Windows is even more evil than we thought

Older motherboards required moving a jumper in order to over-scribble the BIOS. New and improved motherboard can be trashed with a simple program.

Unfortunately, the source company seems a bit odd and the product might be non-existent.

There are devices that will encrypt a USB data stream. Just install this gizmo between your computah and a USB hard disk drive. Data in, garbage out. Speed is a bit of a problem. These are limited to USB 2.0 speeds.

On Sun, 06 Sep 2015 16:28:27 -0700, Jeff Liebermann Gave us:

EVGA MOBOs have a three BIOS setting position switch with three fully independent saved settings sessions, so a hacked BIOS is easily abated by switching over to another position. That is IF it were even hackable in it's currently enabled position, which it isn't.

It's somewhere between the two.

The intent is to ensure that restrictions on available bands and power levels can't be bypassed simply by changing the firmware.

However, the nature of "budget" Wifi routers is such that the radio transceiver is typically fully configurable via software. So the easiest (and cheapest) way to comply with the regulations is to just prevent the use of any and all "unauthorised" firmware (e.g. requiring firmware to be digitally signed).

There are various mechanisms by which a router could support custom firmware while maintaining compliance with applicable regulations.

E.g. the firmware could be split into a trusted kernel and an untrusted user-space portion, with the user-space portion incapable of changing any of the radio-related settings. Or the radio could have a hardware lockout which is set once the allowed bands and power levels have been configured and which is only cleared by a hardware reset.

But those would take time and/or money, which means that it's probably not likely to happen. At least, not for the low-end gear which accounts for

On Mon, 07 Sep 2015 02:13:09 +0100, Nobody Gave us:

The hardware itself does not go far, if at all beyond the scope of prescribed operation and power levels either.

It ain't like some CB radio you can tweak out to 8 watts or modulate with FM in a band designated for AM.

So even with fully open software and firmware, one is not going to futz around with the gear and get much more out of it than it was meant to do anyway.

Nice antennas get you a little bit more range.... a dish gets you more but limits the FOV. All still while within the power range allotted. Tweak that up to the max of the gear and find out that you are still below the limit.

Pretty simple stuff.

On Mon, 07 Sep 2015 02:13:09 +0100, Nobody Gave us:

The bands are locked by physical design and the power levels already push the components to near their limits... by design.. They are not going to engineer and place $500 worth of components and broad spectrum design into a mass produced $200 item.

Use some common sense. WRT already allowed those pieces of gear to be maxed out and that number was less power than the allocation limits.

Again... pretty simple shit.

If you are using some sort of hardware raid so that even the initial loading of the OS is protected then maybe that is helpful - at least until they take over the majority of drives in the machine. If the OS initially boots from one drive then they only have to take over the firmware of that one drive and provide their own alternative boot sector, and they win, regardless of whether RAID or anti-RAID is used later on for most of the data storage.

Chris

I got to thinking about this because recently when I point firefox at the login page of twitter, the hard drive always becomes very busy and the whole win7 machine locks up (can't move the mouse cursor, keyboard won't work) whilst the HDD busily rattles away for literally about 10 seconds, then it starts to work again.

I thought maybe windows is re-sizing some page file or something, but there are other possibilities, and it is interesting that it always locks up the OS when loading that one webpage. I think it is more likely that Firefox has made some update that triggers some long delay within win7, but I am bothered that the OS seems unable to do any other task whilst this is going on. Still windows is pretty messed up doing things like font rendering in the kernel, so it is quite likely just incompetence rather than malice, or maybe incompetent malice.

Maybe Skybuck is right after all.

Chris

I was going to make a comment for the FCC, yet on examining the proposed rules, I haven't been able to convince myself that there's any danger of their having the suggested effect.

There is stuff in there about requiring restrictions on modifying the software used by a modular transmitter, but those restrictions apply to the installer of the transmitter as well as the end user. My take on it is that the modular transmitter could not be certified if Google, or any other manufacturer, could change the software controlling the transmitter.

