If all goes according to plan, I should be having a RL face-to-face
meeting tomorrow with my boater friend who works for IBM.
I shall ask again about malware infection of a BIOS chip.
Please advise of any question(s) you feel I should ask - to put my mind
at rest about an infected machine continuing to be infected even when a
hard disk has been replaced with a new one.
I'll tell him that you and Dustin Cook tell me that this impossible
outside of a laboratory! ;-)
BD
From: "~BD~" <~BD~@nomail.afraid.org>
| If all goes according to plan, I should be having a RL face-to-face
| meeting tomorrow with my boater friend who works for IBM.
| I shall ask again about malware infection of a BIOS chip.
| Please advise of any question(s) you feel I should ask - to put my mind
| at rest about an infected machine continuing to be infected even when a
| hard disk has been replaced with a new one.
| I'll tell him that you and Dustin Cook tell me that this impossible
| outside of a laboratory! ;-)
| BD
Not interested if you are acting as his proxy.
He must make his own posts and his own replies.
--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:i9dd6d03048@news3.newsguy.com:
> From: "~BD~" <~BD~@nomail.afraid.org>
>
>| If all goes according to plan, I should be having a RL face-to-face
>| meeting tomorrow with my boater friend who works for IBM.
>
>| I shall ask again about malware infection of a BIOS chip.
>
>| Please advise of any question(s) you feel I should ask - to put my
>| mind at rest about an infected machine continuing to be infected
>| even when a hard disk has been replaced with a new one.
>
>| I'll tell him that you and Dustin Cook tell me that this impossible
>| outside of a laboratory! ;-)
>
>| BD
>
>
> Not interested if you are acting as his proxy.
> He must make his own posts and his own replies.
>
Same here. In fact, he's welcome to contact me via email if he'd like.
--
Some people are like a Slinky. Not much good for anything, but you can't
help but smile when one tumbles down the stairs.
"Dustin" <bughunter.dustin@gmail.com> wrote in message
news:Xns9E14CAFE5639HHI2948AJD832@no...
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
> news:i9dd6d03048@news3.newsguy.com:
>
>> From: "~BD~" <~BD~@nomail.afraid.org>
>>
>>| If all goes according to plan, I should be having a RL face-to-face
>>| meeting tomorrow with my boater friend who works for IBM.
>>
>>| I shall ask again about malware infection of a BIOS chip.
>>
>>| Please advise of any question(s) you feel I should ask - to put my
>>| mind at rest about an infected machine continuing to be infected
>>| even when a hard disk has been replaced with a new one.
>>
>>| I'll tell him that you and Dustin Cook tell me that this impossible
>>| outside of a laboratory! ;-)
>>
>>| BD
>>
>>
>> Not interested if you are acting as his proxy.
>> He must make his own posts and his own replies.
>>
>
> Same here. In fact, he's welcome to contact me via email if he'd like.
Andrew came to my boat at around 1130 and stayed for two hours! He is a
graduate of Manchester University and has a degree in Computer Science
and Mathematics. He's worked for IBM since Dustin was born!
He confirmed that malware *can* infect the BIOS - and then reinfect a
new or cleaned hard drive - *outside* of a laboratory environment. He
did say that this was rare but he will liase with his specialist
colleagues and thereafter endeavour to provide me with some information
to confirm his assertion.
Dave
"~BD~" <~BD~@nomail.afraid.org> wrote in
news:i9fdgi$16d$1@news.eternal-september.org:
> "Dustin" <bughunter.dustin@gmail.com> wrote in message
> news:Xns9E14CAFE5639HHI2948AJD832@no...
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>> news:i9dd6d03048@news3.newsguy.com:
>>
>>> From: "~BD~" <~BD~@nomail.afraid.org>
>>>
>>>| If all goes according to plan, I should be having a RL
>>>| face-to-face meeting tomorrow with my boater friend who works for
>>>| IBM.
>>>
>>>| I shall ask again about malware infection of a BIOS chip.
