[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Covert Access to Data and ID
Froward From: Anonymous
To: [email protected]
Cc: [email protected]
Subject: Intel plans for world domination
Date: Wed, 8 Jul 1998 10:51:04 -0500
Good afternoon gentlemen,
I've been reading the correspondence on the possibility of govt
keystroke access with some interest. I'm in a slightly odd position as
I'm responsible for security in one of the larger wintel companies. As
such I've been getting quite a feeling of deja vu reading your mails.
Intel and others are moving in exactly this direction with a number of
initiatives, most notably the PC98, PCXX, and "Wired For Management".
WfM in particular is very scary - one of the components is a facility
for PC's to download and run digitally signed software before the OS is
booted - between "the end of BIOS initialisation and when control is
transferred to a high-level OS" in the words of one Intel document. The
code is verified by routines embedded in the BIOS and will allegedly use
some subset of X.509v3 and PKCS#1.
As so often happens in circumstances like this I can't risk passing
documents directly as I can't be sure of their provenance - I really
have no idea which ones are now considered trade secrets and which have
been made public. Instead I recommend you have a look at the Intel WfM
site http://www.intel.com/ial/wfm/ with particular reference to the
"Pre-Boot Execution Environment" (PXE) and "System Management BIOS"
(SMBIOS). The Microsoft pc98 site is at
http://www.microsoft.com/hwdev/pc98.htm
and the Intel one at
http://developer.intel.com/design/pc98/.
----------
And, DM reminds of the DIRT program Ray Arachelian first posted
here:
There's an article on page 37 of the July 6, 1998 issue of
NetworkWorld about a new software product for Windows machines
that is basically a trojan horse that allows access to all
keystrokes and files on a system from a remote "America's
Most Wanted"-type HQ. I can't find the article online
at www.networkworld.com, but you can go the the company's
site at
http://www.thecodex.com/dirt.html
to see it. Sale of DIRT is "restricted to military, government, and law
enforcement agencies", the article says.