19-Apr-2024 01:13 GMT.		 UNDER CONSTRUCTION
Anonymous, there are 39 items in your selection
[News] KDH drops the sale of Spider USB PCI cardANN.lu
Posted on 15-Nov-2002 13:30 GMT by KDH Datentechnik39 comments
View flat
View list
KDH Datentechnik has stopped the sales of Elbox Spider USB PCI card until further clarification and resolution of this Elbox USB driver problem.
KDH drops the sale of Spider USB PCI card : Comment 1 of 39ANN.lu
Posted by q on 15-Nov-2002 12:34 GMT
Shall the same thing happen to all mediator products, if the same code is in pci.library?
KDH drops the sale of Spider USB PCI card : Comment 2 of 39ANN.lu
Posted by q on 15-Nov-2002 12:35 GMT
In reply to Comment 1 (q):
I really hope this thing is solved quickly, since I'm seriously thinking about buying Elbox Mirage 4000 Pro...
KDH drops the sale of Spider USB PCI card : Comment 3 of 39ANN.lu
Posted by Peter Gordon on 15-Nov-2002 12:44 GMT
Oh dear. I guess the ball is firmly in Elbox's court now...
KDH drops the sale of Spider USB PCI card : Comment 4 of 39ANN.lu
Posted by redrumloa on 15-Nov-2002 13:38 GMT
This is smart of KDH, and frankly I'd be surprised if the other distributors/dealers did not do the same.
The potential for major liability is BIG. Could you imagine if the latest OS4 build on a Frieden's computer got thrashed because of this? I know this is highly impossible because they aren't using Mediators for development, but it is a good example.
KDH drops the sale of Spider USB PCI card : Comment 5 of 39ANN.lu
Posted by Lando on 15-Nov-2002 13:45 GMT
In reply to Comment 4 (redrumloa):
I agree. I have been a very big supporter of Elbox and have defended them but what they've done this time is unforgiveable. I've bought a Mediator 1200 and a Mirage 4000 Pro with Mediator 4000 and I was going to buy the new Mediator 4000Di too.
But not now. Now I wouldn't buy another Elbox product ever. What they've done with their actions is show their utter contempt for the people who buy their products.
I hope other Elbox re-sellers (Power Computing, Vesalia) follow KDH and stop selling the Spider.
KDH drops the sale of Spider USB PCI card : Comment 6 of 39ANN.lu
Posted by Anonymous on 15-Nov-2002 14:09 GMT
I welcome this decission. KDH is a good antetype here.
KDH drops the sale of Spider USB PCI card : Comment 7 of 39ANN.lu
Posted by David on 15-Nov-2002 14:59 GMT
In reply to Comment 5 (Lando):
>I hope other Elbox re-sellers (Power Computing, Vesalia) follow KDH and stop selling the Spider.
Why? With this move KDH proves only that the objective of all this spreading FUD against Elbox is selling other USB cards. It is KDH distributing E3B products. They know that Elbox Spider is way better than all their Highways and Subways...
KDH drops the sale of Spider USB PCI card : Comment 8 of 39ANN.lu
Posted by Anonymous on 15-Nov-2002 15:09 GMT
In reply to Comment 7 (David):
> Why? With this move KDH proves only that the objective of all this spreading FUD against Elbox
> is selling other USB cards. It is KDH distributing E3B products. They know that Elbox Spider is
> way better than all their Highways and Subways...
You are totally mistaken here. This is not the point I think. the problem is
a) No serious company is going to sell Hard/Software to customers where they know that this product may cause damage to their Systems.
b) It's illegal selling such Software in germany.
c) The reseller don't want to take responsibility for possible damages. You know the warranty says that you first need to contact the company where you bought the Hard and Software. In this case KDH and I doubt that they want to deal with unhappy customers where this problem may have occoured or where they know this may occour.
d) With stopping the sale of the Spider they showed their customers in Germany and around the Europe countries that KDH is a reliable and trustful company where you can buy serious Hard/Software.
This has nothing to do with the Hardware being better or not. It just a matter of seriousity. To summarize it Elbox simply shot into their own head by this tactics. They are full paranoia with such kind of software protection. They wanted to avoid that other people gonna rip their devices (as if anyone cares for a shitty device) because they are worried to lose 1-2 customers.. and now with that attitude they lost not 1-2 ... they lost 1000-2000. Personally I don't plan to buy Elbox hardware.
