Catalog of NSA compromised equipments
Digimer
lists-5ZoueyuiTZiw5LPnMra/2Q at public.gmane.org
Tue Dec 31 04:46:10 UTC 2013
On 30/12/13 09:20 PM, James Knott wrote:
> William Muriithi wrote:
>>
>> Another program attacks the firmware in hard drives manufactured by
>> Western Digital, Seagate, Maxtor and Samsung, all of which, with the
>> exception of latter, are American companies. Here, too, it appears the
>> US intelligence agency is compromising the technology and products of
>> American companies.
>>
>
> One would assume they want to collect info. How does a hard drive
> communicate anything back to the NSA? That would require the drive to
> send the data via the SATA port, through the IP stack and then out the
> NIC. How is that possible?
It doesn't work that way. It works by, for example, knowing when
/etc/shadow is being read and modifying/injecting data into the stream
that would allow an attacker to log into a target system. You'll note
that specific support for ext2/3 FS were listed (and that was some years
ago, so no reason not to think ext4 is also vulnerable).
At the end of the day, if an attacker has access to your BIOS, you have
no privacy, OS aside.
--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list