[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?
Gordan Bobic
gordan at bobich.net
Thu Jul 5 18:07:14 BST 2012
On 05/07/2012 17:36, freebirds at fastmail.fm wrote:
> Gordan Bobic asked: "And this also works on Linux? Can you cite any
> record of an exploit that is capable of this?"
>
> What I can give you are some home brewed encrypted almost frameless
> packets being sent out of band by my Asus netbook to a Roadrunner IP
> address in Virginia. A computer security expert captured them but was
> unable to decrypt them. They are attached.
And this was being sent out without going via the OS's IP stack? If this
was indeed something OOB on hardware level that provides console-type
access has existence of such a thing ever been demonstrated on the said
Asus model?
So far this sounds almost like somebody scanning public IPs on
telnet/ssh port and throwing default DRAC/iLO usernames/passwords at it
until something sticks. I can understand that if such a feature exists
on a machine it needs to be publicised - that is indeed an issue.
And why, exactly, would you ever plug a machine like that directly to
the internet via a public IP, and no NAT and firewall in the way?
Gordan
More information about the arm-netbook
mailing list