Linux Foundation' Linux workstation security checklist
coderman
coderman at gmail.com
Tue Sep 1 07:55:39 PDT 2015
On 9/1/15, Georgi Guninski <guninski at guninski.com> wrote:
> ...
> They protect against trojanized (off the shelf) BIOS.
prevents trojan / arb exec from persistence via BIOS.
prevents surreptitious FDE keylogger via BIOS hooks.
yes, also off the shelf attacks. which is nearly all of them. :)
[ see also HackingTeam dump, and research examples ]
> If an adversary has sufficient supply of application and
> root sploits, how much they will protect you?
separate question; see also defense in depth.
however, a robust bespoke BIOS beats otherwise cascade catastrophe.
> Instead of rootkit they will root you every boot IMHO.
this also has a different visibility, as executing in priv. or user
context & addr space.
also why "throw away" VMs per Qubes or Live OS images a useful
technique to avoid attempted persistence via weird machines gone
rogue...
best regards,
More information about the cypherpunks
mailing list