I have yet to read the paper. One thing that interests me is I wonder if they ( The writers of the paper. ) thought about installing some Trojan or virus in EFI. I have played with EFI on a HP system in a lab at HP-World in 2004. I don't think a OS can access EFI but if it could or what ever company that developed that system. Think Intel HP who ever developed API hooks for an OS ( What ever OS Windows, HP-UX, Linux, OpenVMS, OSX. ) to access setting or updates to EFI or the diagnostic tools on the first 150 Megabytes on the root drives on the system. Also I don't know if or when Cisco will release a new version (13.X or IOS-NG ) of IOS, that some little birds have been telling me will or may have a new feature ( If Cisco has not merged it into ISO 12.X ). That feature is loadable kernel modules. Just think if some one was able to install a LKM on your router with out any service interruption. Now think about all the nasty things some one could cook up.
Just some food for thought Michael Miller _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
