a verifiable & measurable example...
lets see. if one is using compaq hardware on win2k or winXP in a default install from compaq. they will have the compaq remote management tools installed.
this allows me to remotely flash update the targets BIOS. this has the effect of killing the computer dead in its tracks and the user unable to erase the hard drives just as someone from the RCMP or whomever knocks on his door... [who later rip out the hard drive for detailed forensics]
thats one small example. I've done this operationally and for the benefits of my clients in live personal demonstrations.
the battle cry of the systems auditor..... SHOW ME.
does that count as hacking hardware? or perhaps hacking a methodology as implemented by compaq with regard to systems management for enterprise clients. [who happen to like remote management]
hence, threat risk assessment comes into play. [to manage exposures and put tangible dollar values on things]
dont anyone forget, there actually are 3 sub-global wars happening right now and things are different.
a decade ago, when i was working in ottawa. I saw the michelangelo virus show up on the front pages of magazines and newspapers shouting GLOOM AND DOOM ALL FEAR DOOMSDAY.
and nothing happened. [just like Y2K hysteria]
[they were merely trying to sell newspapers and magazines based on fear, uncertainty and doubt]
the mainstream media can be incredibly and intensely irresponsible at times. [just look at SARS]
I suggest people just take it all with a pinch or more of salt and just relax.
Make love not war. [war smells really bad]
