.
>
> Nope, a new board is basically your only option. Unless EEPROM technology
> changed significantly since I last checked, you cannot flash the chip "on the
> board", cause the rest of the electronics will act up and introduce an error
> factor. So, pop the chip out, flash it and pop it back in, right ? Before
> flasheable BIOS, this was an option, for the EPROM was socket-mounted to allow
> upgrades; then some beancounter somewhere had the "brilliant idea" of saving on
> sockets by making the thing self-reprogrammable and soldering the EEPROM on the
> board. Ok, so let's unsolder the thing and we'll just solder a new one back in.
>  Well, unless you have access to a well-equipped board reworking facility (a
> bit harder to come by than an EEPROM burner...), I wish you the best of luck
> trying to remove an SMM (surface mount) device without frying the multilayer
> board. Ain't progress wonderful ?

I realize people are mainly thinking of PCs on this thread, but I have
yet to see anyone mention the trivial DoS via EEPROM on a Sun (that means
Sun hardware, not x86 Solaris). As root,

  # eeprom secuity-mode=full
  # eeprom security-password=
  Changing PROM password:
  New password: (8 random chars)
  Retype new password: (same 8 random chars)
  # reboot

And you have effectively put that box out of commision until someone
crack open the case and replaces the EEPROM chip. Upon reboot, the
system will demand the EEPROM password before booting. If the administrator
of the machine does not have it, she can't get a boot prompt. And since
the machine will not boot into single- or multi-user mode, having the
root password or alternate boot media is no help.

Sun hardware is designed so the EEPROM can be replaced (at least that's
what the docs say and Sun techs/engineers have told me), but this is a
serious and potentially expensive PITA. And it's so-o easy.

<musing>
I've wondered why easy vandalism like this was never a problem on Sun
machines in MIT's Athena clusters. Everyone knew the root passwords.
Within the Kerberos security framework, root on a workstation did not
really get you anything interesting... except the potential to muck with
the hardware like this. (Guess people were to busy trying to crack the
physical security to steal the memory chips.)
</musing>
--
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.