On Wed, Jan 14, 2004 at 10:21:23PM -0700, Wesley J Landaker wrote: > On Wednesday 14 January 2004 10:09 pm, Einstein9112@yahoo.com wrote: > > Upon further reflection, this could be a more serious security > > problem. Imagine a small trojan/keylogger/worm/etc , that's ~640kb. > > There is plenty of room in vid memory in today's cards, and even in > > old cards. (My 4.5 year old laptop has 4mb) Even a reboot wouldn't > > neccessarily remove it from resident memory, at least not > > permenately. > > Even if the data in the RAM happened to correspond to some sort of > malware, I don't see how such a thing would ever get *run*. You don't > execute (and generally, don't even read) video ram. =) In fact; you'd have to have some kind of bootstrap part of the trojan somewhere else, that /would/ get executed. Then the storage for the main code wouldn't matter much. But yes, it is possible to store substantial amount of info in your videocard ram, and maybe in other parts of your computer, without even touching your harddrives/floppies/other obvious storage medias. If you have network connection, it's possible to store tremendous amounts of data there, abusing some internet protocols features (undelivered mail bounced, etc.) (there was some whitepaper on this, and IIRC, an actual implementation). Then in every PC & Amiga (?), there is a /dev/nvram, albeit small. And yes, this all has security bearings. I heard that in the old days when PCs were young, it was sometimes necessary to leave the comp switched off for few tens of seconds, in order for the video RAM to forget what was in there, or the video wouldn't boot. But you couldn't be sure whether all the bits got forgotten, you just let it off reasonably long. Jan. -- Jan Minar "Please don't CC me, I'm subscribed." x 9
Attachment:
pgpN6BqjtgR3N.pgp
Description: PGP signature