| From: | Mike Elkins <MikeE@*********.COM> |
|---|---|
| Subject: | Re: Hacking Security Tallies (Was Re: Weird Campaigns) |
| Date: | Thu, 21 May 1998 11:49:34 -0500 |
>However, depending on exactly what the key does, you can probably
>write code to mimic it
On a PC, sure. On a multi-million nuyen piece of equipment designed by
paranoid and clever engineers, no. The security tally and other critical
security information can be stored in a read-only memory block (read
only at the HARDWARE level, the write pin can be physically
disconnected) and can be written to ONLY when the master key is in
the lock. The chief programmer only puts the key in the lock when his
deckers report that they are in place and ready to make the changes.
Put the key in, reset security tally, take the key out, then look at the
security block and make sure it still says exactly what you think it should
(in case someone with a great deal of masking happened to be in your
system during this critical time). If at all possible, the system should be
Off-line during this operation, but that might not be possible with some of
these systems.
Double-Domed Mike
--MIT&M: We Bring Good Things to Life
