On 02/08/12 18:07, Russell Coker wrote: > On Thu, 9 Feb 2012, Stephen Hemminger <[email protected]> wrote: >> The advice I heard is trust nothing (even reflash the BIOS). > Do you know of any real-world exploits that involve replacing the BIOS? It's > been theoretically possible for a long time but I haven't seen any references > to it being done. Exploits that are theoretically possible are implemented by private 3rd parties(and Hackers!).
I've a small collection of utilities I know that I'm the only one who has a copy, though other tools that work the same way more then likely exist. > Also one thing to keep in mind is the apparent competence of the attackers. > If they didn't bother changing debsums then it's unlikely that they did any > of > the other tricky things which have been discussed (such as trojaning the > kernel). > A RedHat expert can alter a running Debian kernel, but might miss debsum. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
