"~BD~" <~BD~@nomail.afraid.org> wrote in
news:i9fpp5$svg$1@news.eternal-september.org:

> "Peter Foldes" <okf22@hotmail.com> wrote in message
> news:i9fgm6$e7u$1@speranza.aioe.org...
>> BD
>>
>> Your friend either did not tell you correctly or he does not know
>> his stuff. A general Bios infector does not exist and it never has.
>> I know a few people that have Masters degrees for many years and
>> yet they are clueless to many if not most issues be it about
>> anything
>
>
> A better response from you, Peter Foldes, might have been to
> acknowledge that you *lied* when you alleged that I do not *own* a
> narrowboat! Ha!
>
> No one has mentioned a 'general' BIOS infector - Dustin mentioned a
> *universal* BIOS infector. I didn't!
>
> Isn't it possible that bad guys simply select a narrow target area?

That's entirely possible in theory; I've never disputed it. What would
be the point tho? It would be a very specific target BD, as in; a
particular system only and ones which are identical atleast in so far
as bios is concerned.

However, it's already defeated in one sense.. Atleast one mainboard
manufacturer has been placing a backup BIOS on the mainboards which is
not software writable. It can be used to blow away the primary system
BIOS and reload her with known clean code. <G>

Other than crypto BD, (and that's really a time constraint issue) what
can be done with software can usually be reversed with software.

> He confirmed that malware *can* infect the BIOS - and then reinfect
> a new or cleaned hard drive - *outside* of a laboratory environment.
> He did say that this was rare but he will liase with his specialist
> colleagues and thereafter endeavour to provide me with some
> information to confirm his assertion.

On a very specific BIOS flashrom software configuration. Sure. You
couldn't for example hit both of these machines on both sides of me
with the same code. One is an AMD powered box and the other an Intel
powered box, although both using VIA chipsets; very different in
design. BIOS's are completely incompatable with each other.

The closest thing to come to malware and BIOS was the infamous CIH
virus, but the really interesting payload didn't always work. Only
*some* bios systems supported the writing commands and accepted the
corrupted code. Outside of a laboratory that is. Perhaps this what your
friend is thinking of?


--
Some people are like a Slinky. Not much good for anything, but you
can't help but smile when one tumbles down the stairs.