[nycbug-talk] Happy Halloween, here is some wacky Horror story
Chris Snyder
chsnyder at gmail.com
Fri Nov 1 10:03:03 EDT 2013
On Thu, Oct 31, 2013 at 2:45 PM, Mark Saad <mark.saad at ymail.com> wrote:
> Here is the entire story.
>
>
> http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
>
>
> So beware OpenBSD user , unplug your Mic and Speakers and never use USB !!!
>
Okay, sure, great Halloween FUD, ha ha ha.
But all of the attacks, separately, are plausible, no? Even the crazy
ultrasonic networking between infected laptops -- I'm a little surprised
they didn't include passing QR codes by line-of-sight with the built-in
webcam, but maybe that's in the next version.
Why shouldn't we be genuinely concerned about the upgradeable software
resident in the bare metal of a server or locked-down workstation? Do our
drivers provide sufficient protection against flaws in the proprietary
subsystems they talk to? Or are those subsystems generally considered
immune to attack?
If I wanted to exercise some paranoia, are there standard tools for
discovering and checksumming the firmware on a system, to detect if it is
tampered with over time?
Chris Snyder
http://chxor.chxo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20131101/6e1d5371/attachment.htm>
More information about the talk
mailing list