Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Demo BIOS Attack That Survives Disk Wipes

CmdrTaco posted more than 5 years ago | from the can't-believe-it-took-this-long dept.

Security 396

suraj.sun writes "A pair of Argentinian researchers have found a way to perform a BIOS level malware attack capable of surviving even a hard-disk wipe. Alfredo Ortega and Anibal Sacco from Core Security Technologies — used the stage at last week's CanSecWest conference to demonstrate methods (PDF) for infecting the BIOS with persistent code that will survive reboots and re-flashing attempts. The technique includes patching the BIOS with a small bit of code that gave them complete control of the machine. The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player."

Sorry! There are no comments related to the filter you selected.

Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27297237)

Tsarkon Reports Obama bent on bankrupting USA

Barack is hell bent on bankrupting the USA once and for all ; read everything below and you might finallybegin to understand.

- Chairman Barack Hussein "The Teleprompter" Obama is deeply connected to corruption, Rahm Emanuel (Radical authoritarian Statist-Zionist whose father was part of the Murderous Civilian Killing Israeli Terrorist Organization known as IRGUN), Connected to Rod Blagojevich (Rahm inherited Rod's federal-congress seat), Connected to Ayers, a man who promotes the concept that civilian collateral damage is ok in a war against freedom, Preacher Jeremiah Wright, who is himself a black-elitist who wants all the people who largely "pay the freight" to suffer, 31 million on food stamps, more blacks are in prison and on food-stamps per capita than anyone else. The problem with Wright is simply this: the facts are "racist."
- Obama: Racist, AIPAC-Zionist, Corrupted and a Traitor and a Liar who can't even produce a valid birth certificate (which is not a certificate of live birth)
- Raytheon lobbyist in Pentagon
- Goldman Sachs insider second in command at Treasury.
- Cabinet has had several nominees and appointees with multiple tax fraud issues.
- The head of the IRS and the head of the Treasury, Geithner, is a Tax Cheat
- Lied about no lobbyists
- Lied about having a new degree of accountability and a SUNSHINE period of new laws, he has signed bills with little or no review at as promised.
- Appointed a second amendment violating Rich-pardoning treasonist Eric Holder as AG, the top cop of the USA, a man who helped a fugitive evade justice.
- Has not put a dime in for a single new nuclear power plant but wants to help bridges and roads to promote more driving.
- Obama, Blagojevich and Rahm Emanuel have a LOT to hide. They literally lived next to each other, Rahm had (until being Chairman Obama's Chief of staff) Blagojevich's old federal congressional seat. Blagojevich helped Chairman "The Teleprompter" Obama cheat his way to the Illinois senate by getting other candidates thrown off the ballot in Illinois. Why do you think Blagojevich was so mad? Obama DID owe him, big time. Rahm and Obama are using Blagojevich and trying to cut his head off to keep him away.
- Tony Rezko, Iraqi Arms Dealer Nahdmi Auchi, and of course Aiham Alsammarae. Chairman "The Teleprompter" Hussein Obama is so corrupted its a joke.
- Fools and "useful idiots" twist the pie charts by leaving welfare, workfare, interest on debt, social security, Medicare and Medicaid out and focusing only on non-whole "discretionary" pie charts.
2007 high level pie chart, Federal Budget, USA []
2009 Pie chart, detailed, Federal Budget, USA []
- Chairman Obama is drastically increasing spending and creating more entitlements that will make the US less competitive (especially against China, India, East Europe/Russia). This will be a huge disaster and change you can believe in will strap you and your grandkids with more debt. No taxation without representation? Obama is spending money for the next two-three generations and they can't even vote yet, or even have been born.
- An alternative to the dollar and a forex and a reserve currency came up at the last G20 meeting. The world will not take faith in Obama's liar-socialist spending and welfare state, why should the taxpayers (plebian citizen-slaves of a police state).
- The spending going on now vastly eclipses all previous spending. In fact, the massive trillion plus debts is a thing of the 80's onwards. Congress signs the checks, remember that Year after year, as egregious as the pentagon spending is, that the social spending is completely a waste of money and it is unfunded over the long term. Eisenhower built the interstates, the US could build a new power infrastructure with this money but instead is being pissed into creating more of an entitlement system that is STILL unfunded, and without massive poll-taxes and far more aggressive progressive taxes, could NEVER be funded.
- The budgeting being done today were recently reported by a non-partisan auditing commission will lead to about 10 TRILLION in new debt over the next 10 years. Obama is going to double the national debt while doing nothing to address the unfunded debt obligations of Social Security.
- Clinton appointed David Walker of the GAO, he quit, the unfunded debt obligations have rendered the USA insolvent according to accounting standards.
Taxpayers on the hook for $59 trillion []
US Public Debt Unfunded Debt Obligations []
- Most of the world population gets NOTHING from their governments, or a very bare minimum or services that benefit only the upper echelons of society. However, the liar Chairman Obama says we need his universal "state-hospital" rationed health care to be competitive. Bull. China and India give nothing, and they are the biggest threat to the American worker. By forcing healthcare and higher taxes, Americans will be less competitive.
- If you think 60% tax rates end to end (income, accounts receivable tax, building permit tax, CDL tax, cigarette tax, corporate income tax, dog license tax, federal income tax, unemployment tax, gasoline tax, hunting license tax, fishing license tax, waterfowl stamp tax, inheritance tax, inventory tax, liquor tax, luxury tax, Medicare tax, city, school and county property tax (up 33 percent last 4 years), real estate tax, social security tax, road usage tax, toll road tax, state and city sales tax, recreational vehicle tax, excise tax, state franchise tax, state unemployment tax, telephone federal excise tax, telephone federal state and local surcharge tax, telephone minimum usage surcharge tax, telephone state and local tax, utility tax, vehicle license registration tax, capital gains tax, lease severance tax, oil and gas assessment tax, misc internet sales tax and many more taxes that I can't recall at the moment) will make the US competitive, along with compulsory programs to provide everyone with health care is going to make the US competitive in the age of India and China, you are a joke.
- As the US nationalizes (read: rations healthcare) to the least common denominator of affordability without regard to efficacy, people with money will simply look into medical tourism so those with money can go to medical parks in India and get real health care. Those who have lived in Canada or in the UK can tell you "free" healthcare is NOT a panacea. If you think this, you are again, a useful idiot. The NHS in the UK has given bad blood and Hepatitis and AIDS blood to people, and Jade Goody who just died was misdiagnosed twice resulting in her death (She was all cleared twice of cervical cancer which she just died of). The NHS in the UK is not able to be sued or held accountable. Neither will Chairman Obama's rationed health care service for America.
- Sorry to bust the socialist bubble-lie, but support of these types of policies will simply lower the standard of living in the USA, particularly for the middle class. At least at the end of the Eisenhower projects the USA got roads to show for the spending, and with this new spending, the USA could have built power plants that get the USA out of the middle east, but the age of government for the sake of government is upon us, and the useful idiots line up and believe empty promises.
The pentagon (and Bechtel, Kroll, Bluewater, Halliburton, etc) could get less than half of what they get today, but that will fix nothing fundamental in terms of government spending. It is simply not enough to make a difference when compared to the Medicare, Medicaid, welfare, workfare and social security entitlements.
See: YouTube - US Government Immorality Will Lead to Bankruptcy []
- If Obama thinks its ok to lie to 300 million people about being able to "take care of them" without even being honest about what that care would look like, then being an idiot and believing in Obama is for you.
- The US Government already have over 50% of the budget on Medicare, Medicaid, welfare, workfare and social security. Socialists: Good job on that one, its working great. Solution to the current near-collapse-due-to-over-spending: add more unfunded entitlements!
- You Socialist-liars can break my spirit and my financial back to force me to "need" a federal government that is turning this country into a police state and turn it into a quasi-socialist lie, but I will, I must put up a fight. I have kids to educate and feed, and the stuff you sell (which is failing to various degrees everywhere else as implemented) is simply forcing a culture of failure on a once great, libertarian free country.
- I will not be complacent with your "change," and there will be a point where civil war will become an option. See how hard you can push before you get it. How much more than half can the truly productive workers in this country afford to pay. Keep pushing to find out how to start a civil war.
- The socialist-lie of a plan will not work, its not fundable, it WILL destroy the currency to fund it, and its really as simple as this: if this insanity is funded by borrowing from the US's economic and military adversaries then Obama and his socialist cabal is NOT fit to administrate society. Rome fell. Kings who mis-manged their treasuries all fell. Every example of unhinged spending leads to the same result: systemic collapse.
- Obama and his sycophantic lunatics would want to have a civil war to get Chairman Obama's way and force the socialist-lie system on my already tax paying law abiding ass. And as far as "no new taxes" for those under 250k, its a lie, the tax is called inflation, which is set to begin just about now that the Chinese wont want the USA's worthless treasuries to fund the socialist-lie fantasy (one that COMMUNIST China doesn't even try and sell to its people!)
- Chairman Obama's numbers don't add up. There is a $59 trillion dollar hole (UFDO) in social security alone. AIG $150 billion here, TARP $350 billion there. $800 billion for a highly dubious stimulus package. Another one on the way. $59 trillion hole in the balance sheet IGNORED. China saying they aren't going to buy treasuries, Clinton clamoring to find buyers now. $3.6 trillion dollar budget, potential military action on Mexico, Iran still a "terrorist state" at the behest of the AIPAC, spending up, dollar about to fall, inflation over time since Breton Woods extremely easy to document, yet, the socialist-liars question when the numbers (the Federal Government numbers) simply don't add up to the point where if the US-GOV was a company it would be insolvent.
  -How dare the taxpayers question what Chairman Obama's drastic spending increases are going to do to the purchasing power of our savings because Chairman Obama wants to recklessly spend and try to maintain and American empire AND guarantee a standard of living, and Chairman Obama doesn't even want to build a single nuclear power plant to do it? Chairman Obama must be a complete and total lunatic moron.
- Obama is either a negligent idiot or an unhinged maniac with delusional fantasies. Meanwhile, Chainman Obama's tax dodging Treasury Secretary has 17 unfilled positions, the Treasury Dept. isn't even functioning at this point.
- "General welfare" in the constitution was, according to the man who wrote it, Madison, meant to be extremely limited in scope. The federal government per the constitution doesn't even have the enumerated POWER to deal with economic messes. A lot of these "POWERS" were created while there is a crisis to dupe the public into accepting an un-constitutional authoritarian regime as the government and to usurp authority over the people.
- The USA is a constitutional republic. A democracy is two wolves and a sheep voting to eat a sheep. Also a constitutional republic isn't about using a barely-majority or a plurality to stuff your (un-fundable disastrous) crap down the disenfranchised other-half's throat.
- With Obama's authoritarian corrupted criminal (aiding and abetting a criminal in flight of prosecution, Rich case) Eric Holder in charge, we won't have our inalienable and enumerated rights to firearms much longer. For a constitutional law expert, Obama must have never read the federalist papers or he would simply hand himself as a traitor.
- The arbitrary expansion of "general welfare" is not only unconstitutional, it may very well lead to a serious conflict on the issue.
- Here is a debate on general welfare and how stuff like this came to pass, but was clearly no intended by the authors of the document of root law.
In Federalist No. 41, James Madison asked rhetorically: "For what purpose could the enumeration of particular powers be inserted, if these and all others were meant to be included in the preceding general power?" (In reference to the general welfare clause)
So strongly did the founders believe that "general welfare" wouldn't be expanded as written:
In Federalist No. 84, Alexander Hamilton indirectly confirmed Madison's point. (That the "general welfare" clause was "clearly" nota free pass for government)
Hamilton argued that a bill of rights, which many were clamoring for, would be not only unnecessary, but dangerous. Since the federal government was given only a few specific powers, there was no need to add prohibitions: it was implicitly prohibited by the listed powers. If a proposed law a relief act, for instance wasn't covered by any of these powers, it was unconstitutional.
"why declare that things shall not be done which there is no power to do? Why, for instance, should it be said, that the liberty of the press shall not be restrained when no power is given by which restrictions may be imposed?"
Hamilton goes on to argue that making Amendments (e.g., enumerating Free speech, press and assembly) and enumerating the 'right' would have the following effect:
(A bill of rights) "would furnish, to men disposed to usurp, a plausible pretence for claiming that power that is, a power to regulate the press, short of actually shutting it down. "
"With respect to the words 'general welfare,' I have always regarded them as qualified by the detail of powers (enumerated in the Constitution) connected with them. To take them in a literal and unlimited sense would be a metamorphosis of the Constitution into a character which there is a host of proofs was not contemplated by its creators." --James Madison [The US Supreme Court has found the meaning of "general welfare" in the Constitution to be much more elastic than did Mr. Madison. But as the "author of the Constitution," what does he know?]
James Madison, when asked if the "general welfare" clause was a grant of power, replied in 1792, in a letter to Henry Lee,

