Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v10.1 (Hackers can turn your gas station into a bomb)
«232 »
 
  • Locked thread
spankmeister
Jun 15, 2008

Lysidas posted:

i remember reading about a researcher who developed a proof of concept firmware hack for western digital (iirc) hard drives, that was some really neat/scary stuff and i have his example code saved somewhere

sprite_tm

I know him a little, all around awesome dude

* # ? Feb 16, 2015 23:43
  • Quote
Adbot
ADBOT LOVES YOU

# ? Jun 7, 2024 04:41
  • Quote
spankmeister
Jun 15, 2008






 I knew all of this was theoretically possible and if anyone had the resources to develop it it would be :nsa: but to see proof is pretty amazing.

* # ? Feb 16, 2015 23:44
  • Quote
EMILY BLUNTS
Jan 1, 2005

 i just assume if it's more complex than a rock it has a processor and firmware updates and can be exploited

* # ? Feb 16, 2015 23:49
  • Quote
Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe

EMILY BLUNTS posted:

how do you know if your seagate is infected?
it doesnt die after 2 years :v:

lmao

* # ? Feb 16, 2015 23:56
  • Quote
spankmeister
Jun 15, 2008

EMILY BLUNTS posted:

i just assume if it's more complex than a rock it has a processor and firmware updates and can be exploited

same

* # ? Feb 16, 2015 23:56
  • Quote
ChickenOfTomorrow
Nov 11, 2012

god damn it, you've got to be kind

Bhodi posted:

That article is amazing. Some of that is scary CSI, next-level poo poo.

* A bootkit that injects code into the MBR and kernel at start
* Firmware flashing that works on all major brands of hard drives and creates a basically undetectable partition
* Sophisticated air gap spanning via thumbdrive with stored-commands and sniffer software
* An encrypted Virtual file system that lives solely in registry entries hidden away in bits of the registry
* Encapsulated modules, each with different encryption keys stored on the VFS

* BadBIOS

* # ? Feb 16, 2015 23:58
  • Quote
kitten emergency
Jan 13, 2008

get meow this wack-ass crystal prison
that's some :nsa: poo poo right there holy piss

* # ? Feb 16, 2015 23:58
  • Quote
spankmeister
Jun 15, 2008

ChickenOfTomorrow posted:

* BadBIOS

* BadUSB

* # ? Feb 16, 2015 23:59
  • Quote
Nintendo Kid
Aug 4, 2011

by Smythe
*BadPOST

* # ? Feb 17, 2015 00:00
  • Quote
spankmeister
Jun 15, 2008

Nintendo Kid posted:

*BadPOST

its u

* # ? Feb 17, 2015 00:01
  • Quote
Nintendo Kid
Aug 4, 2011

by Smythe

spankmeister posted:

its u

you've just been infected

* # ? Feb 17, 2015 00:02
  • Quote
Bhodi
Dec 9, 2007

Oh, it's just a cat.
Pillbug
* BadLightning

I want to see more of these hardware hacks.

* # ? Feb 17, 2015 00:02
  • Quote
spankmeister
Jun 15, 2008

Nintendo Kid posted:

you've just been infected

gives a whole new meaning to getting fishmeched

* # ? Feb 17, 2015 00:03
  • Quote
Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

Aleksei Vasiliev posted:

https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
Kaspersky report on the equation apt group which may be the nsa

welp *ahhh* I'm spent

fuckin amazing

* # ? Feb 17, 2015 00:06
  • Quote
Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

ChickenOfTomorrow posted:

* BadBIOS
* # ? Feb 17, 2015 00:16
  • Quote
vOv
Feb 8, 2014

EMILY BLUNTS posted:

i just assume if it's more complex than a rock it has a processor and firmware updates and can be exploited
* # ? Feb 17, 2015 00:37
  • Quote
EMILY BLUNTS
Jan 1, 2005

 I wonder if TAO gets bored of waiting for a shipment to intercept and just pretends to be a hardware manufacturer, sends them a really nice vdieo card

* # ? Feb 17, 2015 00:38
  • Quote
a cyberpunk goose
May 21, 2007

Volmarias posted:



BadPOST

* # ? Feb 17, 2015 00:39
  • Quote
Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano
everyone stop what youre doing

the virus is literally called Fanny

FANNY

* # ? Feb 17, 2015 01:02
  • Quote
Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe
:yosfanny:

* # ? Feb 17, 2015 01:04
  • Quote
Meat Beat Agent
Aug 5, 2007

felonious assault with a sproinging boner
https://www.youtube.com/watch?v=e3Ch3eXvJkw

* # ? Feb 17, 2015 01:17
  • Quote
Rooney McNibnug
Sep 2, 2008

"Life always hopes. When a definite object cannot be outlined, the indomitable spirit of hope still impels the living mass to move toward something--something that shall somehow be better."
a worm.
a FANNY worm.

