lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003501c52039$7e718240$0801a8c0@DAI.COM>
From: matt at dynamicanswers.com (Matt Marooney)
Subject: Bios programming... 


Exactly, thank you Randall.  I appreciate your feedback, I'll check into
your suggestions further.

I like the way you put, "this is targeted at adults who are trying to
curb their own behavior".  Seems like this list needs more people like
that!  ;)

-- Matt
  


-----Original Message-----
From: Randall Perry [mailto:lists@...ain-logic.com] 
Sent: Thursday, March 03, 2005 4:17 PM
To: full-disclosure@...ts.netsys.com
Cc: Matt Marooney
Subject: RE: [Full-Disclosure] Bios programming... 


The program in question is quite legitimate in nature and already exists
in several forms.

In some instances, it sends the data to 'accountability partners' who
are your chosen peers that monitor your activity.

Think of it as AA for online porn.  Online porn has become a real
problem for males age 12 to early 40's. Properly implemented, solutions
to combat porn are good business. (mind you, this is not 'spyware' for
parents.  this is targeted at adults who are trying to curb their own
behavior).

Those who are not aware of that epidemic should sit quietly and not
scoff at the efforts of others.

As for the function of BIOS, that is the wrong road to go down.

If you are looking for checking if services are disabled, then have a
bot call home every so often (much like DirectTV PPV).

Any 'net activity could be logged in a seperate file and compared to the
monitor's activity report (to determine if it was active or not). It
would purge every 2-3 days to the online site. If you do not have an
update in 2-3 weeks, then send out an email reminder.

To monitor IP activity, you might want to insert into the tcp/ip stack
through LSP layers (only for Windows boxes).

This lower level monitoring is harder to disable (but not impossible).

In this scenario you could either choose to redirect/block sites
(through blacklists or other)
-or-
Just log activity, don't block anything and lean towards the
'accountability' side.

Good luck with the project,
it sounds noble at root.
RP


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.1 - Release Date: 2/27/2005



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