If not only the means but the objects are unlimited, the parchment [the Constitution] should be thrown into the fire at once.

"...We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed. That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish is their right, it is their duty, to throw off such Government , and to provide new Guards for their future security. ...--The Declaration of Independence
- Wrong, monetizing failures causes more. Japan showed us this for decades. But hey, Chairman Obama thinks you can fix a problem DECADES in the making with a quick fixer-upper, he is screwed in the head.
- The complaints are with the Federal government (in general) since Breton Woods. The Federal Government and Obama's minions STILL didn't listen to David Walker, a Clinton appointee and former head of the GAO. This isn't about political parties anymore morons!
- Show me a single federal budget that was less than the previous. If this $3.6T budget goes, its never coming back barring systemic collapse.
- The United States Federal Government, The United States Federal Reserve, and the banks which were enabled to continue down reckless paths by a quasi government agency known as the Federal Reserve whose actions are not subject to congress and whose members are unelected. This situation is untenable and unconstitutional.
- Every inflationary road taken in history ends in collapse. Keynesian policies are widely regarded as no longer workable.
- Inflation is a tax: What ignorant tax and spenders don't take into account here is the relative percentages of people's wealth (both net and gross) and the costs of owning and maintaining houses, cars, standards of living.
- Inflation via deficit spending is going to make it such that you will be paying a lot more by percentage of your income to maintain a given standard of living. Obama's arguments are so poorly thought out and seek to blame "Republicans" for the mess, its really simply laughable - the needs cleanup now, not worsening.
- You can't spend your way out of a hole if the creditors (e.g. China) start telling the USA they won't buy. It is that simple. Now America starts to have to collateralize the debt with assets. The USA will be selling off chunks of American assets to back the new debt. One day, it may even be necessary to sell Alaska back to Russia because no one will take greenbacks to prop up a failing version of a modern Rome.
- Ah, here we go with the Matthew Lesko arguments. []
Interest rates were on the rise before the government stepped in with free money for everyone (the fine print of course indicate massive strings attached).
Other economies, for example, India, have the central rates set to far more reasonable/realistic rates (at the moment ~ 8+%), which is still tends to be too low, but shows that if you need someone else capital you need to pay a premium for it, and given that capital is in short supply, it would stand to reason that a premium must be charged for it.
The problem is the unrealistic growth rates of mature economies don't allow for profiting via growth projections (rather than simply earning money). So the government steps in, turns on the free money spigot, gets the interest rates for savings down in the 1-2% range while diluting the value of the whole currency in order to prop up dying companies that ran the business like a Madhoff Ponzi scheme.
- The Republicans aren't solely responsible for the crisis as Obama's minions would have you believe, congress is (no particular congress), the Executive of the US government (no particular one) and the US Federal Reserve System are all at fault.
- Fundamentally, the government is trying to fix the prices of various things to "make it all work." This pulling on the invisible hand is a fools venture. It was predicted long ago the housing collapse (and those, such as myself, in the know, wished while realizing the housing collapse coming that we were wrong for everyone's sake - but the truth is the truth) . It may be that the Austrian (von Mises) economists will ultimately be proven right.
- We are a nation of partially educated whiney grabby idiots, and we got the government that represents this. The Chinese, India and other up and coming nations will show no mercy for this arrogant abuse of our status as the world's forex reserves.
- War and asset sales will continue to be the only option for this scheme until it is corrected at the core. And to say that the government has already averted a depression by doing what they did (most of the monies injected wont be "felt" for some time), is just arrogance and stupidity. Price fixing prolonged the Great Depression. Price-fixing (or attempting to) houses will do the same, but probably worse.
- Obama's minions simply don't care if the US is bankrupted and rendered insolvent, they just want a say in how its done, presumably to "feel safe." Rather selfish.

