Re: A Diebold network connection Question

From: Alan Dechert <dechert_at_gmail_dot_com>
Date: Thu Aug 18 2005 - 12:17:53 CDT


> I am well aware of the archives of this forum. I am also aware that
> some officers of OVC do not consider the threats posed by
> firmware-based malware loaders to be important, ......
I am not aware of any OVC officers that are unconcerned about firmware.
I spent a lot of time a couple of years ago talking to Bennet Yee about
all of this (Bennet was at UCSD at the time ... hired away by Google).
Former OVC board member, Amit Sahai, is another security expert we've
spent some with. Amit is now Associate Director, Center for Information
and Computation Security, at UCLA.

I'm quite certain we can re-engage Amit when we are a little further
along with development. I wouldn't be surprised if ACCURATE will
develop some relationship with his center at UCLA.

> .... and do not advocate rigorous hardware inspections. "COTS" is
> the usual answer, and it is insufficient, since a vendor secretly can
> install
> whatever firmware it wishes in "COTS" hardware -- firmware that
> cannot be detected without rigorous hardware inspections, ....
I look forward to seeing your attack on our system as we get closer to
having something production quality. Bennet did some pioneering work on
automated hardware inspections. I predict we'll catch your hack on boot

Alan D.

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Aug 31 23:17:28 2005

This archive was generated by hypermail 2.1.8 : Thu Sep 15 2005 - 11:44:12 CDT