will.sargent at gmail.com
Tue Jan 29 02:59:08 UTC 2013
Dr Jesus did a 5 minutes of fame presentation on this a while back: it's actually possible to hack the computer while the main server is physically turned off.
On Jan 28, 2013, at 6:45 PM, dan at geer.org wrote:
> A friend just sent me this, which I am quoting verbatim:
>> You may remember Dan Farmer, perhaps best known for the first
>> program that used a Web browser as its UI: SATAN. Now Dan has
>> something else in his sites: IPMI. Here's a quote from the
>> Imagine trying to secure a computer with a small but powerful parasitic
>> server on its motherboard; a bloodsucker that can't be turned off and
>> has no documentation; you can't login, patch, or fix problems on it;
>> server-based defensive, audit, or anti-malware software can't be
>> used. Its design is secret and implementation old. It's also the
>> perfect spy platform: nearly invisible to its host, it can fully
>> control the computer's hardware and software, and it was designed
>> for remote control and monitoring.
>> And that's the good news.
>> You can find the rest here:
> You may want to look. This sentence is my reason for forwarding:
> "Support for popular scripting languages and web
> interfaces are de rigueur."
> One pines for a metric that generates an ordinal scale for combinations
> of powerful gizmos driven by insecurable interface languages.
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
More information about the langsec-discuss