On Sat, Dec 23, 2000 at 03:30:08PM -0400, Peter Cordes wrote: > On Fri, Dec 22, 2000 at 11:05:32PM -0900, Ethan Benson wrote: > > On Fri, Dec 22, 2000 at 05:54:55PM -0400, Peter Cordes wrote: > > > > > > That's why you run the checker from a known-good floppy or CD. The bogus > > > kernel can't protect itself if it isn't running :) > > > > don't be so sure, is the BIOS or firmware on your computer flashable? > > if so an attacker could replace the firmware/BIOS itself to ensure > > later trojans are installed. > > Oh crap, I didn't think of that! It would be a really hard attack if you > didn't know what kernel was going to get loaded, but in theory there's no > way around it, short of burning non-flashable ROMs! (Well, you could take > the drive out of the computer and test it in another computer.) > Yes, this little attack gets bandied about by paranoid people on a regular basis. AFAIK, the only malicious code which has been observed to play with your BIOS is in 'doze virii which nuke it, but don't turn it evil. Although this attack is theoretically possible, it's probably not the weakest link in your security chain. Flashing a BIOS involves quite a bit of effort, and is extremely platform dependent. Do it in a less than perfect way, and spectacular things happen. The odds of doing it without being noticed wouldn't be very good. If you expect that a cracker might pour very large amounts of effort into breaking your system (what *do* you use it for? :), you should read your motherboard manual, and switch the jumpers to disable BIOS flashing. -- |> |= -+- |= |> | |- | |- |\ Peter Eckersley (pde@cs.mu.oz.au) http://www.cs.mu.oz.au/~pde for techno-leftie inspiration, take a look at http://www.computerbank.org.au/
Attachment:
pgpp3w_Ds5v1M.pgp
Description: PGP signature