* # ? Feb 17, 2015 02:02
  • Quote
Maximum Leader
Dec 5, 2014
 a fanny shortcut exploit

* # ? Feb 17, 2015 02:06
  • Quote
Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano

Wired posted:

The vast majority of Fanny infections detected so far are in Pakistan.

* # ? Feb 17, 2015 02:44
  • Quote
FCKGW
May 21, 2006

 i work for a hdd company i wonder if anything cool or new is going to come of this

* # ? Feb 17, 2015 04:40
  • Quote
FCKGW
May 21, 2006

 besides my job being gone in 3 years hahahahahaha

* # ? Feb 17, 2015 04:40
  • Quote
EMILY BLUNTS
Jan 1, 2005

FCKGW posted:

i work for a hdd company i wonder if anything cool or new is going to come of this

A physical write protect switch for the heads and firmware :v::v:

* # ? Feb 17, 2015 04:43
  • Quote
EMILY BLUNTS
Jan 1, 2005

 2006: nobody makes write protect switches on usb sticks anymore
2016: nobody makes hard drives without them

* # ? Feb 17, 2015 04:44
  • Quote
Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe
when's memristor tech coming

* # ? Feb 17, 2015 04:45
  • Quote
Wild EEPROM
Jul 29, 2011


oh, my, god. Becky, look at her bitrate.
 fany computer

* # ? Feb 17, 2015 04:45
  • Quote
EMILY BLUNTS
Jan 1, 2005

 there's really a couple situations where forcibly disabling write heads would be useful

* # ? Feb 17, 2015 04:47
  • Quote
vOv
Feb 8, 2014

EMILY BLUNTS posted:

there's really a couple situations where forcibly disabling write heads would be useful

forensics? but they already have write blockers for that

* # ? Feb 17, 2015 04:50
  • Quote
FCKGW
May 21, 2006

 i can't say much but one of our hard drives is showing some peculiar physical abnormalities to the heads over time. our firmware group is issuing a firmware update to correct this problem. i'll leave it up to you imagination as to how that works.

* # ? Feb 17, 2015 05:17
  • Quote
Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender

EMILY BLUNTS posted:

there's really a couple situations where forcibly disabling write heads would be useful

yeah. it's not like some people like myself don't use them for legal reasons

https://www.guidancesoftware.com/products/Pages/tableau/products/forensic-bridges/t35es-r2.aspx

i use these pretty frequently because of this problem

* # ? Feb 17, 2015 05:21
  • Quote
crazysim
May 23, 2004
I AM SOOOOO GAY

FCKGW posted:

i can't say much but one of our hard drives is showing some peculiar physical abnormalities to the heads over time. our firmware group is issuing a firmware update to correct this problem. i'll leave it up to you imagination as to how that works.

don't cpus have that whole microcode update thing provided by the OS? there's also evidence they are signed updates too.

i'm guessing that's really only rolled out on the factory line and to people having issues but really want to save a few bucks and keep the drive they're running.

i don't think hard drives have such a thing but i wouldn't be surprised if hard drive firmwares start becoming signed pieces of software as well with updates handled by the os vendor. that's the change i foresee. has apple ever rolled out a ssd firmware update or have they not reached that point?

* # ? Feb 17, 2015 07:59
  • Quote
vOv
Feb 8, 2014

FCKGW posted:

i can't say much but one of our hard drives is showing some peculiar physical abnormalities to the heads over time. our firmware group is issuing a firmware update to correct this problem. i'll leave it up to you imagination as to how that works.

i know you can't possibly confirm or deny this but i'm going to assume your firmware makes the head thrash around in a way that fixes the abnormality because that's the funniest scenario i can imagine

* # ? Feb 17, 2015 08:04
  • Quote
bicycle
Oct 23, 2013
 fanny means vag in the uk xD lol

* # ? Feb 17, 2015 08:12
  • Quote
bicycle
Oct 23, 2013
 mods change name to fanny.bmp

* # ? Feb 17, 2015 08:14
  • Quote
Jewel
May 2, 2009

 i mean ok get this, what if i send my private key (to someone to communicate with later) in 20 chunks of single characters via 20 different lovely disposable email services (alternatively for extra security using different computers at n different libraries or w/e)

is that security through obscurity

* # ? Feb 17, 2015 08:33
  • Quote
Adbot
ADBOT LOVES YOU

# ? Jun 7, 2024 04:41
  • Quote
Celexi
Nov 25, 2006

Slava Ukraini!

quote:

Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.
* # ? Feb 17, 2015 08:40
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v10.1 (Hackers can turn your gas station into a bomb)
«232 »