This message is from the T13 list server.
I was involved in the creation of this command set. There was much
discussion around the possibility of a virus being able to lock a drive.
There are already many ways to destroy data on the drive. This has not
offered anything really new. It has also been around for almost 10 years,
so it is a little late to be complaining. When security was introduced, I
was working for a major BIOS vendor and know for a fact that at that time
AMI, Phoenix, and Award implemented the FREEZE LOCK. This was done because
of the virus threat. If you have found a system that does not issue the
freeze lock, then I would say that you have a substandard system and you
should return it for one that actually works.
There are many ways to trash a drive with one command including
SETMAX, DCO, Writing the media, and security. I am surprised that you are
complaining about security, that is really the least of the threats...
-------------------------------------------------
Curtis E. Stevens
20511 Lake Forest Drive #C-214D
Lake Forest, California 92630
Phone: 949-672-7933
Cell: 949-307-5050
E-Mail: [EMAIL PROTECTED]
Ambition is a poor excuse for not having enough sense to be lazy.
-----Original Message-----
From: Andries Brouwer [mailto:[EMAIL PROTECTED]
Sent: Monday, May 16, 2005 9:47 AM
To: Curtis Stevens
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [email protected];
[EMAIL PROTECTED]
Subject: Re: [t13] Security problems
On Mon, May 16, 2005 at 08:54:29AM -0700, Curtis Stevens wrote:
> I agree with Jim. In addition, this is only a threat to people who
> do not use a password. If the drive has an existing password, the
password
> must be entered to gain access to the drive.
>
> [EMAIL PROTECTED] wrote
>
> The problem is NOT that ATA security is broken.
> The problem is that most/many BIOSes and OS's do not issue the SECURITY
> FREEZE LOCK command to ANY/ALL devices (not just the boot device).
>
> This is NOT a device failure.
> This is NOT a 'broken standard'.
>
> This <IS> about major host software vendors NOT using the tools it has had
> <<SINCE 1997>> to protect itself and the host system.
Let me see whether I understand the reasoning.
The T13 people add a new feature to their disks, that has the potential
of causing lots of trouble, like inaccessible data.
However, if the rest of the world changes their code and firmware,
then there is no problem.
And now it turns out that the rest of the world didnt do that.
Of course it is their fault.
[By the way - was it widely advertized that the rest of the world
should do this? I must have overlooked.]
If this disk-locking worm really happens then I suspect that many
will try to hold the disk drive manufacturers responsible.
I hope that there is an easy backdoor that can be revealed at such a moment.
Andries
