On Thu, 9 Feb 2012, Stephen Hemminger <shemmin...@vyatta.com> wrote: > The advice I heard is trust nothing (even reflash the BIOS).
Do you know of any real-world exploits that involve replacing the BIOS? It's been theoretically possible for a long time but I haven't seen any references to it being done. Also one thing to keep in mind is the apparent competence of the attackers. If they didn't bother changing debsums then it's unlikely that they did any of the other tricky things which have been discussed (such as trojaning the kernel). -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201202091107.20847.russ...@coker.com.au
