[nycbug-talk] Happy Halloween, here is some wacky Horror story

Chris Snyder chsnyder at gmail.com
Fri Nov 1 10:03:03 EDT 2013

On Thu, Oct 31, 2013 at 2:45 PM, Mark Saad <mark.saad at ymail.com> wrote:

> Here is the entire story.
> http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
> So beware OpenBSD user , unplug your Mic and Speakers and never use USB !!!

Okay, sure, great Halloween FUD, ha ha ha.

But all of the attacks, separately, are plausible, no? Even the crazy
ultrasonic networking between infected laptops -- I'm a little surprised
they didn't include passing QR codes by line-of-sight with the built-in
webcam, but maybe that's in the next version.

Why shouldn't we be genuinely concerned about the upgradeable software
resident in the bare metal of a server or locked-down workstation? Do our
drivers provide sufficient protection against flaws in the proprietary
subsystems they talk to? Or are those subsystems generally considered
immune to attack?

If I wanted to exercise some paranoia, are there standard tools for
discovering and checksumming the firmware on a system, to detect if it is
tampered with over time?

Chris Snyder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20131101/6e1d5371/attachment.html>

More information about the talk mailing list