[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stego-empty hard drives... (fwd)




At 9:41 PM -0500 9/21/98, Jim Choate wrote:
>Specificaly I am asking:
>
>Given a BIOS which has been modified to allow the end-user to select between
>encrypted and non-encrypted operation, how is the end-user supposed to
>make this selection?
>
>So far I've seen two suggestions:
>
>1.	The BIOS is only 'sensitive' at particular points in the POST.
>
>2.	The BIOS has a user-accessible selection via some method to
>	activate their selection.
>
>Both are workable, I'm looking for a more specific description of the
>methods.
>
>In the case of 1., is the marker going to be particular windows which are
>bounded by particular messages printed to the boot console? In the case of
>2. is it going to be a particular 'magic keystroke' that enables some hidden
>option screen?
>
>It seems to me that both have obvious methods of attack if the only goal is
>to demonstrate to a legal standard that such capability exists.

	If you do (1), and simply have _no_ prompt, just a small space in
time AFTER the POST (say, immediately after) to type in your passkey, and
things are
set up that if you type the wrong keys, it goes straight into hidden space
mode, then there would be no suspicion, other than a slightly long boot
sequence (and if the wait time were only 2 or 3 seconds, it might not even
be noticable.)

--
[email protected] work related issues. I don't speak for Playboy.
[email protected] everthing else.      They wouldn't like that.
                                              They REALLY
Economic speech IS political speech.          wouldn't like that.