Poseidon will refuse to load the usb.device with the next update. I could verify that the offensive RDB-killer code is inside the driver version (1.2) I had here.
Permission to distribute Poseidon with their software has been withdrawn.
Dear Poseidon Users,
in the last few days, there were rumours posted to ann.lu, claiming that
the usb.device, that is provided by Elbox Computer Inc. for the Spider USB
PCI card would contain malicious code. This code was posted disassembled
on various websites. This source code, if assemblied into an executable,
would indeed have the ability to kill the RDB (if it was found in block
0). Code destroying data on purpose like this is illegal in most countries
(including Germany) and moreover, is one of the ethically worst things
I've ever seen.
As the source of this security warning was an anonymous poster and
therefore was not reliable, I wanted to check for myself. So I loaded the
usb.device (some friendly Mediator user sent me, as Elbox never offered me
a SpiderCD to check the contents of the CD), let it decrypt itself and
just searched for the 'RDSK' string in the driver (as seen on the
disassembled source code on the websites). No disassembly was used. The
string was found. I could therefore verify that the offensive code is at
least in version 1.2 of the device, I had here to test (there is
absolutely NO reason why 'RDSK' would appear in an usb hardware device
driver).
I gave Elbox the chance to clear things up in public by posting an apology
and removing the code. They didn't. Instead, they said that all my
"doubts" would be answered in the press statement released yesterday and
ignored the consequences that I already had proposed to them.
Well, my "doubts", which actually are facts, that I could see with my own
eyes, remain. Any Mediator user can check this by using a memory monitor
and searching for the usb.device in memory (after loading up Poseidon) and
see, if there's the 'RDSK' ID string within the next 10000 bytes.
As a consequence, I have to warn Mediator users that their machine is in
danger, when running the usb.device. In the non-memory protected Amiga
environment it might get damaged at any time and then cause the routine
that kills the RDB to become active. The next update of Poseidon will
refuse to load up the usb.device, if it detects malicious code. This is
to protect yourself from damage and myself from being held liable for any
loss of data or damage done.
Moreover, I hereby withdraw the permission to include Poseidon in ELBOX's
software distributions, until they
a) admit, that the code was in their driver,
b) admit, that they have constantly lied to the users,
d) have placed a public apology for the first time in their life,
c) and have removed any malicious code.
I don't want Poseidon to be included with third party software, that's
highly illegal and whose originators don't deserve any trust.
I do understand that people try to protect their work from being hacked. I
do this too, but not by risking the data of legal users and I cannot
tolerate this offensive behaviour any longer (I admit, I'm again rather
upset and therefore this statement is not as objective as it could have
been).
The Spider users out there are adviced to confront Elbox with the demands
mentioned above, so to allow Poseidon again accept the usb.device driver.
I hope that you believe the facts and my worries and understand the steps
taken.
Best regards
Chris Hodges
|