Profile picture
Robᵉʳᵗ Graham X🅂 Max @ErrataRob
, 5 tweets, 1 min read Read on Twitter
In case you were wondering, the "baseband managment controller" is a wholly separate computer inside your computer, either layered on top of your existing Ethernet controller, or even with it's own separate Ethernet port.
supermicro.com/products/nfo/I…
It runs it's own operating system, often Linux. Putting your own flash chip, or even updating the correct flash chip with your own image, allows you to subvert the code and install your own malware/virus into the computer, regardless of the "real" operating system installed.
Thus, your BMC "virus" can then contact a C&C server on the Internet and download more interesting things to the server. This more complex code can first check the "real" operating system installed.
At that point, it's trivial to read/write memory of the "real" operating system to spread malware to that system and do evil things.
To read further on how such hacks would work, look for all the various DMA and SMBUS hacks over the years.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham X🅂 Max
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
1/ Well, to answer this, sign up for the phone company's family plans designed to allow you to track your children. It's hit or miss, sometimes very accurate, sometimes not.
2/ Modern phones and towers have multiple abilities to track your location. For one thing, because of speed-of-light delay, the tower must know your distance from the tower to within 100 meters.
3/ Next, towers know which directional antenna your signal arrives on. This gives them a 120° arc within which to locate you, the closer you are to the tower, the more accurate that is, of course.
Read 13 tweets
Profile picture
1/ In regards to my tweets today about "institutions" that make us great, let's talk about journalism and "both-sides-ism". Nobody likes it, but those who disagree with us are still reasonable people, the are multiple sides to every debate. This is why a free press is valuable.
2/ Let's take "anti-vaxxers" for a moment, which I assume you'll agree are "batshit crazy" and not "reasonable" in any fashion. Yet, we still have a "both sides" issue. Even if "vaccines cause autism" argument is garbage, we still debate whether governments can force vaccines.
3/ It's the same argument whether governments can force you to donate a kidney. Or force you to donate bone marrow (which is relatively harmless to the donor). Or force a woman to cary a baby to term.
Read 9 tweets
Profile picture
1/ Also a good lesson for 2019, let's talk about General McChrystal's firing. What makes America great is that we have stable, independent institutions, rather than rule by a despot. That includes an independent press, courts, ... and a military.
2/ General McChrystal was critical of President Obama's policies in a piece in Rolling Stone. This was an attack on the institution of our military. Generals take their orders from the Commander In Chief, they don't publicly criticize their commanders. Therefore, he had to go.
3/ It's because we believe in "institutions" that McChrystal had to go. This is why Trump is uniquely bad among recent Presidents. It's not that he's left or right wing, it's that he's attacking all the institutions that make America great.
Read 11 tweets

Related threads

Profile picture
BTW, in case anyone was wondering, yes: you can totally use Applesauce by running macOS inside a VM and using USB pass-thru.
(Linux/Windows support is planned, but not available yet)
and this tool can help you get a working macOS install inside VirtualBox:
Read 3 tweets
Profile picture
In case you're wondering why many of us don't use the term "Ultima Thule" for 2014 MU69:
Personally, I think it's bad scicomm practice even without the Nazi connection (which is a horrible thing to say, but whatever). It's an obscure term, an inaccurate term, and an aggrandizing term.
At the risk of yet more mentions chaos, let me add a few things, and an apology. [thread coming]
Read 13 tweets
Profile picture
@LargeCardinal The group messaging mechanism is very different. In Signal (app) group messages are layered on top of the existing pairwise messaging system. To add a new user, you (an existing user) have to send encrypted control messages to each existing user. The server can’t do this.
@LargeCardinal In fact, the Signal server doesn’t even know what a group message is. As far as it’s concerned, when I send a message to a group of N people, it just looks like I’m sending a bunch of pairwise messages at the same time.
@LargeCardinal In WhatsApp (as of a few months ago) the server knows what group messages are. It actually sends special control (add/remove) requests to the members of the group, and it handles multiplexing group messages to all of the other users.
Read 4 tweets
Profile picture
Layered on top of previous mistakes, California's DMV finds an additional 1,500 people (including non-citizens) wrongly registered to vote under new system latimes.com/politics/la-po…
These errors, which included non-citizens, are in addition to the roughly 23,000 registration ‘mistakes’ disclosed by the DMV last month.
In addition to the 23,000 registration errors disclosed last month, the system mistakenly sent out double registration forms for some Californians who had visited the DMV in the spring.
Read 3 tweets
Profile picture
Today we release a new analysis revealing how police unions and associations prevent California lawmakers from addressing police violence. A thread. (1/x) checkthepolice.org/california
More people are killed by police in California than any other state. And yet, since 2011 a network of police associations has poured $5.5 million into the campaigns of California’s state legislators - especially Democratic officpas who don’t support police reform.
The scale of influence police associations have in California cannot be understated. They funnel *200 times* as much money into candidates’ campaigns as the NRA and have helped to fund the campaigns of 118 of the 120 current members of the California legislature + the Governor.
Read 10 tweets

Trending hashtags

#autismwomen #permit #veterinary #Italian #license #producers #HouseOfCommons #GATT #MFN #TIP #SPS #freely #FCEV #Syria #type #Troublemakers #Brexit #importation #Green #drinks #gearbox #UK #señoras #Turkey #Ghouta

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!