KDH drops the sale of Spider USB PCI card : Comment 9 of 39ANN.lu
Posted by Alkis Tsapanidis on 15-Nov-2002 15:23 GMT
In reply to Comment 7 (David):
Only if it was REALLY fud... It's not...
KDH drops the sale of Spider USB PCI card : Comment 10 of 39ANN.lu
Posted by jake on 15-Nov-2002 15:36 GMT
In reply to Comment 7 (David):
don't know what to think about this, :/ this arrogance from Elbox just want's me to go a use some emetic,
i hope some1 makes an law suit, that kind of threat is Elbox using all the time against other people when some one writes their thoughts/thinking about Elbox company, and Actions.. about time they taste some of their own medecin ;)
KDH drops the sale of Spider USB PCI card : Comment 11 of 39ANN.lu
Posted by KDH Datentechnik on 15-Nov-2002 15:44 GMT
In reply to Comment 7 (David):
KDH is convinced that neither Chris Hodges nor Christian Boehmer create or spread an FUD as you want us to believe. KDH will start selling the Spider again if we get an replacemnet for the Spider software (on CD) and the actions requested by Chris towards Elbox have taken place.
KDH drops the sale of Spider USB PCI card : Comment 12 of 39ANN.lu
Posted by q on 15-Nov-2002 16:05 GMT
In reply to Comment 11 (KDH Datentechnik):
Still I want to ask my question again:
If this same malicious code is indeed included in pci.library (that comes with every mediator) too, what will happen to them, not just spider-usb?
KDH drops the sale of Spider USB PCI card : Comment 13 of 39ANN.lu
Posted by Piru on 15-Nov-2002 16:08 GMT
In reply to Comment 12 (q):
http://ann.lu/comments2.cgi?show=1037284998&category=news&number=85
KDH drops the sale of Spider USB PCI card : Comment 14 of 39ANN.lu
Posted by KDH Datentechnik on 15-Nov-2002 16:17 GMT
In reply to Comment 12 (q):
Sorry I missed your question the first time. Here is our position:
If the same code is included in other Elbox products too(e.g. pci.library), we certainly will drop the sales of these products also. But you have to understand that our main business is not the investigation of Elbox products. We want to sell products and we want to sell Elbox products too, and we do assume that the manufacturer doesnt take this approach to save his investment. There have to be other and better methods to do this.
KDH drops the sale of Spider USB PCI card : Comment 15 of 39ANN.lu
Posted by Kjetil on 15-Nov-2002 16:39 GMT
I just how many times can find the word "sex" in you're Amiga Memory,
try it you be amazed how the sex industry has infected your computer,
personally i do not Se the need to have the "RDSK" string in some thing that is going
to over write the hole sector any way it's bay the way sector 0. you know "RDSK"
is all sow an number 0x5244534b, if every software that has the number 0x5244534b
in it to be RDB killing software then you are all wrong.
I have not looked at any Assembler code proving that it do overwrite RDB so far.
KDH drops the sale of Spider USB PCI card : Comment 16 of 39ANN.lu
Posted by Gabriele Favrin on 15-Nov-2002 17:11 GMT
As said, there is only one way for Elbox now:
release sources of usb.device and pci.library.
Since they sell HARDWARE, they should not have
problems releasing sources of their drivers
to make clear there aren't (anymore?) illegal
pieces of code. Also releasing sources (eg.
with GPL licence) they can benefit from improvements
made by users, so their hardware could even
sell more. It's surely better than now, that
they may not sell at all.
KDH drops the sale of Spider USB PCI card : Comment 17 of 39ANN.lu
Posted by Piru on 15-Nov-2002 17:28 GMT
In reply to Comment 15 (Kjetil):
The trashing routine checks if the block 0 contains RDSK id, and only overwrite it if the block has it. That is why there is this 'RDSK' visible.
See http://ann.lu/comments2.cgi?show=1037284998&category=news&number=85
If you still have some doubts, email axelsson@cs.umu.se and ask him for details.
