/tech/ - Technology★

>by btarunr Monday, February 16th 2015 23:41

>current year

>still putting your boot partition on hard drives instead of a floppy

Does SATA even have DMA?

>>857449 (OP)

Modern drives all use DMA so that the CPU does not have to get interrupted constantly

Core(?)/Libreboot wouldn't be succeptible to this (if I'm interpreting the source text correctly), and so the problem is avoided entirely if FDE (full disk encryption) is also being used. Besides the point, it's not practical nor preferable for the NSA etc to backdoor every HDD at manufacture, because that adds a ton of unnecessary steps to avoiding detection/reverse engineering.

I suppose we could all boot our systems from SD cards, which also circumvents the problem. My home server does that.

>>857455

Of course.

>>857474

or a sata -> usb adapter? i don't really understand why sticking a usb cable between any component automatically makes it safe but apparently it does.

>>857475

The BIOS wouldn't load the HDD firmware into system memory at boot, I assume it would make the task of the malware harder than that of just jacking the boot process.

>>857474

> it's not practical nor preferable for the NSA etc to backdoor every HDD at manufacture

citation needed

>Core(?)/Libreboot wouldn't be succeptible to this

Hard drives use DMA it does not matter if you are using libreboot or anything else. The drive can fuck with your RAM and what not.

I assume USB drives are safe by virtue of not using DMA.

>>857475

Only USB2, 3 has DMA and needs a proprietary blob running outside the kernel.

>>857477

Why is the HDD firmware loaded into main memory?

Nice try goldberg

>not running your system off of a SCSI chain of 1tb worth of floppies

It's like you want the iljewminati to break into your house and kill your dog.

>tfw use hitachi

>tfw hitachi is superior in every way even before this

>loads on boot up

So, does this matter for external or secondary drives? Of course, if your boot drive is fucked, it can then access your other drives, but ignore that for now (I.e. would you just have to replace your boot drive?)

>>857514

Any SATA drive not done over USB2 can DMA any of your memory and fuck with it

>>857516

I believe that answers that, yes, if the boot drive is fucked, the rest is as well. However, if I replace just the boot drive, will the rest be fine? (is the malware executing dependent on it being on the boot drive?)

>>857482

>>citation needed

The NSA have two options:

>They have to sneak their backdoor into any given manufacturer's HDD firmware and avoid detection at every step of both the hack, deploy, and implementation (including firmware checksumming and device testing)

>They go through the bureaucracy and business of getting their backdoor placed into the official firmware, and increase the risk of the whistle being blown on the whole operation by any one of the many employees involved somewhere in the chain.

Neither is pragmatic nor preferable to targeted deployment.

>>857517

Any drive connected through the standard ways can DMA your memory

>>857485

I'm unaware of the reason behind it. I question if most BIOSes actually do load HDD fw into system memory or not, because it sounds execessive. It could be a UEFI thing but don't quote me on this, do your own research

>>857522

How much memory do you think these embedded firmwares have? The potential backdoors will be tiny holes, not whole rootkits.

>>857521

You make it sound like the NSA has not been caught over and over again doing things like this.

Its not like them getting caught putting backdoors in something would be a big deal. It would make the news for a day and then be forgotten.

They literally had a optical prisms inside major ISP locations, the companies just cooperate, not like this would be any different.

Real question, how do you have all this shit (backdoors in firmware, harddrives, etc.), but still have government leaks, CP, espionage, etc.?

Shit, the second something goes to court, why wouldn't they just grab your harddrive/flashdrive and just use their backdoors to find stuff? That is to say, I don't get why there are cases where people have to force a suspect to grant access to a device when everything is backdoored already.

tl;dr if the NSA has all this shit, how are there any crimes at all?

>>857525

Most drug dealers use text messages and facebook messenger. If there was a will for them to be captured they would. There is simply no will.

Only case where these things will be employed are against actors that are a threat to the state.

>>857524

This isn't the same as hijacking a connection. This is Equation Group code, STUXNET tier code, written by the best of the best. You don't just dump that into every fw accross the board.

>>857525

In my opinion, two reasons.

