lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: shawn at nunleys.com (Shawn Nunley)
Subject: DOS all platforms

Well, this is no legend.

Back around 1995 (I think) I was issued a brand new IBM ThinkPad 701C.
These were pretty cool systems, but it turned it out could be utterly
destroyed by a simple virus.  The Win/CIH virus wasn't so bad on most
machines, but somehow this laptop managed to have its entire brains
obliterated (BIOS) by the virus, including the code that enabled you to
write *new* BIOS.  So, the only remedy was to have an entirely new system
board installed.

IBM actually did fix this under warranty, on site.  I'm guessing they did
this because the design was fundamentally flawed in that for the first time,
all of the BIOS (all of it) was read/write.  In any case, this is a case of
a virus destroying hardware.  The system board had to have it's BIOS chips
de-soldered and reinstalled,

Here's a news account.

http://www.internetwk.com/news/news0721-4.htm


Shawn Nunley, CISSP

-----Original Message-----
From: Rob, grandpa of Ryan, Trevor, Devon & Hannah [mailto:rslade@...int.ca]

Sent: Friday, January 23, 2004 10:31 PM
To: Brent Colflesh; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] DOS all platforms

Ah, dear, dear, dear.  The old legends never really die ...

> Exibar wrote:
> 
> >   Causing Physical damage to equipment????  Good luck....  although way
> back
> > when there was a program that would set the refresh rate on your monitor
> > very very high and it could cause the monitor to die....  Doesn't happen
> > anymore though :-)

Good luck about covers it.  The monitor business was not the refresh rate,
but the 
scanning rate.  On one particular graphics card (one of the Hercules line,
if my 
failing memory serves) /monitor combo you could set the rate to zero in both

directions, thus allowing you to burn out the phosphors in one particular
spot.  It 
would take some considerable time to seriously damage a large chuck of
screen real 
estate.  Never was included in any malware that I encountered ...

From:           	"Brent Colflesh" <Brent.Colflesh@...icom.com>
Date sent:      	Fri, 23 Jan 2004 18:00:09 -0500

> I also recall rumours of a virus in the ~1995 time frame which would
> cause overexcursion of the r/w heads in the hard drive, causing the
> heads to crash into the side of the drive.

Again, never used in any malware.  This was widely used as an example of an 
action that *could* cause hardware damage.  In fact, it was hardly
universal.  Some 
old 5.25" drives would lose alignment if the heads were repeatedly banged
against 
the stop.  On the other hand, on some drives it was the standard way to get
the 
drive to allow you to access and format tracks outside the normal range, so
that 
you could cram more data onto a disk ...

====================== 
rslade@....bc.ca      slade@...toria.tc.ca      rslade@....soci.niu.edu
"If you do buy a computer, don't turn it on."     - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses"              0-387-94663-2
"Viruses Revealed"                                      0-07-213090-3
"Software Forensics"                                    0-07-142804-6
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
alternate site http://sun.soci.niu.edu/~rslade/
CISSP refs:     [Base URL]mnbksccd.htm
PC Security:    [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews:   [Base URL]mnbk.htm
                [Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-subscribe@...oups.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



Powered by blists - more mailing lists