"Mark McIntyre" <markmcintyre> wrote in message
news:7934
> Kerry Brown wrote:
>
> Mind you, they said that about DES, once upon a time. And more recently,
> about SSL. And all this assumes good quality passphrases and good
> implementations of the enc algo.
>
> a.i.w snipped from the newsgroups as its not relevant there.
>


Why is everyone just ignoring the obvious that since most computers and
boards are MADE in China, they may already be infected before you buy them.
;)

Mark McIntyre <markmcintyre> wrote in
news:aXqOk.72593$yq3.34533:

> Juan I. Cahis wrote:
>> Mark McIntyre <markmcintyre> wrote:
> >
>>> If the hacker has physical access to the computer, all bets are off.
>>> He can boot from a CD or pendrive and install whatever the heck he
>>> likes on the laptop.
>>
>> Unless you have set the BIOS password, which any respectable SysAdmin
>> of any respectable business corporation doing international business
>> should always have set.
>
> Like I said, physical access trumps all. How long do you think it
> would take to zap the cmos battery or remove the HDD, boot it in a
> spare laptop and then replace the (now infected) HDD?

heh, physical access doesn't trump encryption.

In article <09jOk.252876$5p1.56150>, Mark McIntyre <markmcintyre> wrote:
>Juan I. Cahis wrote:
>>
>> To be able to install a keylogger, the user should be logged in with
>> Administrator features, and I supposed that the user didn't leave the
>> computer unattended *and* powered on *and* logged in, did you?
>
>If the hacker has physical access to the computer, all bets are off. He
>can boot from a CD or pendrive and install whatever the heck he likes on
>the laptop.

Pop the hard drive out, lock it up, hide it, take it with you. It's very
simple.

Dennis
=================

Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
http://www.usenet.com

Dustin Cook wrote:

> heh, physical access doesn't trump encryption.
>>
>
http://citp.princeton.edu/memory/

<http://www.channelregister.co.uk/2008/02/27/bitlocker_hack_prevention/>
"Question is, will anyone use them?"

Dustin Cook wrote:
> Mark McIntyre <markmcintyre> wrote in
> news:aXqOk.72593$yq3.34533:
>> heh, physical access doesn't trump encryption.

Course it does. You can image the HDD, you can install hardware that
intercepts the decrypted stream en route between disk and memory, you
can put in a modded CMOS or BIOS that includes a builtin keylogger or
data logger thats part of the firmware etc etc etc.

If you have access to the box for long enough, its yours.

From: "Mark McIntyre" <markmcintyre>


| Course it does. You can image the HDD, you can install hardware that
| intercepts the decrypted stream en route between disk and memory, you
| can put in a modded CMOS or BIOS that includes a builtin keylogger or
| data logger thats part of the firmware etc etc etc.

| If you have access to the box for long enough, its yours.

Now your making things up...
"put in a modded CMOS or BIOS that includes a builtin keylogger "

"Mark McIntyre" <markmcintyre> wrote in message
news:8821
> Dustin Cook wrote:
>
> Course it does. You can image the HDD, you can install hardware that
> intercepts the decrypted stream en route between disk and memory, you can
> put in a modded CMOS or BIOS that includes a builtin keylogger or data
> logger thats part of the firmware etc etc etc.
>
> If you have access to the box for long enough, its yours.

Replies in this thread seem to back and forth between two of the hackers'
motivations. One where he is after the data at rest, and one where he goes
after subverting the system (and maybe gets the data after decryption). The
subject line asks about a keylogger that may have been added during the
time the laptop was left unattended in a hotel room - and how to detect it.

I assume of course a so-called "rootkit" was involved. Any hacker worthy
of the title would want to use stealthing techniques. So the question
becomes
how can I tell if my computer has been rootkitted?

What is interesting is the shift from outright theft of a laptop to the
perhaps
more lucrative compromise of the laptop. Steal someone's personal data
and open a credit card account - then buy a truckload of laptops. Modern
banking makes it all possible - and they charge you for "protection" against
such happenings.

....what a racket!

On Sat, 1 Nov 2008 19:24:04 -0400, "FromTheRafters"
<erratic> wrote:

>I assume of course a so-called "rootkit" was involved. Any hacker worthy
>of the title would want to use stealthing techniques. So the question
>becomes
>how can I tell if my computer has been rootkitted?

Windoze:
RootkitRevealer v1.71
<http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx>

Linux:
ChkRootKit
<http://www.chkrootkit.org>

It's amazing what you can find with Google.

From: "Jeff Liebermann" <jeffl>

| On Sat, 1 Nov 2008 19:24:04 -0400, "FromTheRafters"
| <erratic> wrote:

>>I assume of course a so-called "rootkit" was involved. Any hacker worthy
>>of the title would want to use stealthing techniques. So the question
>>becomes
>>how can I tell if my computer has been rootkitted?

| Windoze:
| RootkitRevealer v1.71
| <http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx>

Fpr Windows Gmer is *better* !

