bios infection (was: how to fix rootkit?)

To: Russell Coker <russell@coker.com.au>
Cc: debian-security@lists.debian.org, Stephen Hemminger <shemminger@vyatta.com>
Subject: bios infection (was: how to fix rootkit?)
From: Aníbal Monsalve Salazar <anibal@debian.org>
Date: Thu, 9 Feb 2012 11:54:54 +1100
Message-id: <20120209005454.GA5405@debian.org>
In-reply-to: <201202091107.20847.russell@coker.com.au>
References: <4F3237FA.1050206@lab127.karelia.ru> <g5bb09xbl5.ln2@news.roaima.co.uk> <20120208153737.51a15c7b@nehalam.linuxnetplumber.net> <201202091107.20847.russell@coker.com.au>

On Thu, Feb 09, 2012 at 11:07:20AM +1100, Russell Coker wrote:
>On Thu, 9 Feb 2012, Stephen Hemminger <shemminger@vyatta.com> wrote:
>>The advice I heard is trust nothing (even reflash the BIOS).
>
>Do you know of any real-world exploits that involve replacing the BIOS?  It's 
>been theoretically possible for a long time but I haven't seen any references 

Persistent BIOS Infection:
http://www.phrack.com/issues.html?issue=66&id=7

Reply to:

Follow-Ups:
- Re: bios infection (was: how to fix rootkit?)
  - From: Alexandre Dulaunoy <a@foo.be>

References:
- how to fix rootkit?
  - From: "volk@lab127.karelia.ru" <volk@lab127.karelia.ru>
- Re: how to fix rootkit?
  - From: Chris Davies <chris-usenet@roaima.co.uk>
- Re: how to fix rootkit?
  - From: Stephen Hemminger <shemminger@vyatta.com>
- Re: how to fix rootkit?
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: how to fix rootkit?
Next by Date: Re: how to fix rootkit?
Previous by thread: Re: how to fix rootkit?
Next by thread: Re: bios infection (was: how to fix rootkit?)
Index(es):
- Date
- Thread