Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« COBIT and Governance Best Practices | Main | Email Client Vulnerability: Thunderbird »

Can You Trust Your Firmware?

InformationWeek is reporting that the Bureau of Industry and Security within the U. S. Commerce Department has been attacked by Chinese hackers to the point where the department is replacing hardware. Has it gotten to the point that reformatting a hard drive isn't even enough?

John Heasman's presentation at the Black Hat conference in January, 2006 described how the Advanced Configuration Power Interface could be used to comprimise a computers BIOS. In a National Public Radio piece this morning, the possiblity of comprimising a printer was discussed. "How often do you update your printer?" was asked and leads us to the more general question, what do we need to lock down?

We used to think in terms of vulnerabilities in operating systems, network services, and applications, but that may not be enough for long. It looks like we're at the point where we can't trust firmware. I suspect we will start seeing a lot more digitally signed code, including firmware, in the future.

Tags:      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on October 9, 2006 5:28 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/87

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net