From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Tue, 22 Sep 1998 19:21:57 +0800
To: cypherpunks@EINSTEIN.ssz.com (Cypherpunks Distributed Remailer)
Subject: Re: (99% noise) Stego-empty hard drives... (fwd)
Message-ID: <199809230049.TAA07693@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Tue, 22 Sep 1998 19:45:34 -0400
> From: Sunder <sunder@brainlink.com>
> Subject: Re: (99% noise) Stego-empty hard drives... (fwd)

> Jim Choate wrote:
> 
> > Consider that at any given time there are only a few hundred BIOS'es, made
> > from a few dozen base images, driving all the machines out there. The number
> > of companies that develop their own BIOS in toto for in-house products is next
> > to nil (I know of none). What they do is buy a license and then re-write the
> > sections they need to.
> 
> See: http://www.ping.be/bios/ for bioses and flash upgrades.

Ok, so I went and looked. That particular page covers ONLY Award and AMI
BIOS's. Every one of those *thousands* of machines have a BIOS which is
about 90% cherry and built from only a few dozen base builds.

It actualy supports my premise that despite the thousands of machines the
base BIOS images that drive them are really not that large.

> Come on guys, this is silly. Why the fuck would the UK tempest scan your 
> notebooks?  Manufacturers produce new machines every month, each with modified
> BIOSes for the features in their new notebooks, with hardware variations and 
> imperfection, with different power levels of batteries, different PC cards
> installed, different CPU speeds, different options and other inconsistencies
> you get a very difficult situation.  

And everyone one of them available publicly. You seriously think it's harder
to keep up with the number of BIOS'es out there than say tracking the
number of international phone calls in a year?

> Your speculation that someone out there will tempest scan to see if you've
> modded your notebook is silly.  Are you just pissing against the wind, or do
> you have knowledge that they actually do this?

Not if it is only one or two, if it becomes a serious issue you bet they'll
do it in a heartbeat.

> You're forgetting your threat model and planning for a level that's beyond
> demented paranoia.

Your absolutely correct, they are paranoid.


    ____________________________________________________________________

                            The seeker is a finder.

                                     Ancient Persian Proverb

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage@ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------