Firstly - the NSA doesn't know what to do with all this shit, most likely. What the fuck are you going to do with all this junk data clogging your systems and slowing your queries? I bet the NSA themselves wonder day-to-day why they store all the metadata for every call John T. Arminsen has made to Amazon customer support.

Secondly, they're not doing all this shit to the extremes the propaganda would have you believe. They're obviously not backdooring every CPU, or every HDD, or every x. That's insane, and it's likely really hard to actually achieve against a well prepared target. What they're doing is spreading FUD that juuuust fits in the realm of suspension of disbelief. They're downloading anything unencrypted through any server they can access, though. And they're storing encrypted data from targets of interest, too, for future reference.

>>857527

The experts at Kaspersky think otherwise

If this is true, how would the NSA go about exfiltrating the data, unless every step of the route is backdoored or comprimised in some way?

>>857539

Hard drives have DMA access to your RAM. If you can arbitrary edit a computers memory you can make it do whatever you want.

>>857541

a) No, that isn't true

b) How do they exfiltrate the data without being caught, dumbass. Also see:

>How much memory do you think these embedded firmwares have? The potential backdoors will be tiny holes, not whole rootkits.

>The NSA can read literally everything anyone has ever put on a hard drive

>they only look at them under microscopes and use other data retrieval techniques to try and hide this

>shut the fuck up take this black pill already, don't try to understand just execute orders

>>857543

They don't just randomlly exfiltrate all hard drive data all the time are you retarded?

You would not even notice if you were targeted and they started leaking the contents of your drive. Its not like you are inspecting wireshark for every little fucking thing your computer does.

As long as they dont target too many people no one will ever notice exfiltration.

And yes DMA access lets you make the computer execute arbitrary code.

>>857544

>they only look at them under microscopes and use other data retrieval techniques to try and hide this

Only while they are on and functional fucktard you still have to use data recovery tech when someone shreds their drive. Totally different while the drive is functional and connected to your machine.

>How much memory do you think these embedded firmwares have?

The assembly to make the kernel send data over the network is less than a kilobyte. Code to search for a key in memory would not take much space either.

I don't understand why HDD firmware has to be loaded onto the PC memory during boot.

>>857549

So you can read and write to the drive

>>857552

I don't understand why those kinds of instructions need to be updated for an HDD. Mechanically speaking, the HDD only works one way, it doesn't have many ways of doing what it does. Thus the instructions to I/O to the HDD ought to be hard coded into a hard circuit. Is the instructions for controlling the HDD so sophisticated that it is necessary to keep those instructions in flashable firmware?

So I'm golden if I've got a Toshiba?

>>857529

Do I listen to the NSA who puts backdoors in hard drive firmware or Kaspersky who puts backdoors in antivirus software?

>>857553

>not moving out to antartica and contracting a giant lead and aluminum dome to live in

I actually want to do this, but with an underground datacenter instead of a dome.

>>857482

>Hard drives use DMA it does not matter if you are using libreboot or anything else. The drive can fuck with your RAM and what not.

>I assume USB drives are safe by virtue of not using DMA.

so how about have your hdd only store OS/boot info?

and most of data on external usb drive?

or how about using only external usb drive and booting from it? is this the solution? won't performance be bad (access time) because of USB2.0?

>>857525

>Real question, how do you have all this shit (backdoors in firmware, harddrives, etc.), but still have government leaks, CP, espionage, etc.?

>Shit, the second something goes to court, why wouldn't they just grab your harddrive/flashdrive and just use their backdoors to find stuff? That is to say, I don't get why there are cases where people have to force a suspect to grant access to a device when everything is backdoored already.

>tl;dr if the NSA has all this shit, how are there any crimes at all?

the same reason why police won't use GSM triangulation to find a robber who stole your umbrella or bicycle - if they used that against everyone, people and criminals would now about it, and if they knew about it, they would protect against it (like not having cellphone with them when doing crimes)

so the NSA keeps the strongest backdoors (like hdd firmware backdoor) only for strong targets, and not against drug dealers, CP watchers etc, otherwise everyone would know about this backdoor and never store dangerous files on PC connected to the internet or other PC.

also second reason is, NSA have limited budget and people, so they use automatic software to find people that access specific things, store specific files, like bomb/terror related etc, and when software detects that then some NSA agent does manual check on that person. Because of that, some people can pass through the software that detects dangerous people, as it's not perfect because it's keyword and hash based.

