Forwarded message:
Date: Tue, 22 Sep 1998 09:38:18 -0500 From: Petro <petro@playboy.com> Subject: Re: Stego-empty hard drives... (fwd)
If you do (1), and simply have _no_ prompt, just a small space in time AFTER the POST (say, immediately after) to type in your passkey, and things are set up that if you type the wrong keys, it goes straight into hidden space mode, then there would be no suspicion, other than a slightly long boot sequence (and if the wait time were only 2 or 3 seconds, it might not even be noticable.)
If we are discussing only the customs inspector doing a visual inspection this will certainly work. It won't hold up to TEMPEST analysis where they fingerprint a known un-mod'ed unit and then compare that to yours. The POST shouldn't change from laptop to laptop, irrespective of the filesystem or OS that is actualy installed. The point is that this is a weak approach with a variety of attacks open. When one considers the amount of work required to collect BIOS'ed , reverse engineer them (unless you got lots of mullah), develop the crypto, develop the camouflage code, distribute the code, burn the ROM's, distribute the ROM's, cost of suitable TEMPEST monitors, etc. the benefit seems questionable at best. Even if they can't crack it in may places (eg France) such actions would be prosecutable in and of themselves. ____________________________________________________________________ The seeker is a finder. Ancient Persian Proverb The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------