Information Security News
mailing list archives
4 reasons BadBIOS isn't real
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 14 Nov 2013 06:13:34 +0000 (UTC)
By Roger A. Grimes
NOVEMBER 12, 2013
If you haven't been following the story of Dragos Ruiu's BadBIOS tale the
last two weeks, you've missed a compelling saga and an opportunity to find
out how much you really know about malware.
A well-respected computer security researcher, Ruiu says he's found the
single nastiest malware program of all time. Purportedly, it lives in the
BIOS, survives BIOS reflashes, readily works cross-platform (Windows 8,
BSD, OS X), and -- get this -- communicates with other infected computers
using high-frequency sound waves above the range of human hearing. It
renders CD-ROM drives and USB drives unusable, and it can erase its tracks
when forensically analyzed.
People following this story fall into a few different camps. Many believe
everything he says -- or at least most of it -- is true. Others think he's
perpetrating a huge social engineering experiment, to see what he can get
the world and the media to swallow. A third camp believes he's
well-intentioned, but misguided due to security paranoia nurtured through
A few even think we're witnessing the public mental breakdown of a beloved
figure. They point out that paranoid schizophrenics often claim to be
targeted by hidden communication no one else can hear. To be honest, I've
found myself in all these camps since the story broke, though I'm leaning
toward those who think Ruiu is well-intentioned, but perhaps seeing too
much of what he wants to see.
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
- 4 reasons BadBIOS isn't real InfoSec News (Nov 14)