>>857553

<not just using public library computers with no webcam to access websites you like while remaining anonymous

>he doesn't know they ask for your name and/or ID in public libraries

>>857724

>so how about have your hdd only store OS/boot info?

>and most of data on external usb drive?

>or how about using only external usb drive and booting from it? is this the solution? won't performance be bad (access time) because of USB2.0?

or just use usb->sata adapter with standard hdd

>>857724

>so how about have your hdd only store OS/boot info?

Why exactly do you think that would help

>>857449 (OP)

poor consumer dont even know that they have zero privacy

>>857727

it's ok they would not care anyway

>>857726

so it's possible to have PC without any SATA hdd and just have USB hdd and boot from it?

Is it the solution for backdoors and DMA?

Can SATA hdd with sata->usb adapter be used?

>>857821

>so it's possible to have PC without any SATA hdd and just have USB hdd and boot from it?

yes

>Is it the solution for backdoors and DMA?

no

>Can SATA hdd with sata->usb adapter be used?

yes

also >>857485

but will hibernation work when using USB drive as main drive?

>>857835

>Is it the solution for backdoors and DMA?

>no

why not? USB2 doesn't allow DMA, right?

hey, but, what if backdoored firmware, instead of sending your boot partition/data, will first send it's malware/keylogger and then the true boot data?

>>857838

>but will hibernation work when using USB drive as main drive?

Hibernation is shit, especially on not-windows. But you can try it?

>>Is it the solution for backdoors and DMA?

>>no

>why not? USB2 doesn't allow DMA, right?

No, but you have many other devices with DMA, like your wlan chip that probably needs proprietary firmware.

>inb4 run everything on usb2

What we need is libre hardware with a libre IOMMU that contains the cancer.

>hey, but, what if backdoored firmware, instead of sending your boot partition/data, will first send it's malware/keylogger and then the true boot data?

This is just one possible attack, a built-in evil maid.

>>857449 (OP)

Old news.

>>857555

>Is the instructions for controlling the HDD so sophisticated that it is necessary to keep those instructions in flashable firmware?

Yes.

Ok, anyone have a solution? A not backdoored OS, a not backdoored HDD, and a not backdoored motherboard/CPU. This is probably a QTDDTOT, but still. Oh, and I guess a not backdoored monitor/keyboard, cause I guess those pieces of shit at least have the capacity to log your screen/keystrokes. Is it that plan 9 thing?

>they already botnetted any Intel PC with the ME which has undetectable access to the whole system

>they still need backdoors in disk firmware

>>857840

>Hibernation is shit, especially on not-windows.

Hibernation is shit on linux, because linux is shit. I use hibernation on Windows and it's perfect, (almost) everything works and my current session is few months old. I never shutdown Windows, it gets clean boot only if I get electricity loss at home or if I want to change hardware inside.

>But you can try it?

I cannot try because I don't have usb external drive or sata->usb adapter

>No, but you have many other devices with DMA, like your wlan chip that probably needs proprietary firmware.

Even if, it's still good to have less devices with DMA than more. How about USB wlan sticks? But they need some drivers installed and drivers have DMA...

>inb4 run everything on usb2

why not?

>What we need is libre hardware with a libre IOMMU that contains the cancer.

yes but it won't happen. I need some solution right now

>>857886

yeah but not everyone uses Intel ME-enabled cpu. For them, the more backdoors the better.

>>858289

Hibernation was fucked up in Vista and up for some weird reason - if the partition where bootmgr sits isn't active, it won't hibernate. All the while any NT5 OS happily hibernates and resumes regardless of what partition is active.

>>858289

>I never shutdown Windows, it gets clean boot only if I get electricity loss at home or if I want to change hardware inside.

So you never update your Windows, nor do any system config changes which require a reboot (it surely isn't fucking Windows 9x which required a reboot for every other little changed setting, but still)?