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." AND "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (Possibly Richard Jackson)

- Everyone better realize that inflation will pay a major role in funding un-fundable fantasies, wiping the savers and the middle class out. The problem is, that other countries are growing tired of making our Federal Reserve notes worth something by buying our debt as treasuries. Obama's minions talk about spending, but in order to "get what YOU want" you will sell debt to potential economic and military adversaries? Real bright. What's really sad is that despite David Walker being an authority on these issues, people refuse to even watch him and listen to what he is saying.
- On the success of Canada and its form of Socialism: A huge country like Canada with massive amounts of uranium and tar sands and natural resources and a huge land mass with a scant 30 million people is an order of magnitude less of a problem to manage than a country with 10x its population, a serious leaky southern border, backfiring aggressive foreign policy, particularly with Iran, and the US is competing with countries like India and China whose middle classes are larger than the US's entire population. The top 5 students in every Indian and Chinese primary school out numbers all the kids in primary school in the US. Canada is a idyllic island, the USA is front and center in an all out economic and political clash of ideologies.
- Cap and trade (and pollution control for solving global problems) will never work unless the top 10 countries in the world (in terms of both GDP and manufacturing capacity and population) are on board. Period end. If the world doesn't quickly move to nuclear now and fusion shortly, it is OVER possibly not if every home on the planet gets a wind vane, but that seems unlikely to happen (since its possible now).
- Keynes calls it "the paradox of thrift" and suggested that policies forcing people not to save is a "good idea." The guy wanted people spending all the time, or if he didn't, he never conveyed that to his protégés well enough for them to not do what they are doing. Right now the plebeians in the US are actually stashing cash, and everyone from Obama to the media is trying to get people to spend spend spend. The best thing for the long term is for people to prepare for the coming hell, not set out with no reserves.
- I have seen Keynes invoked to justify nearly every bad move in the past decade, and its warming up to be a potential currency collapse, the collapse of the US Treasury and Federal Reserve notes, and a collapse of the NYSE. And then they invoke Keynes to suggest the best way out of the mess is to spend out of an already near-critically debt massed black hole.
- A house is run like a town is run like a country or business is run like a state is run like a government. If there are things the government is doing that would either force your home into bankruptcy or into jail via fraud charges, then the government and banks shouldn't be operating in that fashion. A certain degree of stretchy liquidity is in order, but in terms of percent of GDP, there is no way of justifying what they US has now.
- Iceland failed at 850 percent debt to GDP. The US is at 350 and rising. It is not a good thing at all.
- What is happening to the dollar as a forex standard. []
- March 19, 2009 C-SPAN - "Let's Quit Destroying Our Dollar!" []
- HR 1207 (A bill to make the Fed more accountable and to answer questions regarding the dollar policy) []

Title: Obama sidetracked by fiscal mess, but presses on []
"Being heard above the din may prove difficult. Lawmakers are wrangling over taxing people who got big bonuses and worrying the president's budget could generate $9.3 trillion in red ink over the next decade."
- Kremlin to pitch new global currency []
Russia proposes creation of global super-reserve currency

Holy crap, even the Russians and Chinese get it. Strange days are here.

" !" -

Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

Kokuyo (549451) | more than 5 years ago | (#27297261)

You are quite pathetic, aren't you?

Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27297337)

Ad hominem. Can't reason an argument so attack the man and not the message.


Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

Jurily (900488) | more than 5 years ago | (#27297395)

Ad hominem. Can't reason an argument so attack the man and not the message.

Still offtopic, so GTFO.

Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27297459)

Sorry, Mr. propaganda minister from miniluv, but the world's finances and the potential of a defaulting of the US dollar is always on topic.

Now can I please use the internet my taxes invented without trying to have my free speech squelched by the sweaty sycophants of a totalitarian authoritarian regime.

Re:Tsarkon Reports Obama bent on bankrupting USA (0, Offtopic)

Jurily (900488) | more than 5 years ago | (#27297519)

Well, I don't give a shit about either. What's your take on OpenBIOS?

Re:Tsarkon Reports Obama bent on bankrupting USA (5, Informative)

Anonymous Coward | more than 5 years ago | (#27297763)

I've found Intel's EFI strategy to be annoying and fragmented. The EFI shell is very dos like, has very poor performance for the frame-buffer devices and leaves a lot to be desired. However, it is likely to become de facto.

I did enjoy most the ALPHA systems SRM. Alpha-SRM had quite a bit of features for a "BIOS" of sorts.

The Sun and Apple OpenFirmware (OpenBoot) systems was probably the closest the world got to a sane pre-boot environment. Openfirmware also has the distinction of being an actual standard IEEE 1275-1994. Unfortunately, they (Sun, Apple mainly) did not help the "linux guys" or the open community until it was too late and protected nearly worthless intellectual property for no good reason. (worthless in the sense its not monetize-able) .

Now I found from long ago the concept of PC BIOS annoying. The BIOS vendors, like Phoenix, American Magatrends, Award, have a lot of collusions with the motherboard vendors in terms of getting all the secret register-poking needed to get things going. There is a lot of black magic, legacy code and the like, but it works.

It will be very hard for a non-Pheonx-AMI-Intel vendor to come up with a new BIOS for the ages. The LinuxBIOS (coreboot) project, last I checked, and very poor support and no major vendor (e.g. Dell or HP) has looked into it seriously.

The world lost when EFI eclipsed OpenFirmware's chances of spreading. Now we are stuck with a half-assed DOS-like shell, a still-extant BIOS like menu screen that the Intel motherboards provide, and judging from the number of revisions and the release notes on the various Intel EFI boards, we may have been better off with AMI/Phoenix's secret sauce and black magic than this EFI cruft.

In the age of 2TB+ volumes it is probably inevitable that we are going to all be using EFI very soon (along with GPT).

I do not foresee Coreboot or OpenBIOS or OpenFirmware making any real progress in pushing out EFI unless Asus or Lenovo sees the utility in having a real pre-boot environment.

Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

nedlohs (1335013) | more than 5 years ago | (#27297559)

Yes, completely on topic for an article about putting malware in bios.


Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27297809)

Yes, completely on topic for an article about putting malware in bios.


Now THATS on topics.

Thanks for showing how its done.

Since you are fucking stupid, I'll explain: I'm being facetious.

Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

Stopher2475 (780930) | more than 5 years ago | (#27297971)

You're really surprised that people are angry that they have to scroll by your 100 page political argument in a thread discussing computer BIOS vunerabilities?

Re:Tsarkon Reports Obama HELP MITTENS (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27298035)

So I came home from work the other day to discover my cat mittens laying on the floor. His breathing was very shallow and his eyes were very glassy. When I approached him I noticed a belt tied around his arm and both a syringe and a bent spoon laying beside him. Despite all his promises to the contrary, my beloved Mittens has started shooting up smack again!

Fortunately the paramedics showed up quickly and gave him some naloxone which saved him. Unfortunately the problem of my cat being addicted to heroin still remains. Last week he sold my stereo and this weekend Mittens offered to perform oral sex on me in exchange for a hit.

I love my cat and want to see him off this horrible drug. Unfortunately he won't stop on his own! Mittens says he can quit anytime he wants to and becomes combative when I force the issue. I'm tired of seeing him throw his life away. He could've been a great mouser, one of the best before he got hooked.

Can anyone recommend a way to get my cat off heroin? It would be much appreciated.

Also, this must be said; I dont want to fuck my poor cat mittens. I love him dearly. IF he offered oral sex as a hit, and I would never compromise the sanctity and trust of our brotherly (non gay, non sexual) relationship! I thank youall for your genuine concern for the safety of my genitals with regard to animal contact with sandpapery cat tongues, I assure your that fornicating with animals is not on the repitoire!

Please, if you know how to help poor mittens get off the smack, please, for the love of god help. Its mittens darkest time, and I dont want this to turn out like that beefy rugby guy who died on junk in Trainspotting. I dont want me or mittens to swim in toilets either. Please, help!!

Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27297403)

From good old nazi gold switzerland. Good old money laundering fuckups who host UBS. I have some old nazi speeches for you, you fucking fascist cunt! Tod für alle Juden. In die brennende Öfen werden sie!

