[Arm-netbook] extraordinary claims ...

[Gordan Bobic]

On 08/07/2012 14:51, freebirds at fastmail.fm wrote:
> Michael Zucchi and Gordon Bobic, please do not unsubscribe. If you do
> not want to read my posts, skip them. Michael Zucchi, I do disagree with
> your summary of my posts on freedombox foundation's mailing list. On
> both forums, I posted solely on open hardware and privacy which is
> certainly on topic. I inquired whether ARM has remote monitoring like
> Intel AMT and AMD DASH. Members asked why I am asking. I explained my
> abuser hires crackers. Members ask evidence. Why and the evidence is off
> topic. I try to refocus the thread back to open hardware and privacy.

Sure, but it is distinctly unhelpful to be making what are clearly 
non-sensical, under-researched claims based on such reliable sources as 
random credible-less forum posts and the word of the "computer repair man".

"Is it possible for hardware virtualization to be used as a means of 
attacking a system, via virii/trojans?" is a reasonable thing to ask.

"I have had half a dozen machines hacked and hardware virtualization is 
to blame, it is evil and shouldn't be in any computer under any 
circumstances or you will get hacked and lose all your data." is not a 
reasonable thing to say.

The claims in your posts have followed the latter, rather than the 
former approach, despite a number of people with more than a reasonable 
amount of understanding and knowledge on the subject telling you that it 
is nonsense.

> There is little clear detailed information on how TrustZone and Mobicore
> function. Reading threads at the forums.arm.com does not reveal much.
> Indeed, today, Josua reasked the same question he asked two weeks ago on
> ARM's forum: "Thanks a lot.But the more documents I read , I am more
> unclear on fundamental concept . If anyone can please explain what is
> 'virtualisation' and what does ARM mean by saying they provide a
> hardware enforced virtualisation"
> http://forums.arm.com/index.php?/topic/15990-arm-trustzone/
>
> So far, no answers to my question on Mobicore at
> http://forums.arm.com/index.php?/topic/16030-mobicore-in-trustzone/
> Apparently, ARM's forum does not know. Who does?
>
> Henrik Nordström appreciate your answers on TrustZone and Mobiore. You
> may want to post your same answers on forums.arm.com. Henrik Nordstrom
> thanks for explaining that TrustZone and Mobicore cannot be disabled by
> the user.

So you ask who knows, the acknowledge that Henrik already explained all 
this? It sure sounds like you are not going to accept any educated 
answer on the subject unless they agree with your erroneous "hardware 
virtualization extensions are evil" premise.

> I am reasking how to tell if an ARM device has been
> preinstalled with Mobicore or updated with Mobicore.

Since I don't think there are any devices shipping with Mobicore, it 
doesn't matter.

> Henrik Nordstrom, I disagree with your statement: "Systems with OOB
> monitoring is also easily detected, as this is a advertised and well
> known feature when implemented in the hardware. There is no manufactures
> who add stealth OOB management&  monitoring, and anyone doing so would
> get detected quickly."

OOB is commonly used on servers (Dell DRAC, HP ILO, Sun/Oracle LOM, 
aftermarket Raritan eRIC G4, etc). They provide means of getting to the 
console of the machine remotely over the network. These are expensive 
and useful optional extras, and no sane manufacturer would not advertise 
these as a feature. They are immensely useful. Of course, they all come 
with default username/password out of the box - as do LiveCDs. Changing 
those passwords is such a basic requirement obvious to anyone 
intellectually fit to be using a modern, advanced operating system such 
as Linux that it may not be explicitly mentioned anywhere.

> As I discussed on the freedombox foundation's mailing list, Intel AMT
> and AMD DASH provide discrete OOB monitoring and is practically
> undetectable.

Can you elaborate in detail this OOB functionality you are describing? 
What it is, how you use it, and why it is undetectable? If you cannot 
explain any of this, then please, do stop repeatedly claiming it.


> Regardless how easy it would be for a cracker to crack TrustZone and
> Mobicore, companies and government who have access to the apps and data
> running in it can resell it under the table to information brokers who
> resell it investigators and other governments.

You are again demonstrating your lack of understanding about what 
TrustZone does. It's purpose isn't to spy on you.

> I cancelled my netbook order with Tom Cubie. I ordered a Lemote Yeeloong
> A2 that was released in 2008. The only Yeeloong forum is in China and it
> has not been active since 2011. I hope I won't have technical problems
> with the Yeeloong. If I do, I will buy a SheevaPlug introduced in 2009
> or go further back in history and buy a Pentium 4 or Celeron M prior to
> Intel introducing AMT, TPM, TXT, virtualization, etc.

And if you treat your new hardware with the same degree of IT hygiene, 
it is a complete certainty that they are going to get hacked again just 
the same, despite not having any of the features you are bashing. If you 
switch to Yeeloong and it proves resistant, it will be purely because it 
is MIPS based and the malware you are being targetted by is most likely 
x86 based. In practice, you'd get the same "protection" from running an 
ARM machine. But this isn't really protection, it doesn't mean that your 
machine is any more secure, it just means that the tools the crackers 
use haven't been updated to work on non-x86 platforms. Still I fully 
expect you to claim victory when your new MIPS/ARM appear "immune" 
anyway simply because that would conform to your erroneous views that 
seem to be too deeply and unhealthily entrenched to be shifted, even 
after they were extensively deconstructed by people who are much more 
educated on the subjects in question.

Gordan