- Joined
- Jul 6, 2005
- Messages
- 1,707
- Reaction score
- 447
A BIOS trojan is found in the wild
- Thread starter the_leander
- Start date
- Joined
- May 17, 2005
- Messages
- 12,257
- Reaction score
- 2,693
About time. I was wondering what was taking so long. Back in the day the hackers would have been on top of that - I bet most of them are trying to find cheats in Angry Birds instead now. Kids these days ....
- Joined
- Mar 31, 2005
- Messages
- 10,232
- Reaction score
- 3,006
- Joined
- Jul 6, 2005
- Messages
- 1,707
- Reaction score
- 447
- Joined
- May 17, 2005
- Messages
- 12,257
- Reaction score
- 2,693
You mean confirmation.Now that is a riposte!
- Joined
- Jul 6, 2005
- Messages
- 1,707
- Reaction score
- 447
Hmm, not really. Having studied hacker culture for a very long time you can see it evolve down clear distinct branches over time, on the one hand you have people who at worst come up with cracks for games etc, but are mostly interested in making stuff do cool things that the manufacturer never intended, the Aibo guy was a good example.
Then you have Hactivists, who tend toward website takedowns based on political views. Anonymous might occasionally fall under this category.
Finally you have the types of people who write things like this bios virus - blackhats. A lot of them these days build botnets and the like and then lease them out to whoever has the cash. For them taking over computers of others isn't about the intellectual challenge as it might have been 15-20 years ago, it is purely a means to make money. I've heard lots of media stories about these people being part of organised crime, but so far at least that seems to be media/government scaremongering rather than anything with evidence to support the claim.
- Joined
- May 17, 2005
- Messages
- 12,257
- Reaction score
- 2,693
You mean independent security experts. If they were working for governments they would be doing the same work essentially but it would be legit.
Since what they are doing is without the cover of law and requires some level of co-operation these ventures are often by default criminal and organized.
One thing about organized crime is that it's well mixed in with legitimate and quasi-legitimate business, and vice-versa, legitimate business is mixed with organized crime.
- Joined
- Aug 25, 2005
- Messages
- 5,144
- Reaction score
- 1,243
@the_leander
Don't forget about WhiteHats which when they find security breachable areas make it their responsibility to notify the manufacturer or organisation about the deficiency in security. One recent example here is whitehats claimed to have notified Sony nearly a year in advance of the recent breaches about Sony's security problems.
Don't forget about WhiteHats which when they find security breachable areas make it their responsibility to notify the manufacturer or organisation about the deficiency in security. One recent example here is whitehats claimed to have notified Sony nearly a year in advance of the recent breaches about Sony's security problems.
- Joined
- May 17, 2005
- Messages
- 12,257
- Reaction score
- 2,693
And who are therefore despised by many big software houses because of the bad press and who are often blamed for encouraging and helping the balckhats by finding exploits in the first place.
The thing is, a hacker is a person with a skill and that's all. A person with a hammer can break stuff, build stuff or off his family but having the hammer in his possession didn't make him a good person or a bad person. Doubtless he'd have been able to express himself in other ways if he didn't have a hammer.
Anyway, that's why I thought that link was more confirming than reposte. I was saying that the guys with the skillz are more interested in cheating games these days than fiddly bits of low level uber-nerd stuff.
- Joined
- Apr 3, 2005
- Messages
- 1,809
- Reaction score
- 794
About time? I always thought BIOSes were too custom to be actually really vulnerable. But perhaps on the other hand I'm still thinking in the way of 386's.
- Joined
- May 17, 2005
- Messages
- 12,257
- Reaction score
- 2,693
And tight - but that's why you need to be l33t!
- Joined
- Apr 12, 2005
- Messages
- 4,767
- Reaction score
- 697
That's what the article says too. The problem is that it now adds more work for those who spend time cleaning viruses off computers. The article also says this has been tried before, at least as far back as 1999. I don't think this will catch on because it has too many dependencies: BIOS and the OS as well. If you had a targetable BIOS but were running Linux, you'd probably not experience the full effects of the virus.
- Joined
- Jul 6, 2005
- Messages
- 1,707
- Reaction score
- 447
I figured that they were part of the first group, should have been clearer though reading it back
- Joined
- Jul 6, 2005
- Messages
- 1,707
- Reaction score
- 447
Guess it depends on the group, that and there is always a certain amount of people who will only ever go after low hanging fruit, I imagine the skillset involved in pulling something like this off is pretty specific.
Whilst the article makes bosts about hardware being different enough to make this a very hard attack, how much longer is that really going to be the case?
Ten years ago you had Nvidia, ATi, SiS, VIA, Intel and maybe a couple of other tiny manufacturers. Now you've essentially got AMD (ATi) and Intel... It's fast approaching the stage where the hardware is going to be similar enough by virtue of there being so few different models that one of these things could end up being pretty damn viable.