Die Glorreichen Rede von Reischsführer-SS Heinrich Himmler in Poznan (Posen), (Polen / Poland)

Montag , Oktober 4, 1943 (04.10.1943)

Ich will auch ein ganz schweres Kapitel will ich hier vor Ihnen in aller Offenheit nennen. Es soll zwischen uns ausgesprochen sein, und trotzdem werden wir nicht in der Öffentlichkeit nie darüber reden. Genau so wenig, wie wir am 30. Juni gezögert haben, die befohlene Plicht zu tun und Kameraden, die sich verfehlt hatten, an die Wand zu stellen und zu erschiessen. Wie wir darüber niemals gesprochen haben und sprechen werden. Das war so eine Gottseidank in uns wohnende Takt, Selbstverständlichkeit des Taktes, dass wir uns untereinander nie darüber unterhalten haben, nie darüber sprachen, es hat jeden geschauert und jeder war sich klar, dass er es das nächste Mal wieder tun würde, wenn es befohlen wird und wenn es notwendig ist. Ich meine die "Judenevakuierung": die Ausrottung des jüdischen Volkes. Es gehört zu den Dingen, die man leicht ausspricht. "Das jüdische Volk wird ausgerottet", sagt Ihnen jeder Parteigenosse, "ganz klar, steht in unserem Programm drin, Ausschaltung der Juden, Ausrottung, machen wir, pfah!, Kleinigkeit". Und dann kommen sie alle, alle die braven 80 Millionen Deutschen, und jeder hat seinen anständigen Juden. Sagt: alle anderen sind Schweine, und hier ist ein prima Jude. Und zugesehen, es durchgestanden hat keiner. Von Euch werden die meisten wissen, was es heisst, wenn 100 Leichen beisammen liegen, wenn 500 daliegen oder wenn 1000 daliegen. Und dies durchgehalten zu haben, und dabei -- abgesehen von menschlichen Ausnahmeschwächen -- anständig geblieben zu sein, hat uns hart gemacht und ist ein niemals genanntes und niemals zu nennendes Ruhmesblatt. Denn wir wissen, wie schwer wir uns täten, wenn wir heute noch in jeder Stadt bei den Bombenangriffen, bei den Lasten des Krieges und bei den Entbehrungen, wenn wir da noch die Juden als geheime Saboteure, Agitatoren und Hetzer hätten. Wir würden wahrscheinlich in das Stadium des Jahres 16/17 jetzt gekommen sein, wenn die Juden noch im deutschen Volkskörper sässen. Die Reichtümer, die sie hatten, haben wir ihnen abgenommen, und ich habe einen strikten Befehl gegeben, den Obergruppenführer Pohl durchgeführt hat, wir haben diese Reichtümer restlos dem Reich, dem Staat abgeführt. Wir haben uns nichts davon genommen. Einzelne, die sich verfehlt haben, die werden gemäss einem von mir gegebenen Befehl, den ich am Anfang gab: Wer sich auch nur eine Mark davon nimmt, ist des Todes. Eine Anzahl SS-Männer haben sich dagegen verfehlt. Es sind nicht sehr viele, und sie werden des Todes sein - GNADENLOS! Wir haben das moralische Recht, wir hatten die Pflicht unserem Volk gegenüber das zu tun, dieses Volk, das uns umbringen wollte, umzubringen. Wir haben aber nicht das Recht, uns auch nur mit einem Pelz, mit einer Mark, mit einer Zigarette, mit einer Uhr, mit sonst etwas zu bereichern. Das haben wir nicht. Denn wir wollen nicht am Schluss, weil wir den Bazillus ausrotten, an dem Bazillus krank werden und sterben. Da werde ich niemals zusehen, dass so etwas überhaupt nur auch ein kleine Fäulnisstelle bei uns eintritt oder sich festsetzt. Sondern, wo sich eine festsetzen sollte, werden wir sie gemeinsam ausbrennen. Insgesamt aber können wir sagen: Wir haben diese schwerste Aufgabe in Liebe zu unserem Volk getan. Und wir haben keinen Schaden in unserem Innern, in unserer Seele, in unserem Charakter daran genommen.

Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

flashfire (74439) | more than 5 years ago | (#27297655)

So did I miss the part where Obama created the exploit in the BIOS that these people are using? If not, then STFU and GTFO; god, I hate it when people post unrelated bull shit. Here is a question thought, who's BIOS was the code inserted, was it tested against non-PC BIOS? I'm just wondering if the same method would work against a Sun or Mac system.

Re:Tsarkon Reports Obama bent on bankrupting USA (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27297941)

Since your such a rude stupid fucking tight ass, I figure you are inserting your Yoda doll up your ass in a painful way, here I have some help for you:

Tsarkon Reports 9 Step Yoda Grease

9 steps to greasing your anus for Yoda Doll Insertion!
v 4.95.0
$YodaBSD: src/release/doc/en_US.ISO8859-1/yodanotes/9stepprocess.sgml,v 4.95.0 2009/03/23 01:04:20 tsarkon Exp $

  1. Defecate. Preferably after eating senna, ex lax, prunes, cabbage, pickled eggs, and Vietnamese chili garlic sauce. To better enhance the pleasure of this whole process, defecation should be performed in the Return of the Jedi wastebasket for added pleasure. []
  2. Wipe ass with witch hazel, which soothes horrific burns. (Rob "CmdrTaco" Malda certifies that his lips, raw like beaten flank steak from nearly continuous analingus with dogs, are greatly soothed by witch hazel.)
  3. Prime anus with anal ease. [] (Now Cherry Flavored for those butthole lick-o-phillic amongst you - very popular with 99% of the Slashdotting public!)
  4. Slather richly a considerable amount of Vaseline and/or other anal lubricants into your rectum at least until the bend and also take your Yoda Doll [] , Yoda Shampoo bottle [] or Yoda soap-on-a-rope [] and liberally apply the lubricants to the Doll/Shampoo/Soap-on-a-rope.
  5. Put a nigger do-rag [] on Yoda's head so the ears don't stick out like daggers!
  6. Make sure to have a mechanism by which to fish Yoda out of your rectum, the soap on the rope is especially useful because the retrieval mechanism is built in. []
  7. Pucker and relax your balloon knot several times actuating the sphincter muscle in order to prepare for what is to come.
  8. Slowly rest yourself onto your Yoda figurine. Be careful, he's probably bigger than the dicks normally being shoved up your ass! []
  9. Gyrate gleefully in your computer chair while your fat sexless geek nerd loser fat shit self enjoys the prostate massage you'll be getting. Think about snoodling [] with the Sarlaac pit. Read Slashdot. Masturbate to anime. Email one of the editors hoping they will honor you with a reply. Join several more dating services - this time, you don't select the (desired - speaks English) and (desired - literate). You figure you might get a chance then. Order some fucking crap from Think Geek. Get Linux to boot on a Black and Decker Appliance. Wish you could afford a new computer. Argue that cheap-ass discount bin hardware works 'just as well' as the quality and premium hardware because you can't afford the real stuff. Make claims about how Linux rules. Compile a kernel on your 486SX. Claim to hate Windows but use it for World of Warcraft. Admire Ghyslain's courage in making that wonderful Star Wars movie. Officially convert to the Jedi religion. Talk about how cool Mega Tokyo is. Try and make sure you do your regular 50 story submissions to Slashdot, all of which get rejected because people who aren't fatter than CowboyNeal can't submit. Fondle shrimpy penis while making a Yoda voice and saying, use the force [] , padawan, feeel the foooorce [] , hurgm. Yes. Yes. When 900 years you reach [] , a dick half as big you will not have. []

All in a days work with a Yoda figurine rammed up your ass.



