On Thu, Oct 31, 2013 at 4:56 PM, Johnathan Corgan <johnathan@corganlabs.com> wrote:
... Robert Graham has published a well-written response:
http://blog.erratasec.com/2013/10/badbios-features-explained.html
those who find this incredible* need to remember that Flame/Duqu style attacks (they are just one instance of a family of systems and programs) have been accelerating and improving since the mid aughts. the only thing i am surprised by is the lack of infection of mobile devices; this would be a logical and expected lateral transition or even infection vector; there is no mention (yet). the massive stockpile of weaponized 0days, covert exfiltration, and espionage infrastructure will come to light sooner or later. we've only begun to see the outline of what has been wrought with $billions applied over years by multiple actors... * some have confused the audio malware channel with audio as infection vector - this is not the case. from my reading the audio communication is occurring between infected systems, not a vector for initial infection. (now _that_ would be a feat ;)