a real life example of SR ICE? Options

[hobgoblin]

http://www.boingboing.net/2010/12/07/pundi...ls-for-dev.html

try to access data you have no right to access, and boom goes your computer (could actually happen in SR1-3, not so much in SR4. Even toasting the System is a unreliable attack option)...

[Neowulf]

RL call for movie computer physics actually.

A similar call was made by Orrin Hatch (utah senator) back in 2003, he wanted it mandatory that all computers in the US have a software triggered killswitch that would physically destroy the computer. Then give that killswitch to the RIAA member companies with no liability or oversight, for use in punishing suspected file sharers.


It's a pretty common idea by the computer illiterate, some virus or program to punish the "wicked" by breaking something that actually costs money and can't be fixed by a reinstall.

[Fix-it]

it is very very hard to cause actual hardware damage to a computer via software. they are specifically designed so that you cannot do it.

the closest you might get would be to get ahold of the material from the guy in europe who figured out how to access debug mode in AMD CPUs.

this article is stupid, and written by someone who does not understand how modern computers work.

[img]http://www.genehugh.com/blog/wp-content/uploads/2008/05/computer.jpg[/img]

[Jizmack]

I’ve been working for a high-tech company in Silicon Valley (San Jose, CA) for over 10 years, and my position involves interfacing with engineers from other companies to integrate sub-components into complex systems that involve mechanical (robotics, cryogenics, gas streams, hydraulics, etc.), electrical (CPUs, control circuits, plasma confinement, interlocks, etc.), and software (interface, programming, memory, data management, etc.).
Some projects required top security clearance.
The closest I have ever come to seeing a design to “fry the computer” was a government funded project, where an entire assortment of large semiconductor manufacturing systems took nearly completed circuits, added a radio-control high-voltage flash circuit with an antenna array to the circuit chips, and coated the whole chip with plastic explosives (yes, a physical vapor deposition process of highly explosive chemicals). Basically, they added a radio-control trigger to the circuit chips to self destruct (Mission Impossible Style).
The finished circuit chips were then shipped off to the US Military (for cruise missiles, if they failed and dropped into enemy territory the critical design circuits would self-annihilate to prevent reverse engineering) and maybe the CIA (cell phones…).
Anyway, in all my years of mingling with research teams of all sorts, I have never even heard of a software virus that can literally “fry the computer”. Using the input power line to fry the computer circuits is possible, but to destroy circuits with software alone is just unrealistic.

[Fortinbras]

You can, however, design an OS so bad the user shoots the computer Elvis style or, more likely, beats his head against the wall until he gets a concision.
I'll let y'all figure out which one it is.

[Kagetenshi]

You can, however, design an OS so bad the user shoots the computer Elvis style or, more likely, beats his head against the wall until he gets a concision.
I'll let y'all figure out which one it is.

Solaris?

~J

[Draco18s]

Keep in mind that the virus that attacked the Iranian nuclear facility was also attacking other computers around the world.

And if you do want to go that route, you have to know the very specific hardware that the server has and be able to actually DO anything to that hardware. It's real easy to cause problems at a nuclear facility (virus shuts off the cooling intake valve, and outputs "valve open" and the facility goes critical, but not from any physical damage the virus actually caused).

[Straight Razor]

i got a virus that flashed my BIOS back in 2002. that sucked pretty hard.

there is a firewall sold as BlackIce Defender, the brand has been around for years. back-in-the-day there was a hacker-ware version simply called black-IC it was great.

[CanadianWolverin...]

Oh and here I thought this thread would be about botnets aka distributed denial of service (DDoS) attacks, similar to what is presented here. http://news.netcraft.com/archives/2010/12/...s-decision.html

But couldn't one possible way of software physically damaging hardware would be through some method of getting the hardware to give instructions for a over heating scenario? I think of this only because of the one time my power supply and other fans in a computer (and in a later instance a laptop) a good number of years ago failed, the smell was pretty interesting and the inability of the computer to boot the O/S fun to play around with. My understanding of computers is only barely sufficient to play games on them, so is there a command(s) by which a computer can turn its cooling fans off that a malicious program could give?

[Blade]

There is a way to fry some old CRT screen by switching very fast through refreshing rates (including some unsupported ones), but it isn't very reliable.

Noawadays, what you can do is PDoS (Physical Denial of Service). A lot of computer hardware can have their bios flashed or some settings changed by the computer and sometimes even via the Internet. So you can hack this and replace the bios with your own which can prevent access to the hardware or even, in some cases, fry it (for example if you change the voltage and frequency settings of a GPU or if you stop the fans).

[Seth]

The only computers I have managed to break using software are:

• The very first release of the 6800 had an instruction called stop and get hot, which when executed shorted the power to the ground, and broke the chip (I have not been able to reference this...my google fu is weak so any links to it would be good)
• The second was the old commodore pet. http://www.6502.org/users/andre/petindex/poke/index.html. This had a software controlled screen, and there was a killer "poke" that would destroy the screen (which in those days was part of the computer)
• There are some laptops (I bought an acer laptop like this, and a friend of mine bought one too) that had weak cooling systems, and if you maxed out the cpu usage, and video card usage for an hour or so the laptop broke down (forever...goodbye £400)
• A computer controlled drilling machine cut through its own cooling system while in a 90 Celsius environment...very messy
• Stopping the fan on an old Perq computer very suddenly causing an electrical spike that causes a capacitor to blow which dripped berillium oxide onto a fan and caused the entire building to be evacuated, and the computer had to be disposed of as toxic waste
• A computer controlled welding machine that activated the welding without proper earthing...10,000V can make quite a mess of most computers

Thinking about it...maybe I have the gremlins flaw...

[Draco18s]

But couldn't one possible way of software physically damaging hardware would be through some method of getting the hardware to give instructions for a over heating scenario?

Its very difficult to do that, as all instruction sets are capable of being processed at the same efficiency.

What causes over-heating is a lack of cooling, and is independent of the instruction set.

The most you can do is cause the hardware to merely crash (generally by performing a buffer overflow or other memory related error--heap collisions, stack errors, etc.).

[Kagetenshi]

The only computers I have managed to break using software are:

• The very first release of the 6800 had an instruction called stop and get hot, which when executed shorted the power to the ground, and broke the chip (I have not been able to reference this...my google fu is weak so any links to it would be good)

Halt and Catch Fire is a long-standing joke instruction attributed to many chips over the years.

Its very difficult to do that, as all instruction sets are capable of being processed at the same efficiency.

That's untrue; never mind details like CISC compatibility layers, DIV simply requires more power than ADD.

(Well, I think it's untrue—now that I think about it, I'm not entirely sure what you're saying here)

~J

[Draco18s]

Halt and Catch Fire is a long-standing joke instruction attributed to many chips over the years.

There's also the error embedded in the Linux kernal for lp0: "Printer on Fire."

Dates back to a very large printer and when there were only two bits for printers: online/offline and error/no error.

The printer used a huge spinning drum and was cleaned with alcohol. Because of the risk of fire the error code was written to assume the worst possible when the printer error'd (eg. jammed). The high friction of the 2400 RPM drum, cleaned with alcohol, with paper clogging the system....it was possible it could catch fire, although there are no known instances where it actually happened.

[Fix-it]

There's also the error embedded in the Linux kernal for P01: "Printer on Fire."

those were the days. when printers were hardy enough they would overheat, catch fire, you'd put it out, then they would continue working. now they jam if you sneeze too hard.

[Draco18s]

those were the days. when printers were hardy enough they would overheat, catch fire, you'd put it out, then they would continue working. now they jam if you sneeze too hard.

They don't make 'em like they used to.

[Doc Chase]

They don't make 'em like they used to.

And you had to slog through the perforations from the old printers, and it was up on the fourth floor.

*shakes cane* You kids get the hell off my LAN! I didn't fight the Baudis for you to take your bandwith for granted, with your 56k and 28.8! In my day, we had 2400 and we liked it!

[tete]

it is very very hard to cause actual hardware damage to a computer via software. they are specifically designed so that you cannot do it.

the closest you might get would be to get ahold of the material from the guy in europe who figured out how to access debug mode in AMD CPUs.

this article is stupid, and written by someone who does not understand how modern computers work.

[img]http://www.genehugh.com/blog/wp-content/uploads/2008/05/computer.jpg[/img]

Its not that hard when your programming the hardware for something that gets hot or something where you can set volatge and amperage. All it takes is putting the wrong number in the wrong register... I went through 3 power supplies on a monitors once due to bad code trying to set an energy saving mode. Granted I'm programing the EProms in Assembly and not writing C code in Windows. (I still count that as software but you may not)

[Draco18s]

Its not that hard when your programming the hardware for something that gets hot or something where you can set volatge and amperage. All it takes is putting the wrong number in the wrong register... I went through 3 power supplies on a monitors once due to bad code trying to set an energy saving mode. Granted I'm programing the EProms in Assembly and not writing C code in Windows. (I still count that as software but you may not)

Yes, however most webservers aren't attached to any hardware that can be controlled in that manner.

Like I said, a computer making a nuclear power station going critical: possible.

A computer making itself turn into a pile of slag: not.

[Sengir]

(for example if you change the voltage and frequency settings of a GPU or if you stop the fans).

With all the power and noise management features today this would actually be not too hard. But if a modern CPU/GPU/[anything else with its own processor] gets too hot, it simply shuts down and that's it...in other words, the 1337 hardware hack would do the same thing writing "shutdown /s" in a batch file does (IMG:style_emoticons/default/wink.gif)

[Seth]

Like I said, a computer making a nuclear power station going critical: possible.

Fortunately not. I have worked on these system so let me tell you about one of them
There are 4 parallel systems:

• 2 independant Laddic networks Laddic networks. There are no significant fail dangerous modes for laddics
• 1 OR-gate based (each or gate is a separate Integrated Circuit).
• 1 Computer based

If any one of them is operating, the reactor (which is already going critical) cannot go bang. Each one has multiple fail safe modes.

[Draco18s]

Fortunately not. I have worked on these system so let me tell you about one of them
There are 4 parallel systems:

• 2 independant Laddic networks Laddic networks. There are no significant fail dangerous modes for laddics
• 1 OR-gate based (each or gate is a separate Integrated Circuit).
• 1 Computer based

If any one of them is operating, the reactor (which is already going critical) cannot go bang. Each one has multiple fail safe modes.

It depends on the construction of the reactor, sure. The ones in the US, I would imagine, have a fair number more fail-safes* than the ones in Iraq.

*I did an interview for the power company here near Philadelphia, and one of their security measures on this building (which monitored the power grid) was that no one knew where it was, even if they had directions. The sign saying they were across the street didn't help either. On top of that, they had draw bridges around the parking lot.
Interestingly enough, the building was labeled, although in bronze or brass lettering on the brick wall, that at that time of day made it neigh invisible for some reason when I drove by.

[Doc Chase]

So they warded it against intrusion? (IMG:style_emoticons/default/nyahnyah.gif)

[KarmaInferno]

Fortunately not. I have worked on these system so let me tell you about one of them
There are 4 parallel systems:

• 2 independant Laddic networks Laddic networks. There are no significant fail dangerous modes for laddics
• 1 OR-gate based (each or gate is a separate Integrated Circuit).
• 1 Computer based

If any one of them is operating, the reactor (which is already going critical) cannot go bang. Each one has multiple fail safe modes.

That depends if the ones in Iran were built properly.

Remember that these folks weren't even running licensed control software. In at least one photo of the facility you can clearly see on the screen a message window asking the user to purchase and register the software license.



-k

[Draco18s]

So they warded it against intrusion? (IMG:style_emoticons/default/nyahnyah.gif)

They must have, it certainly kept me out!

Now, if I'd been thinking and connected the company name with "manages the power grid in three states" at the time I might have picked up on the "building with draw bridges" as being the right place.