[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

On Fri, Dec 22, 2000 at 11:05:32PM -0900, Ethan Benson wrote:
> On Fri, Dec 22, 2000 at 05:54:55PM -0400, Peter Cordes wrote:
> > 
> >  That's why you run the checker from a known-good floppy or CD.  The bogus
> > kernel can't protect itself if it isn't running :)
> don't be so sure, is the BIOS or firmware on your computer flashable?
> if so an attacker could replace the firmware/BIOS itself to ensure
> later trojans are installed.  

Oh crap, I didn't think of that!  It would be a really hard attack if you
didn't know what kernel was going to get loaded, but in theory there's no
way around it, short of burning non-flashable ROMs!  (Well, you could take
the drive out of the computer and test it in another computer.)

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to: