1997-11-10 - Re: Sloppy Chips from Int

Header Data

From: harka@nycmetro.com
To: CYPHERPUNKS@ssz.com
Message Hash: b1a97b7d0a6e0c889d52a361bc615af75eab49ad9e4bafc579f1e1c93c16d4c6
Message ID: <199711101615.KAA05208@einstein.ssz.com>
Reply To: N/A
UTC Datetime: 1997-11-10 16:35:49 UTC
Raw Date: Tue, 11 Nov 1997 00:35:49 +0800

Raw message

From: harka@nycmetro.com
Date: Tue, 11 Nov 1997 00:35:49 +0800
To: CYPHERPUNKS@ssz.com
Subject: Re: Sloppy Chips from Int
Message-ID: <199711101615.KAA05208@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 -=> Quoting In:emc@wire.insync.net to Harka <=-

 In> By now everyone has probably heard that Intel Pentium and
 In> Pentium MMX chips hang when executing the instruction sequence
 In> F00FC7C8 even when in an outer ring of privilege or in V86
 In> mode.

<snip>

 In> Unlike Unix, for which complete compilable source code is
 In> available, we know little about what what microcode is run
 In> through the several million transistors on a typical
 In> microprocessor. If sloppy engineering alone produces such
 In> dangerous faults, imagine what could happen should industry
 In> decide to deliberately cooperate with various LEAs and TLAs.
 In> (In the national interest, of course.)

 In> The possiblities are truly mind-boggling.  Perhaps exploits
 In> like tapping Aldrich Ames' PC and crashing Saddam Husseins'
 In> PCs en masse were not done by black bag jobs and viri, but by
 In> the activation of "National Security" backdoors present in all
 In> complex modern microprocessors.


This somewhat overlaps with another emerging possibility I've been
thinking about since the beginning of the DES and RC5-search.

While I am very supportive of the general idea of distributing any
such computationally intensive applications onto the many CPU's
available today, it also opens the door to another potential
horror: distributed horror.

The concept of "The Internet one big Supercomputer" makes sense,
but if _we_ can do it so can _they_! And herein lies the immense
potential danger of undisclosed source-code.

Who can guarantee, that Windows 3.1/95/NT/whatever and any other OS
and Applications with no open source won't employ a client
similar to RC5 of it's own...secretly running in the background
doing it's Big Brother work? The same might apply to the CPU's
themselves, or a combination thereof.

Especially Windows-users are by now more than sufficiently
conditioned to see installing regular "bug-fixes" disguised as
"service-packs" as a normal part of their "work". It would be
fairly easy to send along an application, that does something very
differently than merely fixing bugs...and since nobody can ever
verify the source-code independently from MS (or Intel etc.),
chances are, that it would remain undetected for the general public
for a long time.
The application could even be remotely triggered to cease working
or be deleted by the next "service-pack" to ensure sneakiness.

People might remember the Windows95 Registration-Wizard, which
apparently collected data about programs found on the hard drive
etc. and sent it along to Microsoft to be analyzed by them.
Since things have become that easy, it'd probably be trivial from a
technical perspective to send along secring.pgp, maybe even the
captured passphrase. Now that the average PC is connected to the Net
quite frequently if not constantly, it could do such things in the
background while the user is waiting for his "web page to download".

There's almost no way of telling if the system is closed off from
the user, such as Windows is.
First, there's no source-code. Nobody knows, what the (by now)
probably millions of lines of code actually do other than what's
visible.
Second, "looking under the hood" seems to become more and more
discouraged by the overall design and to actually know what your
system is doing at any time is now almost impossible with
Windows95/NT...at least outside the regular user-space.

Point 1 and 2 combined create a totally non-transparent system,
that could potentially be used for many (undetectable)
horror-"applications" such as mentioned before...

CPU's upgradable via software (Flash-ROM), modems etc. add to the
problem.

"Mind-boggling" indeed...

Ciao

Harka

/*************************************************************/
/* E-mail: harka(at)nycmetro.com (PGP-encrypted mail pref'd) */
/* PGP public key available upon request.  [KeyID: 04174301] */
/* F-print: FD E4 F8 6D C1 6A 44 F5  28 9C 40 6E B8 94 78 E8 */
/*<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/
/* May there be peace in this world, may all anger dissolve  */
/* and may all living beings find the way to happiness...    */
/*************************************************************/

... "Every CPU you have can be used against you"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAgUBNGcxhjltEBIEF0MBAQFnrQf+P1+6ZzdcJ2tKF//v2zu1z0d9b7fHqEW1
zX6U7d2SUqpuHcX3YSRGyd3fR5XPnxGj91iTA2pYnSr76Fcx06k+MfFpgpo1RxYn
Jnx4oBeeUyO5t2peR/CBb+2gJ54OMwv7azxpKZ1/F+GVWhzXR2KZjnWZ7vArK6kY
wcehcR/4QeJa1OxMVXWBYRPyUz8TLfAS5GPnOJrqYSf/HzgwrWWlJ2USzS5/uRwA
OcvI/w1fOsRKxvN6gKNeO2tZLqv2U/+AmCBCuCwos86yjXZTlpU0u2xhnxnIcJjR
T3EIAk3oSXvBBmK5QET//bRllD1JjttUMdRrCGwWunO/1PNRiFzTQw==
=HycV
-----END PGP SIGNATURE-----


If encryption is outlawed, only outlaws will have encryption...






Thread