Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement.

[John Darrington <john@darrington.wattle.id.au>]

[-- Attachment #1: Type: text/plain, Size: 1379 bytes --]

On Sun, Feb 12, 2017 at 11:02:29PM -0800, Maxim Cournoyer wrote:
     Hi,
     
     Christopher Howard <christopher@alaskasi.com> writes:
     
     > On 02/10/2017 08:31 AM, David Craven wrote:
     >> Hi Maxim
     >> 
     >>> +1. I don't see how having blobs helps security at all.
     >> 
     >> Well the problem I was getting at is that things are not as fixed as
     >> they may seem.
     >> Quoting wikipedia:
     >> 
     >>>> Decreasing cost of reprogrammable devices had almost eliminated the market for mask ROM by the year 2000.
     >> 
     >> Translation: ROM is not RO.
     >>
     
     You have a point, although reading the article linked (from Wired), this
     kind of attack requires a lot of effort (to reverse engineer the
     proprietary interfaces used to reprogram the firmware of a HD). At this
     level of seriousness they might as well find other means to get at
     you, such as physically altering one of the device you use without you
     noticing.

If the attacker *is* vendor who supplies the proprietary device then they would
not have to reverse engineer it.
     



-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]