<div dir="ltr">On Thu, Oct 31, 2013 at 2:45 PM, Mark Saad <span dir="ltr"><<a href="mailto:mark.saad@ymail.com" target="_blank">mark.saad@ymail.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>Here is the entire story. <br>
</div><div><div><div><br><a href="http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/" target="_blank">http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/</a><br>
<br><br></div><div>So beware OpenBSD user , unplug your Mic and Speakers and never use USB !!!<span class=""><font color="#888888"><br></font></span></div><span class=""><font color="#888888"><div></div></font></span></div>
</div></div></blockquote></div><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Okay, sure, great Halloween FUD, ha ha ha. </div><div class="gmail_extra"><br></div><div class="gmail_extra">But all of the attacks, separately, are plausible, no? Even the crazy ultrasonic networking between infected laptops -- I'm a little surprised they didn't include passing QR codes by line-of-sight with the built-in webcam, but maybe that's in the next version.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Why shouldn't we be genuinely concerned about the upgradeable software resident in the bare metal of a server or locked-down workstation? Do our drivers provide sufficient protection against flaws in the proprietary subsystems they talk to? Or are those subsystems generally considered immune to attack?</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">If I wanted to exercise some paranoia, are there standard tools for discovering and checksumming the firmware on a system, to detect if it is tampered with over time?</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Chris Snyder<br><a href="http://chxor.chxo.com/">http://chxor.chxo.com/</a><br></div></div>