Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] NYT report on Obama admin's wiretap plans

Jack Lloyd lloyd at randombit.net
Mon Sep 27 14:39:00 PDT 2010


On Mon, Sep 27, 2010 at 05:31:39PM -0400, Thomas Smyth wrote:

> Hmm, you mean the motherboards on client computers?  For example, person X
> has a motherboard with an exploitable on-board network card that lets an
> attacker, say, snoop packets before they're encrypted or something?

From Ben Laurie's blog (http://www.links.org/?p=330)

"""
1) there are remarkably naive "protection" methods to prevent
malicious users from overwriting NIC firmware with something of their
choice,

2) as an extension to 1) above it is amazing to discover how simply
firmware can be updated over the wire on specific NICs,

[...]
because of the nature of the PCI bus, you can use the same technique
on any machine with a vulnerable NIC to read all of RAM. You might
even be able to read disk, too, depending on the disk controller.
"""

Since I haven't heard anything at all about this at all since this
post (in 2008), it seems relatively likely that some/many/most NICs
are still vulnerable to this.

-Jack



More information about the liberationtech mailing list