[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Security Question



-----BEGIN PGP SIGNED MESSAGE-----


In <[email protected]>, on 02/02/97 at 09:34 AM,
   "Dr.Dimitri Vulis KOTM" <[email protected]> said:


>[email protected] (Igor Chudov @ home) writes:

>> Dr.Dimitri Vulis KOTM wrote:
>> > Bill Stewart <[email protected]> writes:
>> > > On the other hand, if the "repairman" replaced your pgp executable
>> > > with version 2.6.3kgb, which uses your hashed passphrase as the
>> > > session key, you're hosed.  Or if he installed a keystroke sniffer,
>> > > or added a small radio transmitter to your keyboard, or whatever.
>> > > Depends on your threat model.  If you need to be paranoid,
>> > > they've already gotten you....
>> >
>> > If you're really paranoid, you can boot from a clean floppy and
>> > reinstall everything from your backup tapes. You do have a
>> > contingency plan in case your hard disk goes bad, or gets a
>> > virus, don't you? Well, if you're in doubt, exercise it.
>>
>> And what if the repairman replaces BIOS ROM chips with KGBios?

>On some computers it's possible to add executable code to the boot
>sequence without replacing the actual ROM chip because they're
>rewritiable. Examples: most Sun boxes; intel motherboards with 'flash
>bios'.

V-Communications has a nice Bios Pre-Processor for their dissasembler for
anyone intrested it playing with their bios code. Most newer MB's come with
Flash Bios and the software to Flash the chip is available for download
from the Manufacture. I'v gone and tinkered around with the bios on a
couple of my AMI motherboards.

Flash bios does open the possibility for a virus infection of ones bios. I
have had several intresting discussions with the AMI programmers about
this. IMHO any device that has flash bios should have a jumper on the
circuit board to enable/disable the flash option. I have not seen anyone
that is doing this with their products.

The MB bios is relativly safe as the flash process happens pre-post but
considering that flash bios can be found in almost all computer prerifials
the potential for harm is there. Currently on my system I have flash bios
on the HD's, modem's, NIC's, & SCSI card's. All are a potential hiding spot
for a virus.


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
                          
Finger [email protected] for PGP Key and other info
- -----------------------------------------------------------
 

 
Tag-O-Matic: Air conditioned environment - Do not open Windows.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Registered User E-Secure v1.1 0000000

iQCVAwUBMvUl1Y9Co1n+aLhhAQHVcAQAmlU7/gY80+0C3KTowerMkZHa1ro4A5g5
0qKRuuAO08eOmnwND16bBxOo5KKZU/2Xxydvdg2CpE4C9ga/po3QTasa+kKzpsR7
jBQxDAWauirLlJtXCnfiaYQrycxX6YoFoZanRGticT4ObRmFvT0OcqYqqL/fgXe0
oSiw02JDATQ=
=S97o
-----END PGP SIGNATURE-----