On Wednesday, September 28, 2016 at 10:48:00 PM UTC-4, raah...@gmail.com wrote:
> On Tuesday, September 27, 2016 at 10:31:42 PM UTC-4, johny...@sigaint.org 
> wrote:
> > > You can get a motherboard that has a removable bios chip that you can just
> > > snap in to replace,  Then call the company and have them send you one or
> > > two to hold onto for emergency lol.  There is also mobos with dualbios,
> > > most ly this is for bringing a bricked board back to life.
> > 
> > I actually have one of those motherboards here.  It sounded like a very
> > kick-ass feature, the double-bios to restore in case of problems.  And the
> > board has 8 SATA, a dozen USB, some serious video and audio capabilities, 
> > 32g memory capabilities, IOMMU, etc.
> > 
> > But it was given to me out of the blue right after I retired a
> > dodgy/compromised machine, so I'm a little wary.  A shame, because it's
> > one hell of a motherboard.
> > 
> > I might fire it up with Qubes in a non-critical/non-trusted manner.  (Or
> > set it up in a Windows machine, sell it, and buy a known secure
> > motherboard.  :) )
> > 
> > > Also don't forget malware can reside in other firmware also.  SO that
> > > means all pci devices,  like gpu,  netcard.  etc...  most experts will
> > > tell you just to replace everything to be sure if you think you are
> > > compromised at that level and its important.
> > 
> > Would you say a motherboard that integrates a lot of that (with the dual
> > recovery BIOS) would be less prone to compromise (or at least easier to
> > restore from compromise) than a machine that separate PCI cards providing
> > that sound/video/net?
> > 
> > Presumably, if you can trust the vendor and its BIOS, one flashing of the
> > BIOS (or recovery from the backup) should restore you to a state that
> > could be trusted.  A lot easier than doing the same (if even possible) for
> > the net/sound/video add-on cards, no?
> > 
> > Or would it be easier for a threat actor to attack a specific motherboard
> > and its integrated peripherals, rather than a random set of add-on cards?
> > 
> > JJ
> 
> I'm not sure if whether its integrated matters to how prone to compromise it 
> is.  I would imagine being able to replace a component you think compromised 
> is better then not being able to, for example replacing gpu or netcard you 
> think is compromised.  But I don't know of many boards that dont' have some 
> pci devices integrated so we probably have no choice. Again, only way to be 
> 100% is probably to replace the whole system.  With a laptop it would be more 
> necessary probably.
> 
> Regarding attacking a specific motherboard or firmware, imo, this would all 
> fall under that category of targeted attack.  I think it is still very rare 
> nowadays for some random or automated attack to infect your firmwares and 
> bios. At least I hope it is lmao.   Especially on a custom machine.  But on 
> the same token it is less rare nowadays for someone to be personally targeted 
> by a persistent actor with lots of resources.  So I guess it all depends on 
> how paranoid you are and how much you are willing to spend.   IMO I don't 
> think there is much any of us can do against a very persistent attacker, 
> especially if its the government.

when I say nothing you can do,  I mean if you want to keep doing the things you 
want to do on a pc that make you vulnerable and out of your control in the 
first place unfortunately.  Like walking down a public street.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f15e209-ba32-4772-9bae-f6c1cf15be76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to