>>858289

>worried about firmware backdoors

>uses windows 10

KYS LARPer

But what if I use free/open source firmware? I'm not forced to use their pozzed formware now am I? Help a brainlet out

>>858309

>But what if I use free/open source firmware?

no

I'm not forced to use their pozzed formware now am I?

yes

>>858309

Open source is a double-edged sword. Firstly, it's much easier for one person to hide a needle in a publicly accessible haystack than for a thousand people to find it. Secondly, everyone can look through open source code to find exploitable flaws, not necessarily with the intent to publish their findings and/or patching any problems found.

>>858300

>So you never update your Windows

yes, updates and entire update system is a backdoor. they can inject and change any code of your operating system, implement new backdoors etc

>nor do any system config changes which require a reboot (it surely isn't fucking Windows 9x which required a reboot for every other little changed setting, but still)?

and that is? I never need to reboot when changing system configuration

>>858307

It says "Windows" and not "Windows 10", dumbass

>>858309

>But what if I use free/open source firmware? I'm not forced to use their pozzed formware now am I? Help a brainlet out

Then show me open source modern HDD and CPU firmware

>>858326

this. open source is fundamentally flawed and insecure, it's NSA dream. alphabet agencies love open source

the real problems for agencies were proprietary software like TrueCrypt, as they couldn't put their backdoors there

and SystemD was designed and created by the CIA

>>858466

Any Windows is pozzed, even Windows 98 was pozzed.

If you run Windows you're a cuck, full stop.

>>858482

any GNU/SystemD is 10 times more pozzed than old Windows

OLD NEWS

I can't believe phone posters are getting this lazy. and at the same time worked up to shit up this dead board.

Geez

>>859004

All Windows is 1000 times more pozzed than Systemd.

>>859004

Systemd is open sores

Redhat monopolizing the linux desktop is concerning but everything they release is publicly audited on a large scale

>>859213

Auditing isn't a panacea, as demonstrated by the OpenSSL heartbleed bug that left most servers vulnerable for several years before someone caught on. And even then, LibreSSL became necessary because the OpenSSL committee refused to admit to and fix their problems.

>>859383

>LibreSSL became necessary

Necessary, perhaps. Sufficient? The OpenBSD devs can't even fix all of the bugs in their own kernel.

See the 34c3 talk "Are all BSDs created equally?"

>>859383

Auditing doesn't imply perfection.If you want perfection, you're only going to get that with formally verified algorithms and implementation. What public auditing does is that everybody is allowed to see all the warts - both the good guys and the bad guys alike. This is a good thing as it becomes more likely for the good guy to to spot the bugs leading to the eventual improvement of the bug.

Auditing systemd is not good enough. OpenBSD did it right by ripping all dubious and outdated stuff, so the code then becomes clearer. Redhat does the opposite: make systemd bigger, more things become dependent on it, make it so nobody has a chance to understand all of its implications. You don't have to be Terry Davis to understand this, but anyone who likes systemd is trully a fool.

>>859481

Do people who rip on systemd not understand that there are already other units that can be used instead?

Look at runit, upstart, openrc, or Shepherd

I wonder if CD, DVD, or more concerning, Bluray drives and backup disks have malicious proprietary firmware? Most are just USB 2.0 still

>>857449 (OP)

https://hooktube.com/watch?v=I27NX8uTJNY

Hard drive controllers are probably the biggest potential firmware attack vector after ME. One possible solution I've considered is the OpenSSD project: http://www.openssd.io

Their development board is expensive and unwieldy, but it uses a common controller chip, so it may be possible to find an off-the-shelf SSD with the same chip and install their open-source firmware. I guess you'd have to make sure that the NAND chips are compatible too, and program the SPI flash directly using a test clip and programmer (Raspberry Pi does the trick). Would probably have to be brand new, as you'd lose wear levelling info.

>>858326

>it's much easier for one person to hide a needle in a publicly accessible haystack than for a thousand people to find it.

And that realization alone is just the tip of the iceberg, without even getting into things like obfuscated or underhanded code etc. Saying that open source is inherently secure is like saying that nobody can hide in a publicly accessible but huge forest. If you deploy an army to go out and scrutinize all of the forest, then sure, they'll find him eventually. But there isn't an army constantly scrutinizing each and every nook and cranny of open source.

>>857525

contractors

Alright so I finally read most of the thread. This is only a spare entry when NSA has the whole drive, but by that time, it doesn't matter that much. Use Qubes if you're worried, but honestly, as long as you aren't running AMT on Windows you should be fine from this specific flaw.

