[langsec-discuss] IPMI

William Sargent will.sargent at gmail.com
Tue Jan 29 02:59:08 UTC 2013


Dr Jesus did a 5 minutes of fame presentation on this a while back: it's actually possible to hack the computer while the main server is physically turned off.

http://it.slashdot.org/story/12/06/09/055203/ipmi-hack-a-server-that-is-turned-off

Will.

On Jan 28, 2013, at 6:45 PM, dan at geer.org wrote:

> 
> A friend just sent me this, which I am quoting verbatim:
> 
>> You may remember Dan Farmer, perhaps best known for the first
>> program that used a Web browser as its UI: SATAN. Now Dan has
>> something else in his sites: IPMI. Here's a quote from the
>> summary:
>> 
>>   Imagine trying to secure a computer with a small but powerful parasitic
>>   server on its motherboard; a bloodsucker that can't be turned off and
>>   has no documentation; you can't login, patch, or fix problems on it;
>>   server-based defensive, audit, or anti-malware software can't be
>>   used. Its design is secret and implementation old. It's also the
>>   perfect spy platform: nearly invisible to its host, it can fully
>>   control the computer's hardware and software, and it was designed
>>   for remote control and monitoring.
>> 
>>   And that's the good news. 
>> 
>> You can find the rest here:
>> 
>>   http://fish2.com/ipmi/
> 
> 
> You may want to look.  This sentence is my reason for forwarding:
> 
>    "Support for popular scripting languages and web
>     interfaces are de rigueur."
> 
> One pines for a metric that generates an ordinal scale for combinations
> of powerful gizmos driven by insecurable interface languages.
> 
> --dan
> 
> _______________________________________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss



More information about the langsec-discuss mailing list