| From: | Wafflemeisters <evamarie@**********.NET> |
|---|---|
| Subject: | Re: Hacking Security Tallies |
| Date: | Fri, 22 May 1998 21:51:15 -0500 |
>
> <snip: my hardware solution>
>
> D'Oh! One thing I missed, of course, is that if the security tally is in
> read-only memory, it won't increase no matter what deckers do :)
>
> I was trying to keep it simple, but how about this: The description of the
> computer's security sheath etc. is stored in the read-only page like I
> described, but the actuall tally is a hardware register, not a memory
> location. Software can push a "button" and increment it, but there is no
> software "button" to decrement it. That can only be done by hardware
> timer (causing the system to relax) or by pushing real life buttons on the
> outside of the mainframe case, controled by the aformentioned security
> key. Red systems probably get even more paranoid.
I hardly doubt that would matter, because at some point, there has to
be a software command that activates ic- block any of the software that
reads the counter, or implimentsits commands, and your'e cool. In fact,
"Evade detection" canbeseen as JUST such a "tally editing" manuver.
Redundantcross checks will catch you soon, so its not a permanant fix.
IMO, there is no "tally" as such. IC and such operateseperately,with
thierresponses tweeaked to differentlevels, and scan continously for
suspiciopsu activity. The tally just simulates how badly youv'e let
theIC on to your pressence, and such. This makes even more sense with
the "evade detection", as the IC takes a while to re-run its crosschecks
and twig that it was snowed.
Another possibilty would be that the normal system is just a "virtual
host", and security ops occur at a "superhost" level that there is NO
way to acsess from inside the normal host. This may be as imparactical
as a one-way dtastream, however.
-Mongoose X