Tux is the result after trimming Yoda's ears off so that Lunix people don't rip themselves a new Asshole

What you can do with you ass after sitting on a GREASED UP YODA DOLL. []

y______________________________YODA_ANUS__- []
o_________________.'_:__`.________________y []
d____________.-.'`.__;___.'`.-.___________o []
a___________/_:_____;__/____;___________d []
s_,'__""--.:__;".-.";:_:".-.":__;.--""__`,a []
e_:'_`.t""--.._'/@.`;___',@`_..--""j.'_`;s []
x______`:-.._J_'-.-'L___`--_'_L_..-;'_____e []
________"-.___;__.-"__"-.__:___.-"________x []
y____________L_'_/.------._'_J___________y []
o_____________"-.___"--"___.-"____________o []
d______________.l"-:_TR_;-";._____________d []
a_________.-j/'.;__;""""__/_.'"-.________a []
s_______v.'_/:`._"-.:_____.-"_.';__`.v____s []
e____.-"__/_;__"-._"-..-"_.-"__:____"-.___e []
x_.+"-.__:_:______"-.__.-"______;-.______x []
_v;___`.;_; I Yoda Have A _____:_:_"+._;__ []
y_:__;___;_;_Greased Up ME In __:_;__:_:_y []
o_;__:___;_:_MY ASS! This Goes__;:___;__:_o []
d:___;__:__; On FOREVER!______:_;__/__::_d []

Ground Control to Yoda Doll Ballad : "Soddity"

Synopsis: --Major Tom goes to the bathroom and shoves a Yoda doll up his ass, and then gimps back to his desk to post AC Trolls on Slashdot. -Yoda Doll to Major Tom. - Yoda Doll to Major Tom. - Take your ex-lax bars and put my do-rag on. - Yoda Doll to Major Tom. - Commencing countdown, rope is on. - Begin insertion and may Goatse's love be with you. -- This is Yoda Doll to Major Tom, - You've rectally been flayed! - And the papers want to know whose shirts you wear. - Now it's time to leave the crapper if you dare. -- This is Major Tom to Yoda Doll, - I'm stepping through the door. - And I'm farting in a most peculiar way! - And my ass looks very different today. - For here... - Am I shitting in the tincan? - Far...too busy posting trolls. -- Slashdot censors you... and there's nothing I can do. -- Uploading one hundred thousand files, - I'm feeling very ill. - I don't think my feces know which way to go. - I can't tell my intestines from spaghetti- - code. Yoda Doll to Major Tom, your prostate's dead, there's something wrong, - Can you hear me, Major Tom? - Can you hear me, Major Tom? - Can you hear me, Major Tom? Can you hear... Am I shitting in the tincan? - My ass like a baboon's - Slashdot censors you - and there's nothing I can do.

The Yoda Pledge

I pledge Allegiance to the Doll
of the Greased Up States of Yodarica
and to the Republic for which it shoves,
one nation under Yoda, rectal intrusion,
with anal lube and ass grease for all.

hello.mpg lyrics.
I'm doin' this tonight ,
You're probably gonna start a fight .
I know this can't be right .
Hey baby come on,
I loved you endlessly ,
When you weren't there for me.
So now it's time to leave and make it alone .
I know that I can't take no more
It ain't no lie
I wanna see you out that door
Baby , bye, bye, bye...

A picture of your ass after YODA. []

A POAST from Rob Malda's "Chips & Dips" Website (July 1997), which is the direct precursor to Slashdot, it was located at: []

Wed, July 23
Prequel Yoda Pictures!
From the Aren't-you-a-bit-early? Dept
Once again Harry Knowles catches the scoop on time with some great pictures of the clay sculpture that will be digitized and used for the CGI Yoda in the Prequels. Check it out at Aint-it-cool-News [] .

Looks like Malda's been chomping at the bit to get a greased up Yoda in his ass for some time now.

"Yoda Doll" sung to the tune of "Diamond Girl" by that homo Johnny "Oh" as in "Oh shit I have a cock in my mouth!"

If you can feel what I am feeling, Then the grease is just believing, You're my, you're my Yoda Doll

Yoda Doll you make my ass feel, Like I'm on fire when you are near, You captivate me with your smile, Your grease lets me get so wild, Ooh oh Yoda Doll, Your my Yoda Doll, Ooh oh Yoda Doll, Greased up Yoda Doll

Yoda Doll I'd like to know, If you get in my back door, Which will only make me want you more, Get your greased ass on the floor, Ooh oh Yoda Doll, Your my Yoda Doll, Ooh oh Yoda Doll, Greased up Yoda Doll

If you can feel what I am feeling, Then the grease is just believing, You're my, you're my Yoda Doll, Ooh oh Yoda Doll

You fit right in my sphincter, I'm so proud to have you in me, I persist to enjoy all your grease, I persist to enjoy all your grease, I persist to enjoy all your grease, I persist to enjoy all your grease, I persist to enjoy all your grease

Yoda Doll where we go wrong, The love I felt was all gone, Why did I pull you out so soon, Look at all the shit in this room

If you can feel what I am feeling, Then the grease is just believing, You're my, you're my Yoda Doll, Ooh oh Yoda Doll, You'll always be my Yoda Doll, Greased up Yoda Doll

Yoda Doll tu me aces center, Como estoy en fuego junto ati, Tu me captivas con tu grasa, Te quiro dar todo mi culo, Mi Muneca de Yoda, Si tu eres si tu eres, Your my Yoda Doll, You fit right in my sphincter, I'm so proud to have you in me, Your my, my Yoda Doll

Of course. (0, Offtopic)

ers81239 (94163) | more than 5 years ago | (#27297255)

Last I checked, the BIOS lives in a chip, not the HDD. Thus the magic diskless booting. How is this news?

Re:Of course. (1)

yincrash (854885) | more than 5 years ago | (#27297275)

i think the news story is that the bios is infectable? i'm not sure.

Re:Of course. (3, Informative)

Andr T. (1006215) | more than 5 years ago | (#27297287)

used the stage at last week's CanSecWest conference to demonstrate methods for infecting the BIOS with persistent code that will survive reboots and re-flashing attempts.

The fact that the BIOS is in a chip is not news. News is they've infected it.

Re:Of course. (2, Informative)

Anonymous Coward | more than 5 years ago | (#27297455)

OK, that bolded part is pretty cool and suggests a serious flaw.

I guess it's official. (0)

Anonymous Coward | more than 5 years ago | (#27297259)

It's official - we're screwed.

Re:I guess it's official. (0)

Anonymous Coward | more than 5 years ago | (#27297297)

time to switch to EFI

Re:I guess it's official. (5, Funny)

Dunbal (464142) | more than 5 years ago | (#27297311)

It's official - we're screwed.

      Happy news for most of the nerds on this site who sigh and collectively whisper "Finally!"

Re:I guess it's official. (1, Funny)

Anonymous Coward | more than 5 years ago | (#27297341)

It's official - we're screwed.

      Happy news for most of the nerds on this site who sigh and collectively whisper "Finally!"


Re:I guess it's official. (1)

Jurily (900488) | more than 5 years ago | (#27297417)

Happy news for most of the nerds on this site who sigh and collectively whisper "Finally!"

Don't know about you, but I like to be the one doing the screwing.

Re:I guess it's official. (1)

D Ninja (825055) | more than 5 years ago | (#27298301)

-1, Ewwwww

Re:I guess it's official. (5, Insightful)

Anonymous Coward | more than 5 years ago | (#27297419)

We've had evil viruses around for a while. Anyone remember

W95.CIH [] ? Back in the Windows 95 days, this mean son of a bitch could nuke your BIOS from orbit. And we're talking over a decade ago.

Computers are still chugging along fine. This will probably end up breaking more computers than it ends up hijacking. A broken computer is one that gets flagged and fixed or throw away.

Re:I guess it's official. (4, Informative)

xtracto (837672) | more than 5 years ago | (#27297641)

Not totally,
In one hand:

Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope.

Which makes the attack more difficult in operating systems which do not allow users to run with Administrative rights all the time.

But the methods are deadly effective and the pair are currently working on a BIOS rootkit to implement the attack.

I can imagine that, everything you need is ONE time root access to "install" the BIOS instructions and fsck the machine. After that, you are pretty much in control of what comes next.

In some way, I find this similar to the viruses that infected the Master Bood Record, just a bit more interesting...

On the other hand, this will just trigger a bios-patch / virus-release cat and mouse game similar to the standard viruses.

Re:I guess it's official. (0)

Anonymous Coward | more than 5 years ago | (#27298101)

Maybe this cat and mouse game can be limited. What it would take is a special program that resides on the motherboard, independant from the BIOS stored in flash. This program would be the gatekeeper and do the flashing, as opposed to the current utilities.

Instead of a MS-DOS utility doing a zero out, image write, and verify, what would happen is that the proposed flash image would be handed over to this utility when the machine is in the BIOS setup (and not booted to an OS). Then, the flash image is validated (can be signed, or a SHA-256 hash can be outputted and the user confirm that that is correct), and if confirmed, write the BIOS refresh. Of course, have a previous version of the BIOS in a non-writable ROM so the user can fall back to a known working setup if the latest flash fails.

