[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?

[Gordan Bobic]

On 07/06/2012 06:42 PM, freebirds at fastmail.fm wrote:
> Gordon Bobic wrote: "Without a way to get into your machine in the first
> place, everything else is irrelevant, and if they
> have a way of getting into your machine, them accessing TrustZone, VT
> and whatever other hypervisory hardware you may have available is
> utterly immaterial because once they are in they have everything they
> need to steal or corrupt your data anyway,"
>
> I disagree with your requirement that only people who can prove that
> their PC was hacked via hacking hardware assisted virtualization (HAD)
> can be concerned about HAD. HAD is "evil" because most end users and
> even computer security security experts are not aware of it, firewalls,
> tripwire and antivirus cannot detect HAD activity, HAD cannot be
> physically removed and remote HAD activity cannot be stopped. I have
> four tampered netbooks I can no longer use. Fortunately, the three Acers
> I was able to return.

HAD cannot be accessed unless you have ALREADY been breached and 
somebody managed to get past your firewall and your anti-virus. If you 
don't understand that I can only assume you are either misinformed or 
you're trolling.

> You may be correct that PCs have to be cracked first before HAD is
> cracked. Nonetheless, once HAD is cracked, there seems to be no fix.

Absolute nonsense. Once HAD is cracked you wipe the machine clean, and 
put it behind a firewall. From what I can tell you have no firewall, no 
iptables, and no on-access anti-virus scanning (you didn't even seem to 
know what I was talking about with on-open scanning hooks when I first 
mentioned it). So you are running a totally unprotected machine 
connected to a publically available IP. And then you say you were 
cracked when using a Live CD distro. So you were putting a machine that 
is root ssh-able with a default Live CD root password. And you are 
wondering how you got hacked? Shocking. </sarcasm>

Do you use WiFi? What security do you use on WiFi? Do you realize that 
Even WPA2 can be cracked to allow reading (although not 
injecting/writing) data onto the wire? Do you use the same password on 
multiple web sites? Do all of them use SSL for the authentication stage? 
Do you ever use your laptop in a coffee shop or a public AP? I can think 
of literally dozens of possible explanations for your getting hacked, 
none of which require going anywhere near virtualization extensions. And 
considering it hadn't even occured to you to check on the command line 
with something as basic as "ls -la" whether your "Trash" folder was 
there on the media, I am assuming that you probably haven't considered 
any of the things I mentioned in this and the previous paragraphs, or 
elsewhere on the thread.

> Since you asked several times, I will describe the cracks further.
> However, I do not want this mailing list to think I joined it because I
> am crying out loud woe is me and help me with malware, OS and SW to
> prevent the cracking. I do not want to take up members time reading off
> tropic. Nor do I want members to assume I am not being cracked because I
> cannot adequately explain the cracking and that I am paranoid.

Well, it comes down to Occam's Razor. Where there are multiple competing 
explanations, the simpler one is usuall the correct one. You seem to be 
pursuing a mind-numbingly obscure and complex hypothesis when there are 
several I can think of off the top of my head that are far more plausible.

> I am not
> paranoid. I do not want to be banned from this mailing list. I joined
> for help switching to ARM. I am asking how to keep TrustZone disabled. I
> am asking for a hardened ARM OS. I do not need to make numerous posts
> justifying why I am asking for this help. I regret explaining why I was
> asking for help.

I am starting to regret getting involved and wasting bandwidth.

> I have two Asus netbooks and two MSI netbooks. Jack's third party
> switched the 260 GB hard drive from my Asus 1015PE to a 160 GB hard
> drive. They switched the 160 GB hard drive from my MSI to another 160 GB
> hard drive. They cloned Fedora and my files on these hard drives.

So they cloned a machine that was already believed to be infected? Are 
you having a laugh?

> They flashed my BIOS. They installed a wifi card and antennae into my MSI
> netbook.

Both likely a waste of time. Getting a virus into the BIOS while keeping 
the machine bootable takes some serious doing and BIOS editing 
expertise. There are very few motherboards that make this easy (e.g. the 
ones supported by booting the Linux kernel from the BIOS itself - but 
even then you would certainly notice when your POST has been replaced by 
the Linux kernel boot).

> Previously, I had removed the wifi card and antennae from all
> my netbooks.

Waste of time, IMO.

> Previously, they procured my files by stealing my removable
> media.

That's just hard luck. It's why if you have something valuable on a 
easily stealable machine or media, you encrypt it. I generally don't 
bother encrypting my laptops because I don't use valuable passwords or 
keep valuable data on them.

> After I attempt to elude from my abuser's stalkers and relocate, I find
> out that the netbook I have with me was not shut down or that it was
> remotely turned on via  Wake on Wireless LAN.

And this worked despite disabling WoL and not allowing auto-connecting 
on the WLAN interface? If so, how did you disable it? In BIOS? Removed 
the kernel module? I'm guessing you almost certainly hadn't tried the 
latter.

> They did this to all four
> of my netbooks. Previously, Fedora had no problem shutting down. My
> battery was dead or almost dead. Whereas, my battery was fully charged
> when I thought I had turned off my computer. Jack's hackers geolocated
> my computer foiling my elude. Thus, I was forced to relocate again and
> again.

