On Tuesday, September 27, 2016 at 2:56:27 PM UTC-4, johny...@sigaint.org wrote:
> > I forget which blackhat event,  they showed how you can think you are
> > flashing a bios.  But the malware will remain.
> 
> That's creepy.  Don't most BIOS flashing utilities do a verification?  Or
> perhaps the flashing utility itself is what was compromised in the
> blackhat demo.
> 
> Another reason why doing a flashrom under Tails, and then reading it back,
> is a good idea of your motherboard supports it.  Pretty hard for malware
> to fake that (at least without some additional flash storage to do its
> tricks).
> 
> At the very least, using a slightly "unexpected" utility like flashrom
> helps dodge the obvious hacks.
> 
> (Similar to someone's post in reply to the Laptop internet sharing thread,
> that using a *different* VM isolation on the laptop, KVM/Qemu or whatever,
> might be a good idea.  For an attacker to have to compromise Xen *and*
> Qemu, makes for a busy project to say the least.  It'd very likely stop
> any automated virus in its tracks.)
> 
> JJ

Here is interesting thread on reddit i Just found. 
https://www.reddit.com/r/badBIOS/comments/319qlf/spi_programmers_to_flash_bios_rootkits_bios/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/453b8817-8e0d-4f1c-9add-9271444eeaf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to