Intel only? (1)

Quantos (1327889) | more than 5 years ago | (#27297291)

Would this affect only Intel, or is this entirely unrelated to this previous article? []

Re:Intel only? (5, Interesting)

peragrin (659227) | more than 5 years ago | (#27297717)

Better question is what typeof BIOS? Is EFI vulnerable? How about open firmware? Or is this limited to just plain ole BIOS that should have been killed a decade ago but remains as msft doesn't support anything else for most versions of it's OS?

I've already had BIOS malware (3, Funny)

Rosco P. Coltrane (209368) | more than 5 years ago | (#27297293)

preinstalled, on ASUS boards: it was the BIOS itself. It too survived hard disk wipes, but it didn't survive my sledgehammer.

Re:I've already had BIOS malware (1)

ADT7 (1458965) | more than 5 years ago | (#27297531)

What specific problem do you have with the BIOS on ASUS boards?

Or rather, on which specific board do you have a problem with the BIOS?

Requires root privileges or physical access (5, Interesting)

amazeofdeath (1102843) | more than 5 years ago | (#27297301)

"Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope."

Hmm, I'd say you are pretty much pwned in that case even before the attacker infecting the BIOS.

Re:Requires root privileges or physical access (2, Insightful)

IsThisNickTaken (555227) | more than 5 years ago | (#27297349)

I think the point is that once this happens that you cannot fix it by reflashing the BIOS.

Re:Requires root privileges or physical access (2, Interesting)

Jurily (900488) | more than 5 years ago | (#27297563)

I think the point is that once this happens that you cannot fix it by reflashing the BIOS.

Would something like OpenBIOS help?

Re:Requires root privileges or physical access (4, Funny)

bev_tech_rob (313485) | more than 5 years ago | (#27298149)

The nice thing about this exploit requiring physical access is that you may have a fairly decent chance to catching the perp and applying a size 13 (my shoe size) patch upside their head or backside. Then make them pay for a new systemboard after they trashed your current one with this nasty bit of code....

super-pwned (1)

davidwr (791652) | more than 5 years ago | (#27297353)

If the BIOS were not hackable, replacing the drive and resetting the boot sequence, BIOS password, and other settings would be sufficient to re-own your machine.

Of course, if your BIOS password were changed, you'd be out of luck, but at least you'd know it.

Re:super-pwned (1)

wastedlife (1319259) | more than 5 years ago | (#27297545)

if your BIOS password were changed, you'd be out of luck

Or you could reset the BIOS with the jumper or by unplugging and removing the CMOS battery. Unless said hijack somehow creates a permanent BIOS password, in which case you'd be totally screwed.

Re:super-pwned (2, Informative)

scubamage (727538) | more than 5 years ago | (#27297707)

Not technically... some motherboards with dual bios chips can be set to fail over to the secondary bios, and from there you could re-flash the primary off of the secondary.

Re:super-pwned (1)

Chabil Ha' (875116) | more than 5 years ago | (#27298221)

This would be fine if your BIOS chip were a field replaceable part, but mine is soldered to the motherboard itself!

Re:Requires root privileges or physical access (4, Informative)

Leafheart (1120885) | more than 5 years ago | (#27297495)

Needing root privileges means that an attacker could put this code on another malware he writes, get an user infected and upload this to the bios. From that point onwards, if they can really disable the AV (both article and presentation are light on details), they can ensure that the box will remain infected, by injecting more code.

Think of it as a sure fire way to get people infect for a botnet without any recourse to stop it. Except updating the EEPROM of the bios (although I couldn't see how it can survive a re-flashing.)

Re:Requires root privileges or physical access (0)

Anonymous Coward | more than 5 years ago | (#27297605)

some board have a hardware jumper that cut's off bios flashing other have a setting in bios that does the same thing

Re:Requires root privileges or physical access (2, Informative)

imbaczek (690596) | more than 5 years ago | (#27298049)

hardware solution is a must here. if the bios is patched with malicious code, you can't trust any of its settings.

also, the backup bios has to be read-only.

Re:Requires root privileges or physical access (4, Insightful)

kinnell (607819) | more than 5 years ago | (#27298151)

(although I couldn't see how it can survive a re-flashing.)

Presumably reflashing the BIOS is normally performed by code within the BIOS. If you can corrupt the code in the BIOS you would have control over the flash programming, so could prevent the user from overwriting the infected blocks. I doubt this refers to physically removing the PROM and reflashing with an external programmer.

Re:Requires root privileges or physical access (5, Insightful)

wvmarle (1070040) | more than 5 years ago | (#27297569)

Getting root (administrator) privileges in Windows appears trivial for most current malware, so getting to the BIOS is not that hard from there.

It makes me more wonder why doesn't a motherboard have a jumper that disables BIOS updates? That would be quite a strong safety measure. Anyone capable of knowing why to, and how to execute a BIOS update is certainly capable of opening/closing that jumper for the procedure.

Re:Requires root privileges or physical access (4, Interesting)

cowbutt (21077) | more than 5 years ago | (#27297663)

It makes me more wonder why doesn't a motherboard have a jumper that disables BIOS updates? That would be quite a strong safety measure. Anyone capable of knowing why to, and how to execute a BIOS update is certainly capable of opening/closing that jumper for the procedure.

I've been thinking that this is necessary ever since I lost a nearly-new DVD Rom drive to a rogue piece of software that managed to wipe out one bit in sixteen of the drive's firmware.

Re:Requires root privileges or physical access (1)

berashith (222128) | more than 5 years ago | (#27298233)

The BIOS isnt protected because the guys in the black helicopters have been doing this for years.

Re:Requires root privileges or physical access (1)

Yvanhoe (564877) | more than 5 years ago | (#27297875)

Well, when an attacker gained root access over one of your machines, the procedure until recently was to wipe its disks completely. Now, even that fails.
It does not make privilege escalation easier, it just makes it more serious.

Re:Requires root privileges or physical access (0)

Anonymous Coward | more than 5 years ago | (#27297949)

Taco? Ortega? mmmmmmmm.....

Re:Requires root privileges or physical access (0)

Anonymous Coward | more than 5 years ago | (#27298171)

"Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope."

Hmm, I'd say you are pretty much pwned in that case even before the attacker infecting the BIOS.

No, you aren't...and that is the danger, because a wipe/reflash does not fix things.

This attack needs physical access to the machine somewhere in the supply chain, and it can be done before the machine is in the target's hands. We are talking pre-pwned machines here.

How much do you trust your vendor, your vendor's vendor, etc?

Fatal flaw: No BIOS reset (5, Insightful)

davidwr (791652) | more than 5 years ago | (#27297317)

If BIOSes, CPUs, and other low-level software had factory-reset pins that could not be bypassed through patching, we wouldn't have these problems.

If the pin is set during POST, the CPU, BIOS, or whatever would reset itself to factory conditions. The device would be configured so the factory-reset sequence could not be tampered with through software updates alone.

Re:Fatal flaw: No BIOS reset (5, Insightful)

wastedlife (1319259) | more than 5 years ago | (#27297651)

This is why there should always be 2 copies of the BIOS. One that is physically read-only and contains the BIOS as shipped. And another writable one that can be disabled with a jumper. If your BIOS is corrupted or hijacked, you could always go back to the backup BIOS and restore.

An alternative would be replaceable BIOS chips like the ones from the days before writable BIOS. If a customer gets a BIOS corruption or virus, they could call and order a replacement and not have to buy a whole new mobo. That would also be a good way to distribute BIOS updates to people afraid of bricking their system.

Re:Fatal flaw: No BIOS reset (1, Informative)

Anonymous Coward | more than 5 years ago | (#27297987)

i remember building a system around 2000 with a Gigabyte mobo that had this exact thing. dual bios in case something went wrong that could be selected using a jumped switch. i don't know what happened to them now though.

Re:Fatal flaw: No BIOS reset (1)

S77IM (1371931) | more than 5 years ago | (#27297787)

Better yet -- a backup ROM that was truly read-only (not flashable at all) and an external, physical switch to toggle between that and the updated-over-the-Internet ROM.

Think how useful that would have been during the first Cylon war.

  -- 77IM

No surprise (4, Interesting)

gweihir (88907) | more than 5 years ago | (#27297335)

Of course you can infect a BIOS. It has drawbacks, however. One is very limited space. A second one is that BIOSes flash differently on different mainboards. Maybe not too differently, which would be a real problem. Hoperfully, there is not enough space in the average BIOS for self-relication (which would need exploit code and flasher code at least).

The fact that this is possible is mildly entertaining, nothing revolutionary. Would have been possible (and obviously possible) with the first Flash BIOSES around.

