Jump to content
Science Forums

Recommended Posts

Posted

This topic was all over HOPE and Defcon this year, at HOPE a couple of seasoned hackers, such as Dragorn proposed the idea that next wave of volnurabilities will not be found in OSes, but rather wireless and other card and card bus firmware. An example is a Wireless card, well there is a microchip on the card, not one, but many, and there is a rom chip with quite a complex piece of software aka firmware that runs that chip. Basically what would happen if you found an exploit in the firmware for a popular chip? Well, then you have access to the pcmcia or pci or minipci bus. Forget OS volnurabilities, you have now the capability of scanning the memory right from underneeth the OS without your packets ever hitting the TCP stack. And how often do you update your firmware.... yeah that's my point too.

 

So how real is the threat? Well, at Defcon there was a group of guys, they took an apple latop for demo purposes and in a matter of a few packets to the wireless card got root on the box. They also said that the volnurabilities were found in some drivers on windows and some other firmware for some PC hardware (wireless and not NICs), but they were not releasing the exploits for the protection of Apple and such franchizes, but the threat is REAL...

Posted
  alexander said:
Well, at Defcon there was a group of guys, they took an apple latop for demo purposes and in a matter of a few packets to the wireless card got root on the box. They also said that the volnurabilities were found in some drivers on windows and some other firmware for some PC hardware
To me that indicates very flimsy design! Those guys also must have had a very good idea of the design principles, in order to find the exploits.
Posted

What I mean is that, for the data to allow one to take control of the executable when this isn't the purpose of it, is what I'd call flimsy design. What I mean is they must have designed the algorithms with some reasonable assumptions about the data, reasonable by the ordinary purpose, but without extra care to safeguard against those cases that aren't "reasonable".

 

In the stuff I'm doing, I can get away with it because there could hardly be a malicious intent on part of the user. Instead, I've needed to look at some functions of the Meschach lib that can hang in some sporadic cases. Indeed, I found a comment saying that the denominator "shouldn't" be zero (and hence no safeguard), probably true from an algebric standpoint but not fully certain when the number of positive and negative addends that you have may be large, with some of them being several orders of magnitude smaller than others. The type 'double' is double precision, but not :eek_big: unlimited precision.

 

In the case in question, well, it's a totally different matter. It's the house's front gate, you can't just assume that people won't be using a crowbar...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...