On Tuesday, September 27, 2016 at 10:31:42 PM UTC-4, johny...@sigaint.org wrote:
> > You can get a motherboard that has a removable bios chip that you can just
> > snap in to replace,  Then call the company and have them send you one or
> > two to hold onto for emergency lol.  There is also mobos with dualbios,
> > most ly this is for bringing a bricked board back to life.
> 
> I actually have one of those motherboards here.  It sounded like a very
> kick-ass feature, the double-bios to restore in case of problems.  And the
> board has 8 SATA, a dozen USB, some serious video and audio capabilities, 
> 32g memory capabilities, IOMMU, etc.
> 
> But it was given to me out of the blue right after I retired a
> dodgy/compromised machine, so I'm a little wary.  A shame, because it's
> one hell of a motherboard.
> 
> I might fire it up with Qubes in a non-critical/non-trusted manner.  (Or
> set it up in a Windows machine, sell it, and buy a known secure
> motherboard.  :) )
> 
> > Also don't forget malware can reside in other firmware also.  SO that
> > means all pci devices,  like gpu,  netcard.  etc...  most experts will
> > tell you just to replace everything to be sure if you think you are
> > compromised at that level and its important.
> 
> Would you say a motherboard that integrates a lot of that (with the dual
> recovery BIOS) would be less prone to compromise (or at least easier to
> restore from compromise) than a machine that separate PCI cards providing
> that sound/video/net?
> 
> Presumably, if you can trust the vendor and its BIOS, one flashing of the
> BIOS (or recovery from the backup) should restore you to a state that
> could be trusted.  A lot easier than doing the same (if even possible) for
> the net/sound/video add-on cards, no?
> 
> Or would it be easier for a threat actor to attack a specific motherboard
> and its integrated peripherals, rather than a random set of add-on cards?
> 
> JJ

I'm not sure if whether its integrated matters to how prone to compromise it 
is.  I would imagine being able to replace a component you think compromised is 
better then not being able to, for example replacing gpu or netcard you think 
is compromised.  But I don't know of many boards that dont' have some pci 
devices integrated so we probably have no choice. Again, only way to be 100% is 
probably to replace the whole system.  With a laptop it would be more necessary 
probably.

Regarding attacking a specific motherboard or firmware, imo, this would all 
fall under that category of targeted attack.  I think it is still very rare 
nowadays for some random or automated attack to infect your firmwares and bios. 
At least I hope it is lmao.   Especially on a custom machine.  But on the same 
token it is less rare nowadays for someone to be personally targeted by a 
persistent actor with lots of resources.  So I guess it all depends on how 
paranoid you are and how much you are willing to spend.   IMO I don't think 
there is much any of us can do against a very persistent attacker, especially 
if its the government.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/698014d4-ef40-43e6-ab74-bf3dc6c3996b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to