[Arm-netbook] Looking for an ARM Netbook !
lkcl luke
luke.leighton at gmail.com
Wed Jul 4 18:20:35 BST 2012
> Previously, I was ridiculed for suggesting OOB monitoring on computers
> who's specifications do not include vPRO, AMT or DASH. After reading
> Lkcl Luke's comment, I researched again this time using the search terms
> "Atom". Finally, I found evidence of OOB monitoring that is not in the
> specifications of PCs and not on Intel's list of processors that have
> hard AMT.
perhaps at this point i should also mention that in both 2000 and
2006 i was targetted by intelligence operatives large-volume "SPAM"
after contacting (or being contacted by) someone who had also been
pulled in to work with an intelligence agency.
as i was working in 2006 in a security-conscious environment, within
24 hours of the receipt of the SPAM being received my x86 P4 laptop's
hard drive went into meltdown. by taking the drive out and putting it
into a 2.5in USB ide case i was just about able to copy the data off
before it died entirely.
the working hypothesis of how even the *receipt* of external "SPAM"
would result in my laptop exhibiting such behaviour is this:
the hypothesis is that the power fluctuations on the network cable
signalled to and activated circuitry within the x86 P4 processor (see
IBM's research article showing that it only takes about 2,000
transistors to compromise a hardware design. the P4's processor is
6-7 orders of magnitude more transistors than that).
the hypothesis further goes that once that circuitry is activated, it
would be capable of further reading the power fluctuations to read in
an ECC checksummed bootloader program, or perhaps merely activate an
existing ROM-based application and the incoming data is merely a
digital signature, or some combination of the two.
now, at this point, the level of compromise and planning to effect an
attack using the above hypothetical scenario goes wayyyy beyond what
the average person, average company, average cartel, average criminal
organisation or average hacker could even remotely consider
leveraging.
however if the hypothesis is correct, and at the same time, the
organisations responsible for hypothetically implementing such
hypothetical systems fucked up the security arrangements surrounding
the activation of such hypothetical systems, then it *could* lead to
all and any hardware with such hypothetically hardware-compromised
systems being accessible to anyone with the wherewithal to observe and
duplicate the hypothetical upload mechanism.
the only thing is: hypothetically, anyone who actually _did_ such
hypothetical systems would, if they actually poked their stupid heads
above the parapet enough to come to the hypothetical attention of any
intelligence agencies that hypothetically use such hypothetical
systems, would have those intelligence agencies descend on them with a
vengeance.
so if the hacks suddenly stop, you know what happened: the hackers got
hit by a bus. of course, what *might* happen is that, in order to
hide the fact that the hackers had been whoops quotes hit by a bus
quotes, the intelligence agencies *might* be forced to continue to
hack your computer for a while and pretend to be the [dead] hackers,
perhaps demonstrate incompetence at their job, and annoy your
attackers (or the contractors) enough so that they end the
sub-contract and find someone else who appears to be quotes more
competent quotes. all hypothetically, of course.
but - overall, i'm kinda puzzled. the level of competence being
displayed by these criminals is particularly sophisticated. your
criminal attacker must have access to some serious amounts of money
[and an amazing amount of stupidity] or have some connections which,
in the right circles, should be easily traced back to them. i'm
sort-of surprised that they haven't yet been quotes hit by a bus
quotes.
l.
More information about the arm-netbook
mailing list