>>>
>>>| Please advise of any question(s) you feel I should ask - to put
>>>| my mind at rest about an infected machine continuing to be
>>>| infected even when a hard disk has been replaced with a new one.
>>>
>>>| I'll tell him that you and Dustin Cook tell me that this
>>>| impossible outside of a laboratory! ;-)
>>>
>>>| BD
>>>
>>>
>>> Not interested if you are acting as his proxy.
>>> He must make his own posts and his own replies.
>>>
>>
>> Same here. In fact, he's welcome to contact me via email if he'd
>> like.
>
> Andrew came to my boat at around 1130 and stayed for two hours! He
> is a graduate of Manchester University and has a degree in Computer
> Science and Mathematics. He's worked for IBM since Dustin was born!
>
> He confirmed that malware *can* infect the BIOS - and then reinfect
> a new or cleaned hard drive - *outside* of a laboratory environment.
> He did say that this was rare but he will liase with his specialist
> colleagues and thereafter endeavour to provide me with some
> information to confirm his assertion.
I'm sorry Dave, but this is basically the same story that went around
in the late 80s early 90s about blowing monitors up with software. Only
under EXTREME rare conditions could you actually get the monitor to
physically fail and it still didn't go boom.
Your friend has failed to provide you with even a single sample name of
a malware which does as he claims, despite overwhelming evidence to the
contrary: BIOS's aren't the same for each PC. You can't make a
universal BIOS infector. Period. You can corrupt the flashrom area of a
bios, but to actually "infect" it and pass that sample onto something
else isn't an easy process as you seem to think it is.
I don't care how long your friend has worked for IBM; A universal BIOS
infector does *not* exist.
--
Some people are like a Slinky. Not much good for anything, but you
can't help but smile when one tumbles down the stairs.
From: "~BD~" <~BD~@nomail.afraid.org>
| "Dustin" <bughunter.dustin@gmail.com> wrote in message
| news:Xns9E14CAFE5639HHI2948AJD832@no...
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>> news:i9dd6d03048@news3.newsguy.com:
>>> From: "~BD~" <~BD~@nomail.afraid.org>
>>>| If all goes according to plan, I should be having a RL face-to-face
>>>| meeting tomorrow with my boater friend who works for IBM.
>>>| I shall ask again about malware infection of a BIOS chip.
>>>| Please advise of any question(s) you feel I should ask - to put my
>>>| mind at rest about an infected machine continuing to be infected
>>>| even when a hard disk has been replaced with a new one.
>>>| I'll tell him that you and Dustin Cook tell me that this impossible
>>>| outside of a laboratory! ;-)
>>>| BD
>>> Not interested if you are acting as his proxy.
>>> He must make his own posts and his own replies.
>> Same here. In fact, he's welcome to contact me via email if he'd like.
| Andrew came to my boat at around 1130 and stayed for two hours! He is a
| graduate of Manchester University and has a degree in Computer Science
| and Mathematics. He's worked for IBM since Dustin was born!
| He confirmed that malware *can* infect the BIOS - and then reinfect a
| new or cleaned hard drive - *outside* of a laboratory environment. He
| did say that this was rare but he will liase with his specialist
| colleagues and thereafter endeavour to provide me with some information
| to confirm his assertion.
Like I already wrote...
"Not interested if you are acting as his proxy."
Which you did which makes your post worthless.
--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp
BD
Your friend either did not tell you correctly or he does not know his stuff. A
general Bios infector does not exist and it never has. I know a few people that have
Masters degrees for many years and yet they are clueless to many if not most issues
be it about anything
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect
"Peter Foldes" <okf22@hotmail.com> wrote in message
news:i9fgm6$e7u$1@speranza.aioe.org...
> BD
>
> Your friend either did not tell you correctly or he does not know his
> stuff. A general Bios infector does not exist and it never has. I know
> a few people that have Masters degrees for many years and yet they are
> clueless to many if not most issues be it about anything
A better response from you, Peter Foldes, might have been to acknowledge
that you *lied* when you alleged that I do not *own* a narrowboat! Ha!
