Re: My system has Flashbacks?

To: debian-user@lists.debian.org
Subject: Re: My system has Flashbacks?
From: Richard Lyons <richard@the-place.net>
Date: Thu, 15 Jan 2004 12:34:02 +0000
Message-id: <[🔎] 200401151234.02768.richard@the-place.net>
In-reply-to: <[🔎] 20040115121511.GC3542@kontryhel>
References: <[🔎] 1074136919.578.53.camel@pferd.babel> <[🔎] 200401142221.27744.wjl@icecavern.net> <[🔎] 20040115121511.GC3542@kontryhel>

On Thursday 15 January 2004 12:15, Jan Minar wrote:
> On Wed, Jan 14, 2004 at 10:21:23PM -0700, Wesley J Landaker wrote:
> > On Wednesday 14 January 2004 10:09 pm, Einstein9112@yahoo.com wrote:
> > > Upon further reflection, this could be a more serious security
> > > problem. Imagine a small trojan/keylogger/worm/etc , that's
> > > ~640kb. There is plenty of room in vid memory in today's cards,
> > > and even in old cards. (My 4.5 year old laptop has 4mb) Even a
> > > reboot wouldn't neccessarily remove it from resident memory, at
> > > least not permenately.
> >
> > Even if the data in the RAM happened to correspond to some sort of
> > malware, I don't see how such a thing would ever get *run*. You
> > don't execute (and generally, don't even read) video ram. =)
>
> In fact; you'd have to have some kind of bootstrap part of the trojan
> somewhere else, that /would/ get executed.  Then the storage for the
> main code wouldn't matter much.
>
> But yes, it is possible to store substantial amount of info in your
> videocard ram, and maybe in other parts of your computer, without
> even touching your harddrives/floppies/other obvious storage medias. 
> If you have network connection, it's possible to store tremendous
> amounts of data there, abusing some internet protocols features
> (undelivered mail bounced, etc.) (there was some whitepaper on this,
> and IIRC, an actual implementation).  Then in every PC & Amiga (?),
> there is a /dev/nvram, albeit small.
>
> And yes, this all has security bearings.
>
> I heard that in the old days when PCs were young, it was sometimes
> necessary to leave the comp switched off for few tens of seconds, in
> order for the video RAM to forget what was in there, or the video
> wouldn't boot.  But you couldn't be sure whether all the bits got
> forgotten, you just let it off reasonably long.

Vaguely à propos, I notice that modern printers keep a mass of memory 
alive, even when you switch them off.  (faulty setup having sent a long 
postscript file as text to the printer, so that it prints 200 pages of 
garbage, I've emptied the print queue, and powered off the printer, 
turned it on again, only to have it start over at the beginning of the 
garbage!) You have to physically pull the plug to clear the memory.  
And there is two-way communication, so presumably this could be 
exploited?

-- 
richard

Reply to:

Follow-Ups:
- Re: My system has Flashbacks?
  - From: Jan Minar <Jan.Minar@seznam.cz>

References:
- My system has Flashbacks?
  - From: Christian Schnobrich <schnobs@babylon-kino.de>
- Re: My system has Flashbacks?
  - From: Wesley J Landaker <wjl@icecavern.net>
- Re: My system has Flashbacks?
  - From: Jan Minar <Jan.Minar@seznam.cz>

Prev by Date: paper orientation - cups - mozilla
Next by Date: Re: My system has Flashbacks?
Previous by thread: Re: My system has Flashbacks?
Next by thread: Re: My system has Flashbacks?
Index(es):
- Date
- Thread