Re:No surprise (3, Insightful)

jellomizer (103300) | more than 5 years ago | (#27297503)

Them Old Time Viruses ran with a lot less then what modern BIOS have, so I wouldn't focus to much on size to save us.
When the Virus initially runs it is probably in the Hard Drive to the RAM which can can fit a LOT of configurations to break into a lot of BIOS manufactures.

Re:No surprise (1)

gweihir (88907) | more than 5 years ago | (#27297677)

The old viruses sometimes fit into 300 bytes floppy boot code. But these did not need any exploit (i.e. attack) code, no network functionality and no flasher code.

While very small worms are possible today (think Witty which was about 470 bytes worm code), whou cannot do a lot with them, certainly not include a generic FLASH writer.

Re:No surprise (1)

Krneki (1192201) | more than 5 years ago | (#27297513)

Only if you consider it as a stand-alone virus.

Most of the viruses today are able to integrate different viruses. First you get infected with a 0-day exploit and then the virus will download what it needs to further fuck you up.

Re:No surprise (1)

gweihir (88907) | more than 5 years ago | (#27297727)

Only if you consider it as a stand-alone virus.

Most of the viruses today are able to integrate different viruses. First you get infected with a 0-day exploit and then the virus will download what it needs to further fuck you up.

That needs at least working networking code, loader code (the download has to go somewhere) and startup code. Still, I agree that this would be a necessary design decision to do anything useful with malcode in FLASH.

Re:No surprise (0)

Anonymous Coward | more than 5 years ago | (#27298013)

not necessarily. if it could dump a little script into your operating system boot files that will download and run the needed files, it has all the necessary networking code through the OS.

Re:No surprise (1)

Cyberax (705495) | more than 5 years ago | (#27297603)

There are OpenSource tools which handle re-flashing of most BIOSes.

Also, there are just a few BIOS manufacturers. So it might be not that hard to write semi-unversal code.

Now I wish my computer had a TPM module....

Re:No surprise (1)

wkk2 (808881) | more than 5 years ago | (#27297629)

The real question is why the boards no longer have BIOS write protect jumpers given that infections are only getting worse.

Re:No surprise (1)

tacet (1142479) | more than 5 years ago | (#27297715)

As a coincidence, i played with bios flashing yesterday, and it isn't so hopless, as you might think. There is user friendly tool - uniflash - weights 30k I believe, one could strip it heavily. Exploits can be as small as 100bytes and even less. Your average bios memory chip is 256-500k Yesterday i was able to reflash SST and intel bios chips on same motherboard, i believe i could do atmel's too, but i didn't try it, so i think routines for reflashing them are pretty much same across motherboards/bioses.

Re:No surprise (1)

wastedlife (1319259) | more than 5 years ago | (#27297861)

The virus could check if the motherboard is compatible with coreboot [] or something similar before flashing a modified version. If coreboot can boot a linux kernel directly without any other bootloader, it is likely possible that the average BIOS has enough room for self-replicating code.

I do agree that it is not revolutionary, I've heard of BIOS viruses for a while, but the general consensus was that they are too motherboard-specific to be of any real threat. However, coreboot claims it is supported on over 200 mainboard models, so perhaps they have become less specialized.

Dance of the Seven Veils (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27297345)

What were the editors thinking of when they wrote "perform unveil"?

Re:Dance of the Seven Veils (0)

Anonymous Coward | more than 5 years ago | (#27297431)

Slashdot has editors?

Re:Dance of the Seven Veils (1)

Jurily (900488) | more than 5 years ago | (#27297473)

What were the editors thinking of when they wrote "perform unveil"?

Perhaps they just executed a landing procedure. Flown recently? The amount of official sounding meaningless BS they come up with is mind boggling.

How much free space in the BIOS? (1)

Samschnooks (1415697) | more than 5 years ago | (#27297357)

So, you patch in some code into the BIOS. Would you be overwriting some functionality to accomplish this? If so, by checking said functionality, could you tell if your BIOS has been corrupted? Such as something simple as seeing if some keyboard functionality still exists (CTRL-ALT-something) or a utility program that iterates through BIOS interrupts and sees if the proper return codes and values come back in the registers?

Re:How much free space in the BIOS? (1)

VoidCrow (836595) | more than 5 years ago | (#27297501)

The flash memory that a BIOS lives in comes in a range of integral sizes. The BIOS code itself does not, being written to a set of requisite functionalities, rather than to fill a given size of flash memory. Therefore, the probability is that there will be some free space.

Re:How much free space in the BIOS? (2, Informative)

Hodar (105577) | more than 5 years ago | (#27297589)

Motherboard vendors typically use some form of protection, to prevent the 'normal' user from hacking into the BIOS Memory. In the old days, BIOS was in the 512K range, however many BIOS chips now sport 1 or 2 MB of space. This additional space is usually reserved for the nice big splash-screen image re-sellers throw up instead of having the PC sit and display the DOS boot messages (Memory test, speed, processor, Hard Drives, CD Drives, ect).

So, there is 'plenty' of memory space that is non-violatile, that lives on your motherboard that could be used to hide either multiple compressed malware programs, or a host of viri. The only way you would know if you were infected would be the obvious crash, or if you were wise enough to compare the sum-check of the BIOS that you loaded against the sum-check of what is in your BIOS memory chip.

But, the part they didn't tell you is that the BIOS memory chip may live in a variety of different places, it could be on the root PCI bus, or off the SPI bus, or hanging off the SMA bus. The virus loader would need to be smart enough to know 'where to look' and also have both Phoenix and Award BIOS passcodes/proceedures for this to be effective.

Once hit, the only way to get rid of it would be to re-flash your BIOS (assuming the new BIOS doesn't have a self-preservation routine built-in - Like disabline the ability to write the BIOS again).

Re:How much free space in the BIOS? (1)

Durkheim (960021) | more than 5 years ago | (#27298025)

If I read TFA correctly, they say that the infected BIOS can modify files on the hard drive such as a windows library and inject code that reflashes the BIOS with the virus. So you'd need to reflash the rom _and_wipe the hard drive.

Re:How much free space in the BIOS? (1)

tgd (2822) | more than 5 years ago | (#27297725)

Virtually none of the real-mode code in the BIOS is ever used anymore. Any system that can boot DOS bare-metal would have plenty of room for code that is never used on normal systems.

Re:How much free space in the BIOS? (1)

wastedlife (1319259) | more than 5 years ago | (#27297935)

If it replaces anything it would probably be the hardware controls that a modern OS normally controls directly. So you could keep a copy of DOS handy and if it stops working with some bit of hardware then you may be infected.

Well... (0)

Anonymous Coward | more than 5 years ago | (#27297385)

Good thing I have EFI instead.

PDF (5, Funny)

JewGold (924683) | more than 5 years ago | (#27297399)

Wait, you want me to open a PDF [] from folks who know how to create such a supervirus? Hmm.

Re:PDF (0)

Anonymous Coward | more than 5 years ago | (#27297767)

say hello to GSview []

Re:PDF (5, Funny)

L4t3r4lu5 (1216702) | more than 5 years ago | (#27297969)

It's already too late for you, I'm afraid. You've already read the stub of the article which was copied from the original website by another person. The virus jumped through their monitor (writing directly onto their retina using a zero-day exploit) which was then transcoded into nerve pulses. These were transfered to the poster's fingers which caused very small, but significant, induced current in their keyboard. The virus travelled through the USB port and into the PC, and got posted to slashdot. It now resides in your brain, and mine, ready to be exploited at the author's whim.

Or, you really need to take off the tinfoil hat.

Re:PDF (1)

berashith (222128) | more than 5 years ago | (#27298299)

great! Now I am a botnet zombie.


Been around for some time... (1)

nicc777 (614519) | more than 5 years ago | (#27297405)

A quick Google shows BIOS malware going back some time, so I don't know what so different from this one...

Re:Been around for some time... (3, Informative)

wastedlife (1319259) | more than 5 years ago | (#27297975)

From what I get from the summary, what is new is that it only replaces part of the BIOS instead of installing a whole new one. If it can somehow tell which part it needs to replace on different model motherboards, then it may be able to spread further than older BIOS malware which is normally motherboard-specific.

I know this one (1)

oldhack (1037484) | more than 5 years ago | (#27297407)

So what's the only way to be sure?

