Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×


  • Posts

  • Joined

  • Last visited

  • Donations


About pointertovoid

Profile Information

  • OS
    none specified

Recent Profile Visitors

3,576 profile views

pointertovoid's Achievements



  1. Thanks Jaclaz! I'd need more evidence before involving little green men in this story (or elsewhere). And I'd like to know why a mobo with a new battery should lose the date. Or even two mobos. So I'm still interested in testimonies: did other people observe an abnormal clock reset on their mobo? Thank you!
  2. Hi everybody, nice to see you again! I had imagined that resetting a computer's clock might be a way to weaken its encrypted communications, especially if they are as poorly programmed as what the cited webpage gives as an example. Recently at my close relatives, two computers have shown abnormal clock resets. At my old mother, the Cmos' battery was empty. I replaced the battery with a new one from a reputed brand bought in a closed package a quarter hour before, I set the clock, and the computer worked properly. A week later, this computer lost the date again. The computer was far from me, I got the account over my mother. At my nephew, who is comfortable with Pc hardware and can replace a battery, the computer with a recent battery lost the date. I had expected a reset date like 01 Jan 2000 or 01 Jan 1970, as usual with an empty battery, but at my mother's machine it was like 31 December 2001. So: did you observe something similar recently? The alternative explanation would be a malware that sets the computer's clock, possibly to exploit the weakness I outlined above. I could admit a hardware defect drawing the battery empty at one mobo, not at both. Thank you!
  3. Thanks Jaclaz! Yes, that's about what I plan. I had already good Apacer Cf, though I didn't use them for very long. Good experience with Transcend EXCEPT that in their 300x 8GB, they put Mlc chips without warning and contrary to their datasheet that promises Slc. Recently, two Toshiba 32GB 1000x went broken at the same time on two different readers - still not understood, maybe a high-tech Usb virus. So I consider Sata instead of Usb. I already had an adapter, or cartridge, for Ssd on Sata. My bad experience is that the connectors went broken after months, with random bad contacts. Avoid them, everybody - unless someone can report a good specimen he used for an extended period. Meanwhile, I connect and remove my Ssd on plain long cables daily, without a cartridge, and this is reliable over years. So I hope to do the same with Cfast, as I do need a smaller format than Ssd. My main concern would be some incompatibility between signalling voltages or a similar bad joke that plagues Cf cards. You know, Pata ports in 5V and some Cf cards that need 3.3V for Udma, or even fail to transmit properly on 5V. More reports, opinions, comments?
  4. Hello everyone and everybody, nice to see you again! I consider switching from CF (on USB reader) to CFast Flash cards. Has someone experience with them? From what I understand, the electric interface is Sata/6000 or Sata/3000 but the connector differs, needing an adapter card. Correct? Is there any bad joke with Sata and CFast, like the varied signalling voltages that plague CF cards? I plan to buy some Chinese adapter card, as they comprise essentially two connectors and copper lines in between, plus seemingly a regulator. Thoughts? The CFast cards I covet have 32GB and Sata/6000, my mobo has Sata/3000 from Intel's ich10r, ran with W2k and Xp, maybe Seven some day if needed. Opinions? I can live without the hot plug and unplug, and have some 3rd party software to force-eject a disk. Other thoughts? Thank you!
  5. My answer is late and sketchy, sorry... I only tried Nt4 briefly, so this is more repeating what I've read than first-hand experience. Most slipstream tools for 2k and later base on the slipstream capability that Microsoft built in the updates. This did not exist for Nt4. Nevertheless, some enthusiasts did write software to slipstream updates into Nt4, including the Sp6a. Do I remember that at least 3 such exist? I don't have my notices here. I saw a workaround, using an F6 diskette, to provide Lba access to a disk right from the beginning of an installation. Possibly a servicepacked version of acpi.sys on the diskette, plus some text files telling to use it. Whether this can provide Lba48 too? My answer may be 40dB behind what you already know... Apologies in advance.
  6. Not necessarily. The weakness results from the CPU restoring imperfectly its state when an exception occurs. Speculative execution makes restoration difficult, but alone it doesn't imply a weakness. From Intel's list, the Core 2 for instance seems immune, with the design flaw beginning at Core i3/i5/i7. I trust Intel's list (...which can evolve) better than arbitrary claims from other sources, which often rely only on the presence of speculative execution, a very old feature indeed. I wonder: exceptions occur much more frequently than after a violation of memory protection, including during legitimate operation of the OS and applications. If the restoration of state is faulty, then the CPU must introduce erroneous behaviour in the machine. This hasn't been observed before?
  7. In the very few past hours, eBay and Paypal show the same symptoms of bad operation as during the two last attacks by Wannacrypt and its successor. Just in case a new wide attack has started, take your precautions!
  8. I've just tried on a 32 bits Windows Seven that I installed minutes before alone on its disk. I suppose the session has administration rights because it accesses the Device Manager. Nearly the same happens as with W2k and Xp. Minor change: Seven installs its v6.1 driver when I insert a CF and runs long enough to show me it comprises disk.sys and partmngr.sys, after what it freezes too. Disconnecting then the reader doesn't heal.