>>859485

Optical drives mark every disk they burn with their unique serial number so the copies can be tracked back. I'm not sure whether this parameter can be altered in a firmware, but it's a pretty damn old thing.

>>859791

Dude, that's nothing. I don't want to distribute any of my CDs anyway, they're for me, just like my computer. I just don't want botnet cianigger shit fucking up my computer. It's my fucking computer, nobody else should have access.

>>859791

Didn't know that. Sounds about as bad as those printer tracking dots.

>>859791

How can you access that hidden data? If you make an ISO image, only the user data + filesystem metadata will be contained in it. How do you make a "raw" image which includes literally all of the bits which are stored on the physical medium?

>>857525

A better question is why is this legal. And are there any alternatives. I know Samsung's SSDs also have backdoors of some sort.

>>859667

this has potential for future but I need solution right now

also I don't need stupid SSD, because SSD are useless shit

I need solution for HDD. right now.

will connecting HDD through USB2.0 instead of SATA solve the problem?

>>859791

This is the RID (recorder ID) and it's "implementation specific," there is little actual information available about it. It seems that while proprietary burning programs might include this info, and perhaps some burners might include it, there is no real consensus about how it works or even if it does.

The SID (source ID) is imprinted on each blank at the factory and is on every disc, but if you're worried about this being tracked to you then just go to a Wal-Mart two towns over and buy your CDs with cash.

>>857526

Of course, why would the Cathedral Synagogue want to nap their own businesspeople?

>>859975

>samsung SSD backdoors

Hadn't heard that one. Where did you?

>>857724

>>he doesn't know they ask for your name and/or ID in public libraries

not at mine tho

>>857449 (OP)

And everyone just ignores it and pretends all is well.

I hate fucking normalfags and their apathy.

how about system+programs drive as internal sata

and then DATA on external usb2.0 drive?

how about non-american HDDs, Toshiba?

>>857449 (OP)

I surrender.

It's not worth it anymore.

NSA wins

>>857886

Hard disks are also used on other platforms, so that's why they want to target the disks.

But you can still use USB instead. In fact, some ARM SBCs don't even have a SATA port.

>>862982

Real security is at the social level.

Real security is just about making it harder for them than it's worth.

>>860339

Heard about it last year. Can't find the source anymore but their HDD business has been fucked for a long time now:

>In December 2011, Seagate acquired Samsung's HDD business.

>Seagate is backdoored by NSA

>hence Samsung is backdoored by NSA

>>862972

>how about non-american HDDs, Toshiba?

Toshiba should be fine. As for SSDs: https://en.wikipedia.org/wiki/List_of_solid-state_drive_manufacturers

Anything that isn't made in US, China, Korea or Taiwan should work. Specifically, Toshiba and the few European companies listed. I'd say vote with your wallet now and start buying Toshiba exclusively.

As for your first question, I'm not sure what you mean. According to Kaspersky it doesn't matter if you store your system or boot loader on a USB, or do whatever, as long as you have a Seagate/WD SATA device connected the device WILL load the back door. So the only option would be boot from a USB and never use hard drives. Unless you can connect them to a USB 2 port. I'm pretty sure DMA is used even if you'd connect the HDD after booting from USB.

1995 called, they want their news back

>>865343

> I'm pretty sure DMA is used even if you'd connect the HDD after booting from USB.

If he connects the HDD to USB 2 port, everything has to go through the CPU and OS. It'll be slow, but no DMA.

One interesting thing is some ARM SBCs don't have real SATA and instead just have a built-in SATA<->USB adapter (so you can connect SATA disk, but it goes through USB), for example: http://www.banana-pi.org/m3.html

But Ethernet is another problem area WRT potentially nasty firmware, so you would need to also use USB version of that. Ethernet that's integrated into mobos is PCI, and that of course can use DMA.

>>863434

A seemingly profound but retarded statement

>>863445

Except that there are are plenty of things that no matter how much they work they will never get in

>>876602

Just because almost all CPUs have been Spectre-prone since 1995 doesn't mean that literally everything has been botnet since 1995.

>>862982

Is resigning oneself to defeatism the reasonable course of action though?