Vulnerability Development mailing list archives
Re: Modern hw-killing virus feasible
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Thu, 8 Mar 2001 11:13:35 -0800
"Juan M. Courcoul" wrote:
"Mike A. Harris" wrote:
[snip]
*I* know how to fix such problems, but if I had my BIOS flashed, for all intents and purposes, I would be buying a new board too most likely because I don't have ready steady access to a EPROM flasher, not to mention the time and effort involved in trying to track down a copy of a rom - and thus time == money, yada yada.Nope, a new board is basically your only option. Unless EEPROM technology changed significantly since I last checked, you cannot flash the chip "on the board", cause the rest of the electronics will act up and introduce an error factor. So, pop the chip out, flash it and pop it back in, right ? Before flasheable BIOS, this was an option, for the EPROM was socket-mounted to allow upgrades; then some beancounter somewhere had the "brilliant idea" of saving on sockets by making the thing self-reprogrammable and soldering the EEPROM on the board. Ok, so let's unsolder the thing and we'll just solder a new one back in. Well, unless you have access to a well-equipped board reworking facility (a bit harder to come by than an EEPROM burner...), I wish you the best of luck trying to remove an SMM (surface mount) device without frying the multilayer board. Ain't progress wonderful ?
I realize people are mainly thinking of PCs on this thread, but I have yet to see anyone mention the trivial DoS via EEPROM on a Sun (that means Sun hardware, not x86 Solaris). As root, # eeprom secuity-mode=full # eeprom security-password= Changing PROM password: New password: (8 random chars) Retype new password: (same 8 random chars) # reboot And you have effectively put that box out of commision until someone crack open the case and replaces the EEPROM chip. Upon reboot, the system will demand the EEPROM password before booting. If the administrator of the machine does not have it, she can't get a boot prompt. And since the machine will not boot into single- or multi-user mode, having the root password or alternate boot media is no help. Sun hardware is designed so the EEPROM can be replaced (at least that's what the docs say and Sun techs/engineers have told me), but this is a serious and potentially expensive PITA. And it's so-o easy. <musing> I've wondered why easy vandalism like this was never a problem on Sun machines in MIT's Athena clusters. Everyone knew the root passwords. Within the Kerberos security framework, root on a workstation did not really get you anything interesting... except the potential to muck with the hardware like this. (Guess people were to busy trying to crack the physical security to steal the memory chips.) </musing> -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P.
Current thread:
- Modern hw-killing virus feasible Pavel Machek (Mar 06)
- Re: Modern hw-killing virus feasible Robert Collins (Mar 06)
- Re: Modern hw-killing virus feasible Bart (Mar 06)
- Re: Modern hw-killing virus feasible Ma Gores (Mar 06)
- Re: Modern hw-killing virus feasible fejed (Mar 07)
- Re: Modern hw-killing virus feasible Mike A. Harris (Mar 07)
- Re: Modern hw-killing virus feasible A T (Mar 07)
- Re: Modern hw-killing virus feasible Juan M. Courcoul (Mar 08)
- Re: Modern hw-killing virus feasible Syzop (Mar 08)
- Re: Modern hw-killing virus feasible Crist Clark (Mar 08)
- Re: Modern hw-killing virus feasible Gregor Binder (Mar 09)
- Re: Modern hw-killing virus feasible Ma Gores (Mar 06)
- Re: Modern hw-killing virus feasible Daniel Newby (Mar 09)
- Re: Modern hw-killing virus feasible Blue Boar (Mar 07)
- Re: Modern hw-killing virus feasible Lincoln Yeoh (Mar 08)
- Re: Modern hw-killing virus feasible Vitaly McLain (Mar 08)
- Re: Modern hw-killing virus feasible Blue Boar (Mar 08)
- Re: Modern hw-killing virus feasible Vortex (Mar 25)
- Re: Modern hw-killing virus feasible Jonathan James (Mar 25)
- Re: Modern hw-killing virus feasible fejed (Mar 08)