Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] Bios programming...

from [Matt Marooney] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] Bios programming...
Date: Thu, 3 Mar 2005 16:39:35 -0500 

Exactly, thank you Randall.  I appreciate your feedback, I'll check into
your suggestions further.

I like the way you put, "this is targeted at adults who are trying to
curb their own behavior".  Seems like this list needs more people like
that!  ;)

-- Matt
  


-----Original Message-----
From: Randall Perry [mailto:lists@domain-logic.com] 
Sent: Thursday, March 03, 2005 4:17 PM
To: full-disclosure@lists.netsys.com
Cc: Matt Marooney
Subject: RE: [Full-Disclosure] Bios programming... 


The program in question is quite legitimate in nature and already exists
in several forms.

In some instances, it sends the data to 'accountability partners' who
are your chosen peers that monitor your activity.

Think of it as AA for online porn.  Online porn has become a real
problem for males age 12 to early 40's. Properly implemented, solutions
to combat porn are good business. (mind you, this is not 'spyware' for
parents.  this is targeted at adults who are trying to curb their own
behavior).

Those who are not aware of that epidemic should sit quietly and not
scoff at the efforts of others.

As for the function of BIOS, that is the wrong road to go down.

If you are looking for checking if services are disabled, then have a
bot call home every so often (much like DirectTV PPV).

Any 'net activity could be logged in a seperate file and compared to the
monitor's activity report (to determine if it was active or not). It
would purge every 2-3 days to the online site. If you do not have an
update in 2-3 weeks, then send out an email reminder.

To monitor IP activity, you might want to insert into the tcp/ip stack
through LSP layers (only for Windows boxes).

This lower level monitoring is harder to disable (but not impossible).

In this scenario you could either choose to redirect/block sites
(through blacklists or other)
-or-
Just log activity, don't block anything and lean towards the
'accountability' side.

Good luck with the project,
it sounds noble at root.
RP


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.1 - Release Date: 2/27/2005


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Bios programming..., Brent Colflesh
Next by Date:  Re: [Full-Disclosure] Bios programming..., 'FoR ReaLz' E. Balansay
Previous by Thread:  RE: [Full-Disclosure] Bios programming..., Randall Perry
Next by Thread:  Re: [Full-Disclosure] Bios programming..., Bill Humphries
Indexes:  [Date] [Thread] [Top] [All Lists]