From: "FromTheRafters" <erratic>


| Replies in this thread seem to back and forth between two of the hackers'
| motivations. One where he is after the data at rest, and one where he goes
| after subverting the system (and maybe gets the data after decryption). The
| subject line asks about a keylogger that may have been added during the
| time the laptop was left unattended in a hotel room - and how to detect it.

| I assume of course a so-called "rootkit" was involved. Any hacker worthy
| of the title would want to use stealthing techniques. So the question
| becomes
| how can I tell if my computer has been rootkitted?

| What is interesting is the shift from outright theft of a laptop to the
| perhaps
| more lucrative compromise of the laptop. Steal someone's personal data
| and open a credit card account - then buy a truckload of laptops. Modern
| banking makes it all possible - and they charge you for "protection" against
| such happenings.

| ...what a racket!

Since we are talking about China, we would be dealing with the PLA. The Chinese
government has a "relationship" with the Chinese hacher community. The purpose of which
woul be espiniage. Either industrial or military. They would NOT steal the notebook.
There intent woul be a stealthy install of malware.

David H. Lipman wrote:
> From: "Mark McIntyre" <markmcintyre>
>> | Course it does. You can image the HDD, you can install hardware that
> | intercepts the decrypted stream en route between disk and memory, you
> | can put in a modded CMOS or BIOS that includes a builtin keylogger or
> | data logger thats part of the firmware etc etc etc.
>
> | If you have access to the box for long enough, its yours.
>
> Now your making things up...

Ya reckon?

> "put in a modded CMOS or BIOS that includes a builtin keylogger "

PC BIOSes are on EEPROMS. Booting the pc from a CD and running a custom
BIOS upgrade is far from beyond the bounds of possibility.

People hack the BIOS for CD and DVD drives all the time to add features
and remove region settings. A quick google search shows that numerous
people have hacked their PC bios to enable features that the mobo
provider decided weren't for use.

"David H. Lipman" <DLipman~nospam~> wrote in message
news:nz2d
[..]
>
> | ...what a racket!
>
> Since we are talking about China, we would be dealing with the PLA. The
> Chinese
> government has a "relationship" with the Chinese hacher community. The
> purpose of which
> woul be espiniage. Either industrial or military. They would NOT steal
> the notebook.
> There intent woul be a stealthy install of malware.

Yes, it would be naive to think such things don't happen.

It's funny how "paranoid" one seems once he knows such things do happen.

I could tell you stories ... but I value my freedom. :o)

"Mark McIntyre" <markmcintyre> wrote in message
news:8368
> David H. Lipman wrote:
>
> Ya reckon?
>> PC BIOSes are on EEPROMS. Booting the pc from a CD and running a custom
> BIOS upgrade is far from beyond the bounds of possibility.
>
> People hack the BIOS for CD and DVD drives all the time to add features
> and remove region settings. A quick google search shows that numerous
> people have hacked their PC bios to enable features that the mobo provider
> decided weren't for use.

BIOS might not be the right term - but what used to be called "option ROM"
and now referred to as "expansion ROM" can be used nefariously by malware
program fragments. I don't think an entire keylogger would work, but I could
be wrong. Most people don't realize just how much code lives outside the HD
or on the harddrive outside the filesystem's files.

From: "Mark McIntyre" <markmcintyre>

| David H. Lipman wrote:
>> From: "Mark McIntyre" <markmcintyre>


>> | Course it does. You can image the HDD, you can install hardware that
>> | intercepts the decrypted stream en route between disk and memory, you
>> | can put in a modded CMOS or BIOS that includes a builtin keylogger or
>> | data logger thats part of the firmware etc etc etc.

>> | If you have access to the box for long enough, its yours.

>> Now your making things up...

| Ya reckon?

>> "put in a modded CMOS or BIOS that includes a builtin keylogger "

| PC BIOSes are on EEPROMS. Booting the pc from a CD and running a custom
| BIOS upgrade is far from beyond the bounds of possibility.

| People hack the BIOS for CD and DVD drives all the time to add features
| and remove region settings. A quick google search shows that numerous
| people have hacked their PC bios to enable features that the mobo
| provider decided weren't for use.

I won't change my statement. The BIOS is very low level. Keyloggers and password stealers
are very high level. Compare to the OSI model.
Whose motherboard ?
What BIOS ?
What chip-set ?
What EPROM chip ?

This is all very Tom Clancy but not real world.

From: "FromTheRafters" <erratic>

| Yes, it would be naive to think such things don't happen.

| It's funny how "paranoid" one seems once he knows such things do happen.

| I could tell you stories ... but I value my freedom. :o)

*Its happening !*

You said... "I could tell you stories".

I am BARRED from saying what I know.

Since this is pulic knowledge...
http://emielfisher.wordpress.com/200...ts-blackberry/