alexander Posted September 8, 2006 Report Posted September 8, 2006 This topic was all over HOPE and Defcon this year, at HOPE a couple of seasoned hackers, such as Dragorn proposed the idea that next wave of volnurabilities will not be found in OSes, but rather wireless and other card and card bus firmware. An example is a Wireless card, well there is a microchip on the card, not one, but many, and there is a rom chip with quite a complex piece of software aka firmware that runs that chip. Basically what would happen if you found an exploit in the firmware for a popular chip? Well, then you have access to the pcmcia or pci or minipci bus. Forget OS volnurabilities, you have now the capability of scanning the memory right from underneeth the OS without your packets ever hitting the TCP stack. And how often do you update your firmware.... yeah that's my point too. So how real is the threat? Well, at Defcon there was a group of guys, they took an apple latop for demo purposes and in a matter of a few packets to the wireless card got root on the box. They also said that the volnurabilities were found in some drivers on windows and some other firmware for some PC hardware (wireless and not NICs), but they were not releasing the exploits for the protection of Apple and such franchizes, but the threat is REAL... Quote
Qfwfq Posted September 8, 2006 Report Posted September 8, 2006 alexander said: Well, at Defcon there was a group of guys, they took an apple latop for demo purposes and in a matter of a few packets to the wireless card got root on the box. They also said that the volnurabilities were found in some drivers on windows and some other firmware for some PC hardwareTo me that indicates very flimsy design! Those guys also must have had a very good idea of the design principles, in order to find the exploits. Quote
alexander Posted September 8, 2006 Author Report Posted September 8, 2006 flimsy design, hardly so, just that firmware is a large piece of software, and the larger the piece, the more likely there will be volnurabilities within the code... Quote
Qfwfq Posted September 9, 2006 Report Posted September 9, 2006 What I mean is that, for the data to allow one to take control of the executable when this isn't the purpose of it, is what I'd call flimsy design. What I mean is they must have designed the algorithms with some reasonable assumptions about the data, reasonable by the ordinary purpose, but without extra care to safeguard against those cases that aren't "reasonable". In the stuff I'm doing, I can get away with it because there could hardly be a malicious intent on part of the user. Instead, I've needed to look at some functions of the Meschach lib that can hang in some sporadic cases. Indeed, I found a comment saying that the denominator "shouldn't" be zero (and hence no safeguard), probably true from an algebric standpoint but not fully certain when the number of positive and negative addends that you have may be large, with some of them being several orders of magnitude smaller than others. The type 'double' is double precision, but not :eek_big: unlimited precision. In the case in question, well, it's a totally different matter. It's the house's front gate, you can't just assume that people won't be using a crowbar... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.