On 03/06/2015 05:05 AM, Werner Koch wrote: > On Fri, 6 Mar 2015 09:12, htd...@fritha.org said: > >> In case you're allowed to boot from an external medium, this still won't be >> secure. Because you have no control over the hardware built into the >> computer, > > Does not even need to be hardware: A (remotely) modified firmware might > first boot you into a virtual machine and only then boot the OS from > disk or USB. > > I built a virtual machine once.
I had a computer with no memory management hardware. And I had a FORTRAN compiler for it that worked pretty well, but if I wrote too many EQUIVALENCE statements, the computer crashed. A FORTRAN compiler is pretty big and inspecting all its code was out of the question. I wrote a program for a virtual machine that had all the same instructions as the real hardware did, so that was trivial: took less than a day to write it. But it had a little extra feature: memory management. The virtual machine ran as its input, the binary instructions of the programs that would normally run on the real machine. Like the OS, the compilers, etc. The easiest way to tell if the real machine was running or the virtual machine was that the virtual machine ran about 20x slower. I loaded the virtual machine and started it up. Then I invoked the FORTRAN compiler and presented it with a program with a lot of EQUIVALENCE statements, and saw that it was over-writing the interrupt vectors at the bottom of RAM, and further, what the offending instruction was. The original compiler had a bug were an index register needed to be specified, and it was omitted. Pretty simple. Now a black hat could easily put any old virtual machine on that machine, so doing nasty things would have been pretty easy. I suppose it is a little more difficult at a cyber cafe or public library. But not if I owned the cafe or worked in the library. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521. /( )\ Shrewsbury, New Jersey http://linuxcounter.net ^^-^^ 14:25:01 up 6 days, 22:33, 2 users, load average: 4.02, 4.07, 4.11 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
