[langsec-discuss] IPMI

dan at geer.org dan at geer.org
Tue Jan 29 02:45:52 UTC 2013


A friend just sent me this, which I am quoting verbatim:

> You may remember Dan Farmer, perhaps best known for the first
> program that used a Web browser as its UI: SATAN. Now Dan has
> something else in his sites: IPMI. Here's a quote from the
> summary:
> 
>    Imagine trying to secure a computer with a small but powerful parasitic
>    server on its motherboard; a bloodsucker that can't be turned off and
>    has no documentation; you can't login, patch, or fix problems on it;
>    server-based defensive, audit, or anti-malware software can't be
>    used. Its design is secret and implementation old. It's also the
>    perfect spy platform: nearly invisible to its host, it can fully
>    control the computer's hardware and software, and it was designed
>    for remote control and monitoring.
> 
>    And that's the good news. 
> 
> You can find the rest here:
> 
>    http://fish2.com/ipmi/


You may want to look.  This sentence is my reason for forwarding:

    "Support for popular scripting languages and web
     interfaces are de rigueur."
    
One pines for a metric that generates an ordinal scale for combinations
of powerful gizmos driven by insecurable interface languages.

--dan



More information about the langsec-discuss mailing list