Is it still good practice to reinstall everything after you are owned?

Travis Biehn tbiehn at gmail.com
Mon Sep 25 09:26:18 PDT 2017


On Mon, Sep 25, 2017 at 10:44 AM, Georgi Guninski <guninski at guninski.com>
wrote:

> On Tue, Sep 19, 2017 at 01:57:33PM -0400, Travis Biehn wrote:
> > Yes - in addition, since some attackers have been shown to compromise not
> > only UEFI firmware, but also blobs in peripheral devices, a re-flashing
> of
> > those components from HW land. In many cases, this type of recovery is
> > 'impossible'.
> >
> > Practically, individuals will take a stab on guessing attacker capability
> > between; zero sophisticated persistence and h/w re-install survivability
> > and act accordingly. It is difficult to get that right, if not
> impossible.
> >
>
> Thanks. I suppose it is safe guess that non-negligible part of the world
> is persistently owned?
>

Hey Georgi,

On prevalence I won't speculate - but my number would be pretty low. You
don't burn your fancy hardware persistence on just any target.

In somewhat-related news, the cat and mouse game is getting a bit more
interesting with Apple High Sierra's eficheck. While I don't expect it to
remain effective long, it promises to find some 'interesting' old samples.

-Travis

-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2224 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20170925/83edb971/attachment.txt>


More information about the cypherpunks mailing list