I've heard that this may not only be infected firmware, but disk manufacturers may also be shipping drives with spyware hidden in the firmware. I'm guessing the malware is coded for x86 processors, and not a threat to OS4 unless specifically coded for it?
Dale Chitwood ... someone will solve it and figure out how to recover. But if they don't I will just browse with my Commodore Amiga 4000 and have no worries.
I'm guessing the malware is coded for x86 processors, and not a threat to OS4 unless specifically coded for it?
Not necessarily. With the proliferation of powerful scripting languages, it's possible to infect almost any operating system regardless of CPU used. For example, suppose the malware in the hard-disk scans the disk for a Python installation and inserts Python malware that would be executed any time a Python script is executed by the OS or user. I don't think an Amiga would be immune to that.
Also, consider the fact that most chips and Internet devices are manufactured in other countries like China, Korea or Taiwan. How do you know what your network interface chips, router, or modem are sending out over the Internet? It could be sending your GPS location, IP address or other information about your system without your knowledge. Unless all your computer equipment (including the chips) is being manufactured in your country under strict regulation, inspection and testing, you are vulnerable.
Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450
Not necessarily. With the proliferation of powerful scripting languages, it's possible to infect almost any operating system regardless of CPU used. For example, suppose the malware in the hard-disk scans the disk for a Python installation and inserts Python malware that would be executed any time a Python script is executed by the OS or user. I don't think an Amiga would be immune to that.
So this firmware virus comes with FFS SFS SFS2 filesystem builtin? Once it has that it can then hack into a random python distro laid out in an unexpected pattern and insert secret code into that?
I seriously doubt it! Unless one of our number really is a terrorist and the CIA are actively persusing them, and have CIA spy also amongst our midts to suss out the subversive OS we are running.
Quote:
Also, consider the fact that most chips and Internet devices are manufactured in other countries like China, Korea or Taiwan. How do you know what your network interface chips, router, or modem are sending out over the Internet? It could be sending your GPS location, IP address or other information about your system without your knowledge. Unless all your computer equipment (including the chips) is being manufactured in your country under strict regulation, inspection and testing, you are vulnerable.
There are whole communities of security experts out there that would spot that kind of ting within a very short time of it being on the market.
So this firmware virus comes with FFS SFS SFS2 filesystem builtin? Once it has that it can then hack into a random python distro laid out in an unexpected pattern and insert secret code into that?
Why would it need to know the filesystem? Copy the Python/lib/distutils directory to a diskimage_device IDF0: and read the adf file in a hex reader like the one in Dopus4. Better yet use AmiDVD to create an iso image of the entire Python directory and load it into a hex reader. The text is all human readable but split into parts. I don't know what parts of a Python installation might be the same for all operating systems but I'm betting a smart program in the hard-disk CPU could find the parts it wants to alter with simple text analysis and alter parts of the Python code without knowing anything about the filesystem.
Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450
There are whole communities of security experts out there that would spot that kind of ting within a very short time of it being on the market.
I'm sure all the companies making billions of dollars (or whatever currency) from the Internet would like us to believe that. Why are hackers so successful and the so-called security experts only finding viruses etc. after millions of computers are infected? Internet security is an illusion perpetrated by companies who have a big financial stake in everyone trusting the Internet.
Do you think security experts can xray a tiny chip and determine if any commands are hard-wired into those chips? I have my doubts. Do you think the same experts are testing every network related product for thousands of hours to see if any minute amount of unexplained data is contained in network packets? I have my doubts. Call me paranoid but I think everyone will be surprised by what kinds of security holes are discovered in the future.
Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450
How else would it be able to read the contents of the filesystem?
This thing is suppose to be a virus on hardisk.
Quote:
Copy the Python/lib/distutils directory to a diskimage_device IDF0: and read the adf file in a hex reader like the one in Dopus4. Better yet use AmiDVD to create an iso image of the entire Python directory and load it into a hex reader. The text is all human readable but split into parts. I don't know what parts of a Python installation might be the same for all operating systems but I'm betting a smart program in the hard-disk CPU could find the parts it wants to alter with simple text analysis and alter parts of the Python code without knowing anything about the filesystem.
How is a virus going to read something in a hex editor? Your discribing the actions of a hacker phyically present or at best attached via VNC to an already compromised system with amigaos knowledge, in fact that CIA agent I described earlier....
Why would it need to know the filesystem? Copy the Python/lib/distutils directory to a diskimage_device IDF0: and read the adf file in a hex reader like the one in Dopus4. Better yet use AmiDVD to create an iso image of the entire Python directory and load it into a hex reader. The text is all human readable but split into parts. I don't know what parts of a Python installation might be the same for all operating systems but I'm betting a smart program in the hard-disk CPU could find the parts it wants to alter with simple text analysis and alter parts of the Python code without knowing anything about the filesystem.
Without knowing the filesystem, which no harddrive knows anything about, all it can do it scan through binary data looking for matches. The harddrive doesn't even know the block size used by the filesystem so has no idea how the data is split up, how fragmented it is, how big a file is, or anything about the directory structure of the disk. even if it finds a match it has no idea where the next block is.
It's far more likely the harddrive chip is just used as a storage place for a very simple virus to install a highly compressed better virus on the users computer where things can be accessed at a much higher level.
Thinking about it, SFS's 512 block size is far more secure than the big 32k blocks some systems use... much easier to put a book back together when its in chapter size chunks instead of half pages...
Amiga user since 1985 AOS4, A-EON, IBrowse & Alinea Betatester
I just read about this a few hours ago. I very much enjoyed the discussions among the "general public" about risk and remidiation options. Many say "just format the disk", they have not fully understood where the virus lives and what it runs on.. Many have said "pull the drive and re-flash the firmware". Great, but who will audit the firmware to make sure it's not the "bad" one? While driving my wife around this morning, I began to wonder exactly what the "payload" of this virus might be.. It _could_ insert other virii into your file system if it knows what OS and processor family you are running. If this virus wanted to export any of your "secrets" I can see only a few ways out. If it knows the OS then the network might be viable, but also subject to detection. It could simply make hidden copies of some specific data and hold them for some agent to do a "hands on" retrieval, but that seems unlikely as well.
Then I thought of some more dangerous options. Without any knowledge or care about OS or system processor, it has the ability to corrupt any or all of your data. And it could, as Severin pointed out, be triggered into action by something as simple as saving a specific string of characters.
With a system like that ALL OS's would be vulnerable, including ours. And all you'd need to trigger it is to get the end-user to save a trigger file anywhere on the drive. True that some processors may play with byte order, but sending the "key" in a couple variations solves that problem.
The article I read said that the corrupted drives were only being sold to certain countries. I think that bit was the hardest to believe at all. But that's just me. :)
Without knowing the filesystem, which no harddrive knows anything about, all it can do it scan through binary data looking for matches.
Exactly. The hard-drive circuit board has a processor that executes the microcode contained in the firmware. Nowadays most firmware can be reflashed with updated code. I can update the firmware in my router by accessing the Netgear web site.
My comment to broadblues about the human-readable text was just to point out that the raw binary data on the hard drive can be alphanumeric and scanned by the hard drive's processor for known script commands. If a human can retrieve data from a hard disk and reassemble it (like some law enforcement agencies) the processor in a hard-disk can be programmed to do it too. If the processor can identify script code (Python, Java etc.) that connects to the Internet, it can alter that code to send data over the Internect when the user runs the script.
All the microcode in a device's flashable firmware isn't necessarily all the code that is contained in the chip. The chips you see on a circuit board are usually far larger that the circuitry inside them so that they can connect to the main circuit board. A chip can contain a lot more than the circuitry necessary to perform it's advertised function. I think that anyone who thinks that espionage agencies aren't working on sophisticated ways to control or access any computer might be surprised in the near future.
Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450
News feed
OS4 Feedback forum
OS4Depot Feedback forum
Amigabounty forum
OpenAmiga forum
AmiCygnix forum
ABC shell forum
AmiKit forum
Cinnamon Writer forum
CodeBench forum
Digital Universe forum
Dopus 5 forum
E-UAE forum
Gnash forum
Ibrowse forum
JAmiga forum
Odyssey forum
OWB forum
Qt forum
SmartFileSystem forum
Timberwolf forum
TouchDevice forum
TuneNet forum
Unsatisfactory Software forum
Donate