  9. Meanxhile I've had a Firewire 400 (1394a) reader from Lexar. It worked right after connecting to my mobo (chip TI Tsb43ab23), without adding drivers, on W2k-Xp that brought the OHCI drivers, and on Linux (Ubuntu 14, GPartEd and others). Said to be fast, but it was slow on my computer. I can't exclude that Lexar changed the chip over time. Sold again. I've just received a FW800 (1394b) card on Pci-E and a CF-card reader on FW800 and they don't work. Please help! ---------- The Pci-E card is a new Iocrest SY-PEX30016 with a TI chip XIO2213BZAY. Both W2k and Xp install their OHCI driver which is said to suffice for FW800. Everything looks fine in the device manager, as described by Iocrest. I also tried the Unibrain Firewire driver on W2k, it installs too and the device manager shows it. Linux starts with the card, I can't analyze more. The CF reader is a Sandisk extreme Firewire SDDRX4-CF bought used from a Mac user who claims it works. About zero doc available from Sandisk, I shall remember that. If I connect the reader when the OS runs, no additional disk reader is shown by Win nor Linux, but they run. Same if I boot the OS after connecting the reader. If I insert a CF (both 32GB UDMA 7 and 4GB UDMA 4, both formatted), the device manager refreshes after 10s as it uses to when detecting a new hardware, then Windows freezes but Linux doesn't; the device manager and task manager stop before the applications. I have no time to access the Disk manager. The Cpu fan doesn't accelerate. If I insert the CF then connect the reader to the running machine, the same happens as if inserting the CF. If booting with the reader and the CF, both Windows and Linux freeze. The Unibrain driver does nearly the same: it fails some seconds later, giving time to see on the device manager that Windows tried to install a disk driver but failed. ---------- I suppose that the new FX800 card is sound, as it gets its driver and detects the reader. A sound SDDRX4-CF is rumoured to work with Windows 98-Seven with the built-in drivers and shouldn't freeze Linux. Comments, ideas, suggestions, explanations...? I'm in the mood of returning the reader to the seller but wouldn't like to be unfair.
  10. You can see some images where the magnetic polarisation is read at a small scale, for instance here http://aip.scitation.org/doi/full/10.1063/1.4944951 especially the Fig. 5 http://aip.scitation.org/na101/home/literatum/publisher/aip/journals/content/adv/2016/adv.2016.6.issue-3/1.4944951/production/images/large/1.4944951.figures.f5.jpeg at a perfect scale for hard disk drives.
  11. OK. The argument with the second law doesn't apply and was pseudo-science. The second law has nothing to do with puzzles, and everything to do with entropy, internal energy, temperature, enthalpy and the likes. You know, the integral of dQ/T. Now, the time needed. The attacker doesn't need to read every atom. Once he has found where the information was imperfectly erased on the whole track, that is, a bit outwards or a bit inwards, he needs to read a bunch of atoms per bit only at that imperfectly erased circle. The speed of a tunnel effect microscope can be over 10,000 atoms per second; it would seem logical that spin-sensitive STEM is about as fast, but I don't have the figures. The scale at a Hdd isn't what you describe. If the contiguous read is 150MB/s at 3.5" and 7200rpm, bits are some 20nm long including sync and redundancy, which still makes 100 atoms long, and tracks for 500GB platters are 180nm apart or 1000 atoms. Even if not every atom was oriented (this happens at a bigger scale with several Weiss domains) and some uncertainty remains, reading 100 atoms at one proper radius suffice to get the information free of noise. Nothing of a puzzle here. A badly (=single-pass zeros) erased HDD still contains the sector sync, the redundancy, the information bits recoverable by the spin-sensitive STEM. Once the attacker has read the sectors, he can reconstitute also the folders and files, still well-ordered. Reading a complete 500GB platters is still slow, but we don't have to image individual atoms here, rather groups of 100, and this must be faster. The reading machine being anyway specialized to rotate the platter instead of translating, it can also have many read tips. And since the partition table, partition header and file system is readable, the attacker can read only the files he wants. The spin-sensitive STEM is just the answer to smaller bits and perpendicular recording. All the rest is identical to information recovery on a damaged HDD or a damaged partition and is banal.
  12. Thanks! I'll make a test with Tor at https://panopticlick.eff.org/ . Further observation meanwhile: Paypal refuses to open a session from Tor, so there is some means to distinguish it from other browsers.
  13. I take good note of Nist's statement, paragraph 2.3 on page 6: "Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack." Though, this document is from 2006. Did they have spin-sensitive tunnel effect microscopes back then? https://en.wikipedia.org/wiki/Spin_polarized_scanning_tunneling_microscopy the first referenced article dates from 2009. Such a microscope lets observe the magnetic polarization of single atoms, for instance at locations where the write head put the sensitive data, and that the erase pass didn't overfly accurately enough.
  14. What lets you suppose and even write that? I'm an expert for electromagnetism and hold two MsC for electrical engineering, including microelectronics.
  15. Now that sounds like a pseudo-science argument: "The 2nd law of Thermodynamics describes such a fact." Beware I'm a physicist and I'm easy with thermodynamics, as more people here may be. And citing that law didn't impress me Quite the opposite. Jaclaz has provided articles that did not tell what he claims. In fact, the author of the original paper still recommends presently two multi-pass erase software. Sorry but, after two pages of arguments and references, your one-line strong statement isn't convincing.

  • Create New...