[nycbug-talk] Happy Halloween, here is some wacky Horror story

Edward Capriolo edlinuxguru at gmail.com
Fri Nov 1 11:53:04 EDT 2013

"are there standard tools for discovering and checksumming the firmware".
That is what I was wondering. I understand the case of a motherboard BIOS,
if something could re-write the firmware. I think that is very possible
because now many vendor tools re-write the firmware without requiring you
to boot from a CD. This is one thing that makes the story questionable to

In the case of a USB stick, it would seem pretty easy to purchase two usb
sticks, stick one into your "corrupted" network and then compare the
firmware on the two units to see if an actual change happened. In the BIOS
case, couldn't one use VMware? After all VMWare emulates a BIOS start an
image see if the image changes in a substantial way. The mame community
somehow manages to extract (BIOS) information from hundreds of arcade

On Fri, Nov 1, 2013 at 10:03 AM, Chris Snyder <chsnyder at gmail.com> wrote:

> On Thu, Oct 31, 2013 at 2:45 PM, Mark Saad <mark.saad at ymail.com> wrote:
>> Here is the entire story.
>> http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
>> So beware OpenBSD user , unplug your Mic and Speakers and never use USB
>> !!!
> Okay, sure, great Halloween FUD, ha ha ha.
> But all of the attacks, separately, are plausible, no? Even the crazy
> ultrasonic networking between infected laptops -- I'm a little surprised
> they didn't include passing QR codes by line-of-sight with the built-in
> webcam, but maybe that's in the next version.
> Why shouldn't we be genuinely concerned about the upgradeable software
> resident in the bare metal of a server or locked-down workstation? Do our
> drivers provide sufficient protection against flaws in the proprietary
> subsystems they talk to? Or are those subsystems generally considered
> immune to attack?
> If I wanted to exercise some paranoia, are there standard tools for
> discovering and checksumming the firmware on a system, to detect if it is
> tampered with over time?
> Chris Snyder
> http://chxor.chxo.com/
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://www.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20131101/4c9788e6/attachment.html>

More information about the talk mailing list