Home page logo

isn logo Information Security News mailing list archives

4 reasons BadBIOS isn't real
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 14 Nov 2013 06:13:34 +0000 (UTC)


By Roger A. Grimes
NOVEMBER 12, 2013

If you haven't been following the story of Dragos Ruiu's BadBIOS tale the last two weeks, you've missed a compelling saga and an opportunity to find out how much you really know about malware.

A well-respected computer security researcher, Ruiu says he's found the single nastiest malware program of all time. Purportedly, it lives in the BIOS, survives BIOS reflashes, readily works cross-platform (Windows 8, BSD, OS X), and -- get this -- communicates with other infected computers using high-frequency sound waves above the range of human hearing. It renders CD-ROM drives and USB drives unusable, and it can erase its tracks when forensically analyzed.

People following this story fall into a few different camps. Many believe everything he says -- or at least most of it -- is true. Others think he's perpetrating a huge social engineering experiment, to see what he can get the world and the media to swallow. A third camp believes he's well-intentioned, but misguided due to security paranoia nurtured through the years.

A few even think we're witnessing the public mental breakdown of a beloved figure. They point out that paranoid schizophrenics often claim to be targeted by hidden communication no one else can hear. To be honest, I've found myself in all these camps since the story broke, though I'm leaning toward those who think Ruiu is well-intentioned, but perhaps seeing too much of what he wants to see.


Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/

  By Date           By Thread  

Current thread:
  • 4 reasons BadBIOS isn't real InfoSec News (Nov 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]