It is currently Thu Nov 21, 2019 8:49 pm

All times are UTC




Post new topic Reply to topic  [ 89 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6
Author Message
PostPosted: Sun May 18, 2014 4:07 pm 
Offline
Obduction Backer

Joined: Sun Aug 08, 2010 2:14 pm
Posts: 808
The point wasn't that it poses a security threat. And this isn't BadBIOS either - this is a seperate, proof-of-concept idea.

But offline computers can hold sensitive data in any case. Some users might keep sensitive information on an offline system (e.g. passwords, financial data, and so on).

_________________
Lyrositor


Top
 Profile  
Reply with quote  
PostPosted: Sun May 18, 2014 4:36 pm 
Offline

Joined: Tue Feb 05, 2008 6:11 pm
Posts: 1969
Location: Land of Confusion
OMG their spying on my Age Creation ActivityImage

I do have a scaled version of the Pentagon building I used for a dice age with 12 sided D'ni Dice that I never published. Its just the walls , but that's nothing more then the outline of two pentagrams where one is inverted on top of the other to achieve the outside walls and the common area. Its a mathematical equation even I can figure out

_________________
When You have eliminated all other possibilities What ever is left must be the solution

E=mc2
Energy = Milk x Coffee Squared


Top
 Profile  
Reply with quote  
PostPosted: Sun May 18, 2014 6:57 pm 
Offline
Former MystOnline Moderator

Joined: Fri Nov 10, 2006 3:05 pm
Posts: 4202
Location: 56°2'26", -3°20'28"
There was an article published not so long ago that showed how, without any malware in the loop, it was possible to use a microphone to pick up the high frequency noises generated by the internal voltage regulators used by the processor in a PC. As these vary depending on what the processor is doing they were able to characterise the sound pattern for each instruction op-code being executed and were ultimately able to identify when a login action took place and capture the user's credentials.

There was a lot of "it depends on how noisy the cooling fan is, where the vents are, where the microphone is" and the patterns needed to be characterised for every different breed of processor chip, so it wasn't something that could be done as an entirely casual attack.

The lab setup used a high-sensitivity microphone with parabolic reflector and a high quality audio amplifier before feeding the signal into the "attacker PC" but it worked over several metres distance to the target PC (I seem to remember it was maybe 10 metres). But they also got it working with the stock microphone in a smart phone, simply by placing the phone on the desk near to the target computer.

[Edit] I was wrong above - it was only 4 metres in the lab test. With the smart phone, it was positioned 30cm away. The original research paper is here: http://www.tau.ac.il/~tromer/papers/aco ... 131218.pdf

_________________
Image Mac - MOULagain KI#00004826 00004289
In the interests of the environment, this post has been constructed entirely from recycled electrons.


Last edited by Mac_Fife on Mon May 19, 2014 7:29 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Mon May 19, 2014 1:01 am 
Offline

Joined: Tue Feb 05, 2008 6:11 pm
Posts: 1969
Location: Land of Confusion
However its completely infective if the PC is off.

On to the next conspiracy :mrgreen:

_________________
When You have eliminated all other possibilities What ever is left must be the solution

E=mc2
Energy = Milk x Coffee Squared


Top
 Profile  
Reply with quote  
PostPosted: Tue May 20, 2014 11:36 pm 
Offline

Joined: Sun Apr 24, 2011 12:36 am
Posts: 317
Location: Outer Space
Mac_Fife wrote:
There was an article published not so long ago that showed how, without any malware in the loop, it was possible to use a microphone to pick up the high frequency noises generated by the internal voltage regulators used by the processor in a PC. As these vary depending on what the processor is doing they were able to characterise the sound pattern for each instruction op-code being executed and were ultimately able to identify when a login action took place and capture the user's credentials.

There was a lot of "it depends on how noisy the cooling fan is, where the vents are, where the microphone is" and the patterns needed to be characterised for every different breed of processor chip, so it wasn't something that could be done as an entirely casual attack.

The lab setup used a high-sensitivity microphone with parabolic reflector and a high quality audio amplifier before feeding the signal into the "attacker PC" but it worked over several metres distance to the target PC (I seem to remember it was maybe 10 metres). But they also got it working with the stock microphone in a smart phone, simply by placing the phone on the desk near to the target computer.

[Edit] I was wrong above - it was only 4 metres in the lab test. With the smart phone, it was positioned 30cm away. The original research paper is here: http://www.tau.ac.il/~tromer/papers/aco ... 131218.pdf

While all of the above is true, it's just an experiment in an enclosed laboratory. The needed equipment isn't that cheap and if you ask me, anyone keeping vital data on a computer with an outdated OS is just asking for trouble.

_________________
Equal amongst others in the Guild of Sleepers


Top
 Profile  
Reply with quote  
PostPosted: Sun May 25, 2014 5:16 pm 
Offline

Joined: Tue Feb 05, 2008 6:11 pm
Posts: 1969
Location: Land of Confusion
Would all the other sounds in a typical environment actually disrupt the process and rendering it useless.

Sound like its time to make my tin foil hat, shiny side out this time :shock:

_________________
When You have eliminated all other possibilities What ever is left must be the solution

E=mc2
Energy = Milk x Coffee Squared


Top
 Profile  
Reply with quote  
PostPosted: Sun May 25, 2014 8:56 pm 
Offline
Former MystOnline Moderator

Joined: Fri Nov 10, 2006 3:05 pm
Posts: 4202
Location: 56°2'26", -3°20'28"
Karkadann wrote:
Would all the other sounds in a typical environment actually disrupt the process and rendering it useless.

Yes, it would, and even a worn cooling fan bearing would probably mess it up. But that's with technology as it stands today - as with all these things if there's enough interest to explore the development of the technology then you can start running self-adaptive commutating filters to screen out cyclic noise, use a secondary microphone to sample and cancel out ambient noise, etc.

So sure, it's all a bit tenuous and dependent on lots of factors being just right at this stage. But in a couple of years it might be right to be paranoid about the guy that just put his phone down on the table next to you while you're using your tablet :?

_________________
Image Mac - MOULagain KI#00004826 00004289
In the interests of the environment, this post has been constructed entirely from recycled electrons.


Top
 Profile  
Reply with quote  
PostPosted: Mon May 26, 2014 3:35 am 
Offline

Joined: Tue Feb 05, 2008 6:11 pm
Posts: 1969
Location: Land of Confusion
Quote:
But in a couple of years

Still sounds like fear mongering to me
Although I would like to thank you.
You have opened my eyes to something I did not want to admit, even to my self.

_________________
When You have eliminated all other possibilities What ever is left must be the solution

E=mc2
Energy = Milk x Coffee Squared


Last edited by Karkadann on Thu Jul 17, 2014 2:08 pm, edited 3 times in total.

Top
 Profile  
Reply with quote  
PostPosted: Mon May 26, 2014 2:13 pm 
Offline

Joined: Tue Jan 11, 2011 9:26 pm
Posts: 2473
Location: Ontario, Canada
Mac_Fife wrote:
But in a couple of years

Well maybe but it might take a few more years before it becomes aviable at the consumer level. At some point security exprerts will see this as a thert and find some way to fight aganst it.( I don't know how, atm but it not my job to figure these things out.)

_________________
-------------------
-Jamie Marchant
If I don't respond it's because email notification is down again and
I forgot to return to the thread.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 17, 2014 2:10 pm 
Offline

Joined: Tue Feb 05, 2008 6:11 pm
Posts: 1969
Location: Land of Confusion
Yup,.......... fear mongering

And what was it you where wondering earlier? :shock:

_________________
When You have eliminated all other possibilities What ever is left must be the solution

E=mc2
Energy = Milk x Coffee Squared


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 20, 2014 8:20 am 
Offline
Obduction Backer

Joined: Mon Oct 22, 2012 6:07 pm
Posts: 1279
Location: Central Europe
While migrating to a newer OS is still the best option...

To make shards work with MacOS, the two Visual C++ DLLs have to be placed manually either in the system32 or the Uru Live folder. Perhaps this ‘trick’ works with an actual XP installation too?

_________________
KI #46116. Donate to help the Cavern stay open!
Want to know what’s going on in the Cavern? Visit the GoMe site.

MacOS wrappers, D’ni Lessons, DniTools, goodies.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jul 26, 2014 3:52 pm 
Offline
Obduction Backer

Joined: Tue Apr 16, 2013 10:29 pm
Posts: 297
Location: california
I ask this with some trepidation, not being sure what kind of answers I will get... but what exactly is the danger to the shards from someone accessing them with an XP computer?

_________________
I'll look that up BRB


Top
 Profile  
Reply with quote  
PostPosted: Sat Jul 26, 2014 4:06 pm 
Offline

Joined: Tue Jan 11, 2011 9:26 pm
Posts: 2473
Location: Ontario, Canada
As far as I know there is little danger to the shards if somoneo logs in running XP. The developers can use newer libaries that allow them to do more powerful things if they drop XP support.

_________________
-------------------
-Jamie Marchant
If I don't respond it's because email notification is down again and
I forgot to return to the thread.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jul 26, 2014 7:45 pm 
Offline
Former MystOnline Moderator

Joined: Fri Nov 10, 2006 3:05 pm
Posts: 4202
Location: 56°2'26", -3°20'28"
Essentially, there's no more risk to the shard than to a client running on any other operating system. Windows XP is now more vulnerable to newly discovered exploits since they won't be fixed in that OS, but the prospect of someone manipulating an unpatched exploit in XP in order to maliciously access a shard seems highly improbable - they're much more likely to be looking for your online banking login.

_________________
Image Mac - MOULagain KI#00004826 00004289
In the interests of the environment, this post has been constructed entirely from recycled electrons.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 89 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6

All times are UTC


Who is online

Users browsing this forum: MSN [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to: