<div dir="ltr"><div>"are there standard tools for discovering and checksumming the firmware". That is what I was wondering. I understand the case of a motherboard BIOS, if something could re-write the firmware. I think that is very possible because now many vendor tools re-write the firmware without requiring you to boot from a CD. This is one thing that makes the story questionable to me. <br>
</div><div><br></div><div>In the case of a USB stick, it would seem pretty easy to purchase two usb sticks, stick one into your "corrupted" network and then compare the firmware on the two units to see if an actual change happened. In the BIOS case, couldn't one use VMware? After all VMWare emulates a BIOS start an image see if the image changes in a substantial way. The mame community somehow manages to extract (BIOS) information from hundreds of arcade machines....</div>
<div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 1, 2013 at 10:03 AM, Chris Snyder <span dir="ltr"><<a href="mailto:chsnyder@gmail.com" target="_blank">chsnyder@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">On Thu, Oct 31, 2013 at 2:45 PM, Mark Saad <span dir="ltr"><<a href="mailto:mark.saad@ymail.com" target="_blank">mark.saad@ymail.com</a>></span> wrote:<br>
<div class="gmail_extra"><div class="gmail_quote">
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>Here is the entire story. <br>
</div><div><div><div><br><a href="http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/" target="_blank">http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/</a><br>
<br><br></div><div>So beware OpenBSD user , unplug your Mic and Speakers and never use USB !!!<span><font color="#888888"><br></font></span></div><span><font color="#888888"><div></div></font></span></div>
</div></div></blockquote></div><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Okay, sure, great Halloween FUD, ha ha ha. </div><div class="gmail_extra"><br></div><div class="gmail_extra">But all of the attacks, separately, are plausible, no? Even the crazy ultrasonic networking between infected laptops -- I'm a little surprised they didn't include passing QR codes by line-of-sight with the built-in webcam, but maybe that's in the next version.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Why shouldn't we be genuinely concerned about the upgradeable software resident in the bare metal of a server or locked-down workstation? Do our drivers provide sufficient protection against flaws in the proprietary subsystems they talk to? Or are those subsystems generally considered immune to attack?</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">If I wanted to exercise some paranoia, are there standard tools for discovering and checksumming the firmware on a system, to detect if it is tampered with over time?</div>
<span class="HOEnZb"><font color="#888888">
<div class="gmail_extra"><br></div><div class="gmail_extra">Chris Snyder<br><a href="http://chxor.chxo.com/" target="_blank">http://chxor.chxo.com/</a><br></div></font></span></div>
<br>_______________________________________________<br>
talk mailing list<br>
<a href="mailto:talk@lists.nycbug.org">talk@lists.nycbug.org</a><br>
<a href="http://www.nycbug.org/mailman/listinfo/talk" target="_blank">http://www.nycbug.org/mailman/listinfo/talk</a><br></blockquote></div><br></div>