Hi, "in all likelihood": When you hear hoofbeats, think of horses not zebras. ;)
https://en.wikipedia.org/wiki/Soft_error Best regards Tobias Frei On Fri, Feb 2, 2018, 21:50 <[email protected]> wrote: > Thanks Tobias, > It is always good to know that contact has been made. > What a shame that it is not likely to be one of those scenarios that you > outline :( > > I do accept that it could be a bizarre coincidence, but..... > > > "While the scenario outlined below is very 'Grand Jeu' I will not be at > all surprised to learn that you believe this to be a hack." > ---------------------------------------- > > This must be taken seriously. > I haven't carefully crafted the email to waste peoples valuable time. > There is every reason to consider the event as a realistic scenario. > > It may not be. > That would be great. > > My problem is that, like most people, I never studied digital security. > I'm having to catch up; but I can't - it's too complex. > > I got Tails, and some secure mailboxes. > However, with hindsight; logically, this is merely a security layer to be > overcome. > > Anyway, my guess is: that is what happened. > > For a variety of reasons, it would be useful to know. > Even if we can't run tests. > > Can such a hack be implemented with a mobile phone? > Is the laptop in all likelihood lost? > > Are there any devs that can answer these questions? > > I'm one of the good guys. > I'd appreciate some help on this :) > > > > > -- > Securely sent with Tutanota. Claim your encrypted mailbox today! > https://tutanota.com > > 2. Feb 2018 19:12 by [email protected]: > > > Hey, > > Disclaimer: I am a regular user, not a security expert. I am not a > developer in this project, I'm subscribed to the list because I ran a Tails > mirror for some years. > > Three things that came to my naive mind when reading: > > - Cui bono? > - Hanlon's Razor > - Number of users vs. Coincidence > > Is there any reason for an attack? Does the specific worker have any > theoretical reason to be malicious here? > > Also, when a product is used by a billion people, a bug with a probability > of "only 1:1000000" will occur about 1000 times. Extremely unlikely > scenarios can suddenly actually happen when many people are using the same > software. It is almost guaranteed that somewhere in the world, an > earthquake will occur in the moment someone starts their computer. The > computer, however, did not cause the earthquake to happen. > > There is a wonderful book called "Spurious Correlations". It makes fun of > exactly this problem. > > Best regards > Tobias Frei > > > On Fri, Feb 2, 2018, 19:40 <[email protected]> wrote: > >> Excuse me - I have joined this group to discuss what may have been a >> 'high end' BIOS attack. >> I am presuming that this group contains the most knowledgeable people. >> I need that. >> >> While the scenario outlined below is very 'Grand Jeu' I will not be at >> all surprised to learn that you believe this to be a hack. >> >> --------------------------------------- >> >> This is exactly what happened: >> >> Laptop circa 2011 (bios date) >> AMD DCP C-50 >> Tails 3.5 loaded from a USB drive >> >> At a friends - laptop on the table in kitchen (pre-arranged over the >> phone). >> Workmen are doing jobs. >> (The IP box can give the WiFi connection at the press of a button) ;) >> >> A Libre Office doc saved in the session - other docs saved on a mounted >> removable drive. >> >> One worker comes in the kitchen - he starts tapping away on his mobile >> (just 3 meters away). >> >> Note - he has no need to be in the kitchen to get a signal - the walls >> are thick, so outside would be better (if you don't have the wifi code). >> >> He makes a final tap, and walks... and my pc shuts down. >> Some code appeared, but it shut down. >> >> Obviously it could be coincidental; but I'm sick of frigging coincidences. >> The shutdown was simultaneous to his final tap on his mobile. >> >> --------------------------------------------- >> >> Post reboot - no apparent problems, other than it seemed to take slightly >> longer to log into accounts. >> I carried out my communications. >> >> A day later, I posted an email to [email protected] (on >> this question). >> I received no reply. >> >> Researched BIOS attacks, and checked my bios version. >> https://www.schneier.com/blog/archives/2015/03/bios_hacking.html >> >> Talk of : >> "Their exploit turns down existing protections in place to prevent >> re-flashing of the firmware, enabling the implant to be inserted and >> executed. >> >> The devious part of their exploit is that they've found a way to insert >> their agent into System Management Mode, which is used by firmware and runs >> separately from the operating system, managing various hardware controls. >> System Management Mode also has access to memory, which puts supposedly >> secure operating systems such as Tails in the line of fire of the implant." >> >> >> Also: >> "The method used to get at the BIOS then allows the likes of GCHQ et al >> to get at other modifiable ROM in the likes of HDs, Sound Chips, Network >> cards and other "below the OS" areas. >> >> Having done this they can then put the main BIOS back the way it was, so >> that it's harder to find what they have been up to." >> >> --------------------------------------------- >> >> Rebooted to Tails. >> Tails warns: can't check for upgrades. >> >> Tutanota mailbox warns: Couldn't connect to server - it seems like you >> are offline. >> But I was online, and could see my mailbox. >> --------------------------------------------- >> >> First thing is: >> Have you received this mail? >> Could someone respond, to confirm this? >> >> Does it seem likely that I have been hacked? >> Is there any way of knowing eg. running tests? >> If it has been hacked - is the laptop now unusable? >> If I was hacked - have they got everything that I've done since that >> point (and the data off my drives)? >> >> I'm cool either way. >> What's done is done; but I'd rather know >> >> BTW, I tried to get a riseup email, but it kept demanding an invite code. >> Anyway, I figured that I first need to check with you guys re my current >> status, before doing anything else. >> >> Thanks :) >> >> -- >> Securely sent with Tutanota. Claim your encrypted mailbox today! >> https://tutanota.com >> _______________________________________________ >> Tails-dev mailing list >> [email protected] >> https://mailman.boum.org/listinfo/tails-dev >> To unsubscribe from this list, send an empty email to >> [email protected]. > >
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
