4 reasons BadBIOS isn't real

[InfoSec News <alerts () infosecnews org>]

http://www.infoworld.com/d/security/4-reasons-badbios-isnt-real-230636

By Roger A. Grimes
InfoWorld
NOVEMBER 12, 2013

If you haven't been following the story of Dragos Ruiu's BadBIOS tale the 
last two weeks, you've missed a compelling saga and an opportunity to find 
out how much you really know about malware.

A well-respected computer security researcher, Ruiu says he's found the 
single nastiest malware program of all time. Purportedly, it lives in the 
BIOS, survives BIOS reflashes, readily works cross-platform (Windows 8, 
BSD, OS X), and -- get this -- communicates with other infected computers 
using high-frequency sound waves above the range of human hearing. It 
renders CD-ROM drives and USB drives unusable, and it can erase its tracks 
when forensically analyzed.

People following this story fall into a few different camps. Many believe 
everything he says -- or at least most of it -- is true. Others think he's 
perpetrating a huge social engineering experiment, to see what he can get 
the world and the media to swallow. A third camp believes he's 
well-intentioned, but misguided due to security paranoia nurtured through 
the years.

A few even think we're witnessing the public mental breakdown of a beloved 
figure. They point out that paranoid schizophrenics often claim to be 
targeted by hidden communication no one else can hear. To be honest, I've 
found myself in all these camps since the story broke, though I'm leaning 
toward those who think Ruiu is well-intentioned, but perhaps seeing too 
much of what he wants to see.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/