Sylvia.

Radio? What radio? Are we not talking about Win10 software?

"Zeroization"?? Is that a word??

You're being far too generous.

I'll save my pontifications on the topic of Win 10 privacy for another day. Suffice to say that I've stopped doing Win 10 upgrades until the privacy issues are either settled or effectively bypassed. Please note that Google has been doing much the same thing with Android for years, but unlike Microsoft, does not offer the user the opportunity to opt out of much of the snooping. I suspect that one reason everyone is so irritated by Microsoft is that anyone can see the settings and on/off switches. For a hint about what Google knows about you, try the Gargoyle, errr Google dashboard: Hmmm... I show 2.5 million sites shared with me, errr... Google.

The Wi-Fi card for the Raspberry Pi is an external USB plugin. It's not affected because the NPR (notice of proposed rule makin) is for access points and wireless routers only. The client radio, as plugged into the Raspberry Pi follows the channel and country code of the wireless access point. The only exceptions are virtual access point emulators, such as: which are under software control and can theoretically be tweaked. I didn't see any mention of these in the NPR.

Whenever I see something like this, the first thing the comes to my caffeine driven mind is "What problem is the FCC trying to solve?" In this case, the problem is coexistence with domestic radar services using the same frequencies. See: and note the mention of DFS (Dynamic Frequency Selection) which is intended to eliminate interference to these services by U-NII band radios. The relatively low maximum power and DFS is mandatory in the USA, but not in some foreign jurisdictions. In other words, changing the country code will remove the power limit and raise the maximum power.

In effect, the FCC is trying to plug some really bad planning and engineering with yet another layer of unenforceable rules. I expect router manufacturers to handle this exactly the same way they handled the requirement that laptops include a boot time test in the BIOS for FCC approved wireless cards, and refuse to boot if it finds a non-approved card. Most complied, but left the back door wide open.

I suppose some wireless manufacturers will use this as an excuse to lock up their firmware, for compliance reasons, of course. What they really want is a good way to shorten the useful life of the router. If a new exploit is found, but the manufacturer is unwilling to update their firmware, the router is now a useless paper weight.

Yeah, I used the same logic and stocked up on tin-lead solder when I thought that environmental regulations would precipitate a long term shortage. I now have enough solder to last me several lifetimes.

They don't just harvest, they send the details of torrents you have downloaded to an anti piracy company.

I know no one uses illegal downloads, but gee, if you pay for it and own it, I think you have a fair expectation that it doesn't spy on you.

And Micro$oft wonders why sales are falling..

On Sun, 06 Sep 2015 22:32:47 -0700, Robert Baer Gave us:

If you knew anything about military cryptographic equipment, you would know what it means. as it stands, you are as clueless about this as it is so often shown that you are about so many other things.

"Educated"?? Are you even educated? At all? Right now, you sound a lot like Donald Trump.

It has been a word commonly used in the crypto world for at least a few decades. I worked on the key storage and management hardware for a mainframe crypto coprocessor in the '80s and '90s, and I know the word was used in hardware from a decade before that. They also used the verbed form "zeroize", though I never understood why "zero" wouldn't have been a perfectly good verb. "Clear" would have been just as good but spooks will be spooks.

Well, the manufacturer obviously can make modifications. They made the thing in the first place. However, they're obligated to pass certs with the modifications. Home hackers aren't, so the point is to raise the bar so the hackers can't play.

If you spent as much time educating...explaining stuff like what Zeroization is as you spend calling people clueless, the world might just be a little less clueless and a LOT less confrontational.

It takes less effort to educate than to denigrate. And it doesn't set off an endless name calling thread.

The "endless name calling thread" occurs because, not only did you not killfile DecadentLoser, you felt a need to feed the troll, exposing us all to his tripe.

Quit already! ...Jim Thompson

On Mon, 07 Sep 2015 10:17:20 -0400, krw Gave us:

Now... without looking it up... What does "CIK" mean?

Then i will eagerly accept one percent of his net worth.