KDH drops the sale of Spider USB PCI card : Comment 18 of 39ANN.lu
Posted by Lando on 15-Nov-2002 17:29 GMT
In reply to Comment 16 (Gabriele Favrin):
>As said, there is only one way for Elbox now:
>release sources of usb.device and pci.library.
>Since they sell HARDWARE
But, the reason they will never do this is because the source could then be used to write drivers for competing products (Prometheus/G-Rex) and this is the reason Elbox have never given out source in the past.
Elbox's view (not mine) is that, they paid their coders to write drivers for their products and why should DCE or Matay have the benefits of their work. Mediator owners pay for driver development (through their purchase of the MMCD or Spider) and yet they'd be paying for owners of competing hardware to get these drivers for free?
Maybe its just paranoia on Elbox's part but that's their position.
Personally I have no problem at all with paying for drivers but what I do have a big problem with is paying for drivers which could cause malicious damage to my system and cause me to lose work.
KDH drops the sale of Spider USB PCI card : Comment 19 of 39ANN.lu
Posted by Shawn on 15-Nov-2002 17:37 GMT
In reply to Comment 15 (Kjetil):
>I just how many times can find the word "sex" in you're Amiga Memory
Shut up already. this is real, deal with it zealot.
KDH drops the sale of Spider USB PCI card : Comment 20 of 39ANN.lu
Posted by Gabriele Favrin on 15-Nov-2002 17:40 GMT
In reply to Comment 18 (Lando):
>But, the reason they will never do this is because the
>source could then be used to write drivers for competing
>products (Prometheus/G-Rex) and this is the reason Elbox
>have never given out source in the past.
That's their own problem and the funnyt part for us to
see ;-)
They did two wrong things: put the code and lie to people.
Now it will be hard to beleive them, and their product
at this point can't be sold in many countries, so...
they just have to choose what to loose.
KDH drops the sale of Spider USB PCI card : Comment 21 of 39ANN.lu
Posted by Anonymous on 15-Nov-2002 18:41 GMT
In reply to Comment 15 (Kjetil):
>you know "RDSK" is also an number 0x5244534b, if every software that has the number 0x5244534b in it is RDB killing software then you are all wrong.
The chance to unintentionally have the 0-terminated string RDSK\0 in an executable is 1:256*256*256*256*256, that is approx 1:900000000000. The chance to be hit by lightening is much higher.
KDH drops the sale of Spider USB PCI card : Comment 22 of 39ANN.lu
Posted by Andrew Deacon on 15-Nov-2002 18:48 GMT
usb.device 1.9 and 1.10 ARE CLEAN
Chris Hodges has just confirmed this!
He is adamant though that Elbox issue an apology.
FYI 1.9 was issued shortly before the original allegation and 1.10 in
response to it.
Chris originally tested 1.2 and another anonyomous poster confirmed it was
in 1.7.
KDH drops the sale of Spider USB PCI card : Comment 23 of 39ANN.lu
Posted by redrumloa on 15-Nov-2002 19:06 GMT
In reply to Comment 22 (Andrew Deacon):
>usb.device 1.9 and 1.10 ARE CLEAN
>Chris Hodges has just confirmed this!
Good! Now what about pci.library?
KDH drops the sale of Spider USB PCI card : Comment 24 of 39ANN.lu
Posted by Georg Steger on 15-Nov-2002 20:21 GMT
In reply to Comment 21 (Anonymous):
That's the probability of a 5-byte sequence being RDSK\0.
The more bytes there are (exe size) the bigger the probability.
KDH drops the sale of Spider USB PCI card : Comment 25 of 39ANN.lu
Posted by Anon on 15-Nov-2002 20:53 GMT
In reply to Comment 15 (Kjetil):
check http://isuq.selfhost.com and you will see clearly :)
KDH drops the sale of Spider USB PCI card : Comment 26 of 39ANN.lu
Posted by strobe on 15-Nov-2002 22:44 GMT
The probability is higher than what you suggest.
If the driver is modified, changing the checksum, does this trigger the RDB trasher of doom?
Anyway Elbox's name is screwed. Elbox, go Elbox yourself!
KDH drops the sale of Spider USB PCI card : Comment 27 of 39ANN.lu
Posted by Ian on 15-Nov-2002 23:43 GMT
Im wondering if any of the anti-virus writers are going to add the potentially harmful elbox driver to their detection routines? This sort of thing qualifies as a trojan IMO
KDH drops the sale of Spider USB PCI card : Comment 28 of 39ANN.lu
Posted by Anonymous on 15-Nov-2002 23:43 GMT
In reply to Comment 24 (Georg Steger):
>That's the probability of a 5-byte sequence being RDSK\0. The more bytes there are (exe size) the bigger the probability.
Ok, here is a weighted number: the improbability to have RDSK\0 in a 32KB USB driver is approximately 1:30 million. So every 30millionth USB upgrade should statistically have the string in it.
KDH drops the sale of Spider USB PCI card : Comment 29 of 39ANN.lu
Posted by Olivier on 16-Nov-2002 01:00 GMT
I just found RDSK string in Poseidon!!!
KDH drops the sale of Spider USB PCI card : Comment 30 of 39ANN.lu
Posted by Doobrey on 16-Nov-2002 01:22 GMT
In reply to Comment 29 (Olivier):
>I just found RDSK string in Poseidon!!!
And I just found it in HDToolBox and RDBSalv.. ;)
Arggh...why can`t people read before shooting their mouths off.
1. The string RDSK does not in itself mean the RDB is going to be overwritten
It`s mainly found because some code (driver/library/app) is checking to see if there`s an RDB on a given volume/device.
2. The USB stack Poseidon allows the use of mass storage devices over USB,and can automatically mount them.
It`s the mass storage device class that has the RDSK, and with good reason too...It needs to read the RDB of a USB device to automount it!!
3. The Elbox driver is for hardware access to the Spider card *only*, and therefore shouldn`t have and RDB access code in it at all.
KDH drops the sale of Spider USB PCI card : Comment 31 of 39ANN.lu
Posted by Bernd Meyer on 16-Nov-2002 01:34 GMT
In reply to Comment 24 (Georg Steger):
Actually, you should only deal with a 4 byte sequence here --- the "string" isn't null-terminated.
The odds of finding a particular 4 byte sequence at a particular position in a completely random byte stream is 1/(2^32), i.e. 1 in 4 billion.
If you have a byte stream of length N, the odds of finding a particular 4 byte sequence at _any_ position is (ignoring the ends) N/(1^32), i.e. N-over-4-billion --- assuming a completely random stream. So even in a 400kB file, the odds are 1 in 10,000.
However, none of this is really applicable, because real files on real computers tend to be anything but completely random. *If* the particular byte sequence matched some reasonable set of instructions, it would be a lot more likely to turn up. If, however, it didn't (as seems to be the case with 'RDSK', aka 0x5244534b), it's even less likely to turn up "innocently".
KDH drops the sale of Spider USB PCI card : Comment 32 of 39ANN.lu
Posted by Anonymous on 16-Nov-2002 02:06 GMT
In reply to Comment 31 (Bernd Meyer):
Hum,
We had many prooves the past couple of days from various sources of information including code, tools to research on your own etc. And yet people speculate that it may be something differently. What's wrong ?
It's fact that there is CODE inside the DRIVERS that could trash your RDB. We don't need any other speculative opinions that try to proove the oposite.
KDH drops the sale of Spider USB PCI card : Comment 33 of 39ANN.lu
Posted by TBone on 16-Nov-2002 02:44 GMT
In reply to Comment 32 (Anonymous):
Bernd wasn't trying to prove the opposite, I'm sure Bernd knows the code is there. (or is more than qualified to check)
KDH drops the sale of Spider USB PCI card : Comment 34 of 39ANN.lu
Posted by JoannaK on 16-Nov-2002 08:01 GMT
At lease we know one thing for sure. KDH does not have Spider on their lists now. I just checked and allthough there still are other questionable articles from Elbox (those PCI buscards are having similar issues) they really have dropped Spider.
KDH drops the sale of Spider USB PCI card : Comment 35 of 39ANN.lu
Posted by Bernd Meyer on 16-Nov-2002 12:17 GMT
In reply to Comment 33 (TBone):
Correct. Well, not the part where I am qualified to check --- because I have absolutely no access to the driver, don't have a Spider card, and don't even have a Mediator (nor any Amiga to plug a Mediator into if I had one).
I just perk up whenever "probability" is mentioned (it being so closely related to compression :), and couldn't help correcting the off-by-two-orders-of-magnitude numbers that were flying around, plus the fundamental incorrect assumption behind those numbers.
While I certainly have my own private opinion whom I believe and whom I don't, that doesn't come into it :)
KDH drops the sale of Spider USB PCI card : Comment 36 of 39ANN.lu
Posted by Peter Gordon on 16-Nov-2002 12:42 GMT
In reply to Comment 35 (Bernd Meyer):
I think there are a lot of confused people as well, looking for "RDSK" in programs as if that in itself means the program is bad. This post should answer most questions that non-technically minded people may have:
1) "RDSK" is an identifying header at the start of an RDB so that programs can identify it as such. Therefore it is likely to appear in any program that would need direct access to an RDB, such as hard disk partitioning, or storage devices drivers that support autobooting. Thus, finding the string "RDSK" in HDToolbox or Poseidon is *not* a sign that those programs are trojans.
2) It is very, very unlikely that the RDB trashing code which I have personally verified appears in pci.library will ever be executed on a legitimate users system. All of the following must occur for that to happen:
: First, a rogue program, power spike or whatever overwrites the checksum* in memory. This is already very unlikely, and becomes less likely the more RAM you have (statistically).
: Second, the library (or usb.device) has to re-compare its checksum. Some people say usb.device does this whenever you go online (i don't have usb.device, so i cannot verify this). I don't know when or if pci.library does this (i havent resourced pci.library in full, just the trojan area).
: Third, a CIA counter lower 4 bits must all be zero. This is a "random" element, so the code should, even at this incredibly unlikely point, only be executed one in 16 times.
: Fourth, your RDB must be at block zero on the boot device. This is actually quite likely.
Another way for it to happen is for a rogue program to jump to the code in memory at random, this is also very, very unlikely.
So, if it is THAT unlikely to be executed, why is Elbox wrong to include it?
The fact is that however unlikely, it COULD happen. People win the lottery, people ARE struck by lightning. Also, human beings are not perfect. It is perfectly conceivable for the programmer of Elboxes drivers to make a mistake when updating them, and accidentally cause the code to execute under more likely circumstances.
To put it another way: Lets say a car company, called Fordbox sell a car with a great big bomb in it, but the bomb is inactive to the point where you can smash it with a sledgehammer with no problem. Fordbox say the bomb is ONLY triggered when you try and use stolen parts when servicing or repairing your car, and that legally purchased Fordbox parts are coded in such a way that they won't trigger the bomb.
Would you drive the car?
-----
* some people say any part of the driver.
KDH drops the sale of Spider USB PCI card : Comment 37 of 39ANN.lu
Posted by Teemu K. on 16-Nov-2002 13:11 GMT
In reply to Comment 36 (Peter Gordon):
Good points. I'd also like to add that now that the whole thing is exposed there might be some dimwit virus coder who'd just need to write a virus that uses the code that is ready in the usb device. Such a virus would probably go undetected by virus scanners which do look for malicious code like that.
Elbox really should've taken another route with this. If they really want to add some wiping code into the driver why not just let it delete itself? Also it could detect a running tcp/ip stack and just send a notification of any potential hacking attempts to Elbox. With that i could live with.
I wasn't going to buy Spider anyway, but now i'm twice more confident in that.
KDH drops the sale of Spider USB PCI card : Comment 38 of 39ANN.lu
Posted by Piru on 16-Nov-2002 15:16 GMT
In reply to Comment 36 (Peter Gordon):
> : Third, a CIA counter lower 4 bits must all be zero.
Wrong. lower 4 bits must be non-zero.
> This is a "random" element, so the code should, even at this incredibly
> unlikely point, only be executed one in 16 times.
No, executed in average 15 in 16 times.
KDH drops the sale of Spider USB PCI card : Comment 39 of 39ANN.lu
Posted by - GALAXY - on 16-Nov-2002 15:18 GMT
In reply to Comment 38 (Piru):
Phear :)
- GALAXY -
Anonymous, there are 39 items in your selection
Back to Top