And through all these relocations, what WLAN connections did you use? 
Sure, tracking somebody via WLAN can be done - if you own most of the 
APs in a large area. But unless you are a large WiFi service provider 
that sounds implausible.

> The remote tampering I mentioned earlier were not isolated incidents and
> were not due to a particular hardware problem (I have four netbooks).
> Jack's crackers has complete remote control of my computers. The remote
> tampering includes slowing down my computers, repeatedly infecting my
> music, PDF and word files. Repeatedly deleting files. Repeatedly
> preventing booting to live DVDs. I have three functional external DVD
> players. Thereby, Jack's crackers precluded me from going online with a
> live DVD of Tails which has TOR and Lightweight Portable Security (LPS).
> They stopped downloads of new Linux releases. They hijacked my browser.

And for all this you have 0 forensic evidence to show for it? Not the 
name or even executable (real or masquerading) of a trojan they planted? 
Sorry, but without evidence you can only guess - and your gesses are 
pretty far out there.

> Their next attempt to force me to use a tampered Linux OS was
> redirecting my browser to what appeared to be a Lightweight Portable
> Security (LPS) download page.

Have you established how? Via the hosts file or another means?

> Message on webpage was to download the new
> release of LPS. I did. I told a geek that I was shocked that the US
> government would spy on users of its LPS. He replied that my browser was
> redirected to a hacked webpage and that hacked webpages can look
> genuine. He asked if I had downloaded the OS. I replied us. I deleted
> the download. There had not been a new release of LPS. USB worms.

 From what you have thus far said, it really doesn't sound like you 
understand enough about what was happening to your machines to start 
making any assumptions - and I mean that in the nicest possible way.

> When I attempted to eradicate the USB worms by copying my files to DVDs
> to disable autorun.inf, Brasero and K3B had numerous errors.

Autorun.inf? I thought we were talking about Linux here.

> I threw out
> 20 brand new DVDs because of errors. In the past, K3B always worked. To
> circumvent my attempt to disable autorun.inf, they infected my removable
> media with Mazebat which is an USB worm and a DVD worm. While I typing
> emails, they deleted paragraphs. I was forced to retype my paragraphs.



> This year, I purchased a brand new Gateway netbook and three Acer
> netbooks.

You know, one definition of insanity is doing the same thing multiple 
times and expecting a different result. You bought 4 laptops, treated 
them the same way in the same networking-unsanitary conditions and you 
expected a different result?

> Jack's crackers precluded me from installing Fedora on the
> Gateway.

Precluded you how?

> I installed Fedora on the first Acer but Fedora was not usable.

Not usable how?

> Second Acer I did install Fedora. Then I examined Fedora's filesystem.
> Numerous locked files and folders.

There is no such thing as "locked" files or folders. If you are root, 
you can read and write anything. Have you tried from the command line? 
Oh wait, you already said you haven't. Sorry, but this is so lacking in 
credibility that I can't believe I'm even responding to this thread any 
more.

> They tampered with Fedora again. They
> infected more word files. I reinstalled Windows using the recovery CDs
> because I needed to return it because Jack's crackers cracked it. It was
> several days before I returned to the store. Jack's crackers locked
> numerous Windows folders and files. These brand new netbooks began to
> run slowly. USB worms.

I'm not dignifying Windows use under the given circumstances with a 
further response.

> Third Acer I did not install Fedora. Just used a live DVD of Fedora.
> They tampered with Fedora's filesystem. I returned the Acer.

They tampered with the file system on a Live CD? On your read-only Live 
CD media?

> To answer your question why I believe Jack's hackers are targeting
> hardware assisted virtualization is that as I explained previously,
> after erasing my hard drives with DBAN or KillDisk and reflashing my
> BIOS, Jack's crackers were still able to geolocate my computers.

What evidence do you have of them having been able to geolocate your 
computers?

> How do
> I know? Jack also hires people to physically stalk me. They show up. The
> police do not help. Subsequently, I tried to use SecureErase to delete
> the HDA of my hard drives which DBAN and KillDisk do not delete. I
> reflashed my BIOS again. However, I did not do both in the same day so
> the BIOS rootkit may have reinfected my HDs.

A BIOS rootkit? Got a binary copy of your supposedly hacked BIOS? No? 
Didn't think so.

And how did you flash it? From Windows perchance? That you suspected was 
infected? Hardly any manufacturers provide Linux tools for flashing 
BIOS. If you are lucky you might get a bootable DOS CD with a BIOS 
flashing utility, but a netbook won't have a CD drive, so I have to 
wonder what your approach was.

> Rootkits do not give complete remote control of computers. Hardware
> assisted virtualization does.

That is pure and utter nonsense. Who told you that? Whoever they were, 
they lied to you. Do you even know what a rootkit is? The hint is in the 
name. Once you have root access anyway, you have no need for VT for any 
further control.

> I am still waiting for the computer
> security expert who captured the encrypted packets I had emailed this
> mailing list to answer your questions. I apologize for not having the
> expertise to explain the tampering in technical terms.

So you have no evidence of what you claim has been going on, you have 
not got enough knowledge to do any diagnostics of it yourself, even the 
most basic "ls -la" command line stuff, and yet you are adamant that 
hardware virtualization is to blame? How do you know your computer 
security expert isn't working for Jack? After all, people working for 
this Jack person seem to get everywhere and are finding you via 
geolocation wherever you go.

Gordan