On Fri, Dec 22, 2000 at 11:05:32PM -0900, Ethan Benson wrote: > On Fri, Dec 22, 2000 at 05:54:55PM -0400, Peter Cordes wrote: > > > > That's why you run the checker from a known-good floppy or CD. The bogus > > kernel can't protect itself if it isn't running :) > > don't be so sure, is the BIOS or firmware on your computer flashable? > if so an attacker could replace the firmware/BIOS itself to ensure > later trojans are installed.
Oh crap, I didn't think of that! It would be a really hard attack if you didn't know what kernel was going to get loaded, but in theory there's no way around it, short of burning non-flashable ROMs! (Well, you could take the drive out of the computer and test it in another computer.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
