| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Dec 28 15:01:18 2005 From: nocfed at gmail.com (nocfed) Subject: [inbox] Breaking LoJack for Laptops On 12/27/05, Michael Holstein <michael.holstein@...ohio.edu> wrote: > > Don't a lot of systems include just this? Any system which supports > > PXE boot can pretty much do all of the above from the BIOS. > > True, but Intel's PXE spec expects it to fetch the instructions from the > TFTP server, and get all the details about what to fetch via DHCP. To do > the "LoJack" trickery would require a very custom BIOS .. one that a > laptop manafacturer would be pretty unlikley to provide to a software > vendor, IMHO. > > ~Mike. > Would really need to implement this within the actual Firmware on the NIC for it to be fully effective as bootp will just not work in a non-bootp environment. This could then send an innocent DNS query(or whatever you so choose) to 'phone home' every 6-12 hours using the information in buffer. The single UDP packet would contain all of the information needed and not need a reply of any kind. The information could be stored on-chip and would not need an OS to be booted into to be effective. So, as long as the machine has power and a network connection... you get the picture.
Powered by blists - more mailing lists