Re:I know this one (1)

gardyloo (512791) | more than 5 years ago | (#27297869)

Mostly come at night?

IANABPE (I am not a BIOS programming expert) but.. (1)

mandark1967 (630856) | more than 5 years ago | (#27297443)

Isn't there some sort of Open Source BIOS initiative out there? I wonder if it too is affected by this exploit.

It would seem that this is a pretty major exploit if it can be pulled off remotely against the different flavors of BIOS. I mean, unlike a thumb drive, you couldn't simply add a little write lock button on the motherboard to lock the bios into read only mode, could you? The BIOS reads a lot of values from the system as it is booting and after the OS is loaded, so I can't see how you could simply lock down the BIOS to prevent unauthorized writes to it.

Re:IANABPE (I am not a BIOS programming expert) bu (1)

ledow (319597) | more than 5 years ago | (#27298083)

You mean, like the BIOS-induced "Flash Write Protect" option in virtually every single BIOS ever made in the last ten years or so?

Re:IANABPE (I am not a BIOS programming expert) bu (1)

canajin56 (660655) | more than 5 years ago | (#27298257)

I mean, unlike a thumb drive, you couldn't simply add a little write lock button on the motherboard to lock the bios into read only mode, could you?

Why the heck not? They used to be the standard. But, people found it ANNOYING. So, it's a much touted feature that the modern BIOS can be rewritten by anybody, without direct access to the machine. My first flashable BIOS, you had to make a boot disk with the new BIOS image, and flashing tool. Then you had to turn the PC off and open the case. Then you had to short the "Write BIOS" jumper. Put the jumper from "OFF" to "ON" for 3+ seconds, then move it back onto the "OFF" pegs. This made it so that the BIOS will accept writes on the next reboot only. You cannot leave the jumper on the "ON" pegs or it won't post, thus preventing you from forgetting about it and leaving the BIOS writable.

Anyways, my new board has two BIOS chips. One is read only I think. There's allegedly a jumper I can set to make it bypass the primary BIOS. It's for recovering from an interrupted or bad patch, but I imagine it would work just fine for removing a BIOS virus, too. (I say allegedly because I've never had cause to look for it).

An Open Source BIOS would not be immune to this, at least, depending on how it works. It patches its own code in. Now, that means on an Open Source BIOS, it could work fine, either because the same code is in the same spot, or because the virus looks for the right spot instead of always writing the same address. Or it could completely trash the BIOS. Either way you're screwed! There's also possibility #3 that it would patch over unused blocks and have no effect, or it would be unable to find the right spot to patch, and so do nothing.

Using tempest technology (1)

LuxMaker (996734) | more than 5 years ago | (#27297461)

I am looking for when an exploit is installed using electromagnetic induction, not just reading the bits remotely but modifying them.

I can see it now. Everybody's computer will come preinstalled with a Faraday cage.

Looks like instead of whack-a-mole we are playing whack-a-hole.

Re:Using tempest technology (1)

Aphoxema (1088507) | more than 5 years ago | (#27297929)

But most computers already are pre-installed with a Faraday cage, at least the ones with compliant power supplies and a conductive case.

Anyhow, it's just not physically possible to overwrite an EEPROM or any semconductor storage medium with a blast of induction.

BIOS attack does not involve hard drives, duh. (0)

Anonymous Coward | more than 5 years ago | (#27297477)

A pair of Argentinian researchers have found a way to perform unveil a BIOS level malware attack capable of surviving even a hard-disk wipe.

Since the BIOS information is stored in Flash memory and not the hard drive, it's rather obvious that a BIOS level attack survives a hard disk wipe.

Neither article even mentions hard drives, so I'm wondering why the author felt the need to editorialise. I guess it's to be expected with Slashdot.

why is it OS dependant (1)

wjh31 (1372867) | more than 5 years ago | (#27297541)

"The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player." If it's an attack on the BIOS, why would it be dependant on the OS

Re:why is it OS dependant (4, Funny)

Drakkenmensch (1255800) | more than 5 years ago | (#27297583)

Because without direct access to the physical computer, it requires (as any other malware or virus does) an entryway from the internet and cooperation from the operating system. Anyone can destroy my laptop with the keys to my appartment and a sledgehammer, but doing it from a distance requires a windows flaw to exploit.

VMPlayer?? (0)

Anonymous Coward | more than 5 years ago | (#27297657)

Shouldn't the virtual BIOS be just a file on the host which you can simply set to read-only to disallow writing?

Come again? (2)

I.M.O.G. (811163) | more than 5 years ago | (#27297679)

The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player.

I was with the summary until that last part... A windows machine, I can accept that. An OpenBSD machine, I can accept that too. But another machine running VMware Player? Thats not an OS, so I don't even know what they were trying to say.

Re:Come again? (0)

Anonymous Coward | more than 5 years ago | (#27297989)

Perhaps they mean to say that they broke out of the hypervisor using something like BluePill or the methoed detailed last week, and then infected the BIOS.

...but it DIDN'T work under Ninnle! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27297685)

...because Ninnle Linux has adaptive protection against such things.

Limited scope (2, Interesting)

RMingin (985478) | more than 5 years ago | (#27297827)

Not only do you need root or physical access, you also need the victim to be using a particular type of BIOS. While you could abstract this up to a module, so that it nailed all Phoenix BIOSes, or all Award BIOSes, you'd still need semi-specific payloads for each BIOS OEM. Also, you'd need the target to be using a mainstream commercial BIOS, not UEFI, OpenFirmware, or anything similar.

UEFI will be here and widespread very soon (it's in some machines already, and more every day), and the only real power this 'new' malware has is the persistence/difficulty in removal.

Not impressed.

How fun! (2, Interesting)

Bandman (86149) | more than 5 years ago | (#27297885)

And here I thought that all the virus writers were just wimps using XSS and Word macros to run generic malware. I wondered where the old school BIOS viruses had gone.

Whom to trust with your BIOS? (0)

Anonymous Coward | more than 5 years ago | (#27298073)

So, on what base should I trust Asus or somebody to give me a 'clean' bios? When I look at some mainboards with strange additional functionality, I wonder when they will start packing adware onto the chip.

Is there a usable open-source bios alternative available? I've heard about something (and forgot the name) but am not sure whether this can replace my current bios now or is intended for some 'future use'.

there were number of BIOS attacks (2, Interesting)

Soleen (925936) | more than 5 years ago | (#27298085)

In April 26, 1999, I turned on my computer, and it met me with a black screen. Turned out that my BIOS was flashed because of this virus: . Had to re-flash the BIOS. Obviously BIOS could have been loaded with something else other than simply erased.

Can someone explain... (1)

abigsmurf (919188) | more than 5 years ago | (#27298239)

I thought since that really nasty virus that would brick PCs by writing to bios' that every mobo maker put in write protection that, if enabled, would halt the system when something tried to write to the BIOS.

Wouldn't this prevent this kind of attack?

So very old (1)

mrdoghead (1427585) | more than 5 years ago | (#27298243)

I'm always stunned to read about "researchers" discovering and demonstrating attacks and security flaws that not only have long existed in the wild but that are in fact very commonly found on computers. This particular one hit me years ago and I've since seen it all over the place. Similarly, there's a great hoohah about the supposedly innovative confickers worming around the web. Reading through the reports you wouldn't know the same techniques have been common (with more effort made at cross-platform and hardware-level exploitation) for at least four or five years. I just wonder how often these people look at actual systems to see whether they're compromised, as opposed to assuming they're okay. When I look at people's computers, they're essentially always polluted. The questions are only how bad and by whom.

When can I expect the commercial version? (2, Interesting)

clone53421 (1310749) | more than 5 years ago | (#27298247)

Let me get this straight:

It pretty much requires physical access and root. If a malicious person gets that sort of access, I'm screwed anyway.

Ok, so I'm not too worried about anyone installing this on my computer without my knowledge.

What I am interested in is the sort of equipment-tracking possibilities this creates. If I could install a tracking rootkit on a laptop which could silently persist and survive disk wipes and ROM flashes, automatically reporting in whenever it gets net access, it would be a huge advantage if the machine were ever stolen. An OS reinstall is likely, because it's a simple way to circumvent the user account password, but this would even protect against a BIOS flash (which is less likely, but still not out of the question).

Eventually, somebody somewhere would hook the laptop up to the web, probably with a completely fresh OS install, and a subpoena on the IP would reveal their location.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?