No one has mentioned a 'general' BIOS infector - Dustin mentioned a
*universal* BIOS infector. I didn't!
Isn't it possible that bad guys simply select a narrow target area?
<who knows>?
BD had said ..........
Andrew came to my boat at around 1130 and stayed for two hours! He is a
graduate of Manchester University and has a degree in Computer Science
and Mathematics. He's worked for IBM since Dustin was born!
He confirmed that malware *can* infect the BIOS - and then reinfect a
new or cleaned hard drive - *outside* of a laboratory environment. He
did say that this was rare but he will liase with his specialist
colleagues and thereafter endeavour to provide me with some information
to confirm his assertion.
"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:i9fdgi$16d$1@news.eternal-september.org...
>
> "Dustin" <bughunter.dustin@gmail.com> wrote in message
> news:Xns9E14CAFE5639HHI2948AJD832@no...
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>> news:i9dd6d03048@news3.newsguy.com:
>>
>>> From: "~BD~" <~BD~@nomail.afraid.org>
>>>
>>>| If all goes according to plan, I should be having a RL face-to-face
>>>| meeting tomorrow with my boater friend who works for IBM.
>>>
>>>| I shall ask again about malware infection of a BIOS chip.
>>>
>>>| Please advise of any question(s) you feel I should ask - to put my
>>>| mind at rest about an infected machine continuing to be infected
>>>| even when a hard disk has been replaced with a new one.
>>>
>>>| I'll tell him that you and Dustin Cook tell me that this impossible
>>>| outside of a laboratory! ;-)
>>>
>>>| BD
>>>
>>>
>>> Not interested if you are acting as his proxy.
>>> He must make his own posts and his own replies.
>>>
>>
>> Same here. In fact, he's welcome to contact me via email if he'd
>> like.
>
> Andrew came to my boat at around 1130 and stayed for two hours! He is
> a graduate of Manchester University and has a degree in Computer
> Science and Mathematics. He's worked for IBM since Dustin was born!
That doesn't make him an expert on malware and/or its capabilities.
> He confirmed that malware *can* infect the BIOS - and then reinfect a
> new or cleaned hard drive - *outside* of a laboratory environment.
I would like to know what he meant by that, but since he is not here...
> He did say that this was rare but he will liase with his specialist
> colleagues and thereafter endeavour to provide me with some
> information to confirm his assertion.
He still hasn't said that any mobile code has shown that ability
(outside a laboratory).
Even if he has actually seen for himself a persistant firmware
compromise (one that can re-establish itself fully on a *new* disk) - he
will still fail to convince anyone here that such can be *installed* by
malicious mobile code.
In fact, I am probably the only one here that accepts that an attacker
with access to (and intimate knowledge of) a particular computer can
compromise firmware in such a way as to have a *persistant* compromise
of the machine even if the harddrive is swapped out.
....and even then, such a machine would have to have a network available
for bootstrapping the malicious code.
to a.p.s only
FromTheRafters wrote:
> In fact, I am probably the only one here that accepts that an attacker
> with access to (and intimate knowledge of) a particular computer can
> compromise firmware in such a way as to have a *persistant* compromise
> of the machine even if the harddrive is swapped out.
>
> ...and even then, such a machine would have to have a network available
> for bootstrapping the malicious code.
The wiki article on rootkits has a section on firmware exploitation,
which had links to the articles on the 'laboratory' example of infecting
the Award Phoenix BIOS, which the investigators are further developing
to be a more 'generic' tool. In addition, there is a 'new' development
for a CompuTrace LoJack in the BIOS designed/intended as anti-theft
which can be subverted to malware purposes.
And the BIOS isn't the only firmware place the malware can be installed.
But I don't know of any 'in the wild' malware which can do these things
by remote exploitation. The experiments and real-life exploits required
physical access to the computers or control at root level. Naturally
control at root level could be achieved remotely, but all of that kind
of firmware manipulation isn't really the same as 'picking up an infection'.
--
Mike Easter
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote