btw, there was also a Syser debugger, developed as a replacement for SoftICE, I never used it, except playing with it a little, few years ago, it was nice experience.
Although I heard they stopped the development, a little google -ing found a page with fresh release and win10 support claim, but I have no idea, how the legitimate is it
https://qpdownload.com/syser-debugger/
Would appreciate to hear any info about current status of Syser
UPDATE:
Just FYI, after lurking a bit over the github repo and associated links, found that gihub repo maintainer seems to be a pretty qualified reverse engineer, for example, he made his own independent skype protocol reconstruction
(https://marakew.github.io) and the README.md in gihub repo say, that Syser sources were lost due to the corrupt flash drive, so I guess he was one of the (author?) developers of Syser.
Still would be happy to hear more, if somebody know the full story.
In short, Le Roux was the original author (under the name E4M) was later hired by Hafner to write a commercial disc encryption system together with Hollingworth who authored ScramDisc.
Later Le Roux released E4M under its new name TrueCrypt, and the commercial team (with Tesarik as its maintainer) sued him.
Thanks, I was not aware that Wikipedia mentions David Tesařík.
From what I can see in Wikipedia article, there is nothing about David Tesařík's legal dispute with Le Roux, actually it says that Le Roux had a dispute with SecurStar (a company which wanted to develop commercial disc encryption system).
Team member David Tesařík stated that Le Roux informed the team that there was a legal dispute between himself and SecurStar, and that he had received legal advice not to comment on the case. Because of this, he was unable to confirm or deny the legitimacy of TrueCrypt, keeping its development in limbo.[13][14] A new version was released in June,[15] but with a different digital signature and the developers now being referred to as "the TrueCrypt Foundation". The project received funding, the source of which is equally unclear.
Altogether, it is still unclear how much Le Roux participated in TrueCrypt development (except E4M legacy), but it is clear that David Tesařík was one of the main developers of TrueCrypt
Bit off topic, but in some sense, I really miss old DOS/Windows virus scene.
A lot of people was writing viruses just for fun, and they were inventing very clever technics, such as polymorphic/metamorphic code or advanced anti debugging/disassembling tricks (which nowdays you can find in Denuvo :D ). Nowdays most of the malware are just money grabbers without any art in them, as a proof of my words - till now nobody were able to beat Z0mbie's "Zmist" from 2002
> The Whale virus is a computer virus discovered on July 1, 1990. The file size, at 9,216 bytes, was for its time the largest virus ever discovered. It is known for using several advanced "stealth" methods.
At the time, as the wikipedia page says, I was amazed at the size of the thing! I got a couple of my own (academic) creations included in various lists, and at the time I was completely amused that they often had such gems as "Origins: Romania".
I was never terribly invested in the scene, but I did read a lot of the zines, 40hex, and similar, and because I was interested in low-level coding I would often decompile virus-samples and experiment with similar techniques, especially when the polymorphic engines started to appear.
I think on of the best attempts to fix calendar system was done by George Eastman (Kodak founder), who presented "International Fixed Calendar" created by Moses Cotsworth to League of Nations in 1923. At that time League of Nations was trying to redesign current calendar system and was accepting different proposals.
Unfortunately they failed to come to consensus between different calendar designs :(
E-cig has been promoted as noncarcinogenic and a safer substitute for tobacco. In fact, recent studies show that E-cig smokers, similar to individuals on nicotine replacement therapy, have 97% less 4-(methylnitrosamino)-1-(3-pyridyl)-1-butanol (NNAL), an isoform form of NNK, a tobacco nitrosamine and lung carcinogen, in their body fluid than tobacco smokers.
Many people will now start to dig in. War is started and I hope somebody will find a way to totally remove/replace(with a stub) Intel ME before some critical vulnerability will be discovered in the Intel ME's network stack.
Here's hoping. Intel did a great job hiding the thing and making it all but impossible to remove (at present if you nuke the firmware, the CPU will totally fail to initialise. Thanks Intel!). That said, we're talking about an embedded device with very low-level code, and any 'disabling' code is probably going to be distributed in binary form. Stands to reason somewhere along the lines, someone is going to turn that around for their own benefit.
me_cleaner already exists[1], and it takes advantage of several flaws in Intel ME's signing to remove large sections of the code thus neutering it. Some code still exists, but Intel ME cannot actually fully initialise on "cleaned" systems. Older machines used to have a bug where if you filled the first half of the Intel ME firmware with zeros the machine would boot but ME wouldn't start at all.
But yes, I hope that with this it'll be possible to completely remove the remaining few hundred kB of Intel ME code remaining.
> That is, is a "cleaned" system vulnerable to a USB device?
of course it is, because the USB DCI attack is one level below the Intel ME. Even if it is deactivated via HAP, which basically simply puts the ME code into an infinite loop or a CPU halt state - both can be reversed by JTAG.
I don't know, because there is very little detail about what this attack is and how it works. It looks like they managed to thwart whatever protections exist in the USB DCI (Direct Connect Interface)[1] which is a debugging system for Intel chips.
If they have full debugger access to what's running in Intel ME then removing the code from the firmware probably doesn't make a difference (assuming they can run un-trusted code in that context). If they cannot write their own code and so an attack requires ROP gadgets then removing the code might make it harder (or impossible) to do, but I doubt it.
DMA-based attacks are blocked by the IOMMU, which is present in all modern machines (and has been for a few years). Linux has preferential enablement of DMA such that the IOMMU is initialised first, so even plugging in a device in early boot will not be able to exploit DMA.
Huge corporations backed up by gov agencies with a lot of time, money and skilled people VS a few people working for free because they believe they should. Not a fair fight.
On Monday, Positive Technologies researchers Dmitry Sklyarov, Mark Ermolov, and Maxim Goryachy said they had found a way to turn off the Intel ME by setting the undocumented HAP bit to 1 in a configuration file.
HAP stands for high assurance platform. It's an IT security framework developed by the US National Security Agency, an organization that might want a way to disable a feature on Intel chips that presents a security risk.
The Register asked Intel about this and received the same emailed statement that was provided to Positive Technologies.
"In response to requests from customers with specialized requirements we sometimes explore the modification or disabling of certain features," Intel's spokesperson said. "In this case, the modifications were made at the request of equipment manufacturers in support of their customer's evaluation of the US government's 'High Assurance Platform' program. These modifications underwent a limited validation cycle and are not an officially supported configuration."
"Intel does not and will not design backdoors for access into its products. Recent reports claiming otherwise are misinformed and blatantly false. Intel does not participate in any efforts to decrease security of its technology"
We can all rest easy now that Intel has come out and public said this, right?
https://qpdownload.com/syser-debugger/ (I am not sure how much is this link legitimate, so please be careful)
https://github.com/marakew/syser