Risky Business 67: Firmware pwnage

Security researcher John Heasman has learned it is possible to load undetectable rootkits into PCI devices, as we explain in this week's Risky Business security podcast.

Patrick Gray
Published: 24 Jun 2008 5:00

This week’s Risky Business security podcast looks at firmware root kits with John Heasman from the US arm of NGS Software. Download it here:

http://itradio.com.au/security

Some time ago, John figured out how to plonk a root kit on to a PCI device.

As you can imagine, those sorts of root kits can be very difficult to detect and remove.

But it gets worse.

Newer research, due to be presented at BlackHat in Las Vegas, will show how the CPU on some PCI devices (like the chip on network devices designed to do TCP checksum calculations) can actually be used to run the root kits.

That means they never gets loaded into main memory. Try detecting that!

How to deal with the lack of chatbot standards

A lack of standards around chatbot development has created a situation in which enterprises are building and rebuilding bots. But...

RPA journey: Schneider Electric's global plan taps Blue Prism, UiPath

Schneider Electric, a multinational energy management company, has embarked on a robotic process automation journey, establishing...

Blurring the lines between RPA platforms and APIs

RPA is quickly making itself known in the automation market, but the real game changer is utilizing the technology in an API-rich...

SearchSecurity

Carbon Black acquisition bolsters VMware's security play

VMWare announced an agreement to acquire endpoint security vendor Carbon Black in an effort to boost its cloud security offerings...

Securing IoT involves developers, manufacturers and end users alike

Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating ...

DARPA unveils first SSITH prototype to mitigate hardware flaws

DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block ...

SearchNetworking

What is data center networking, and how can you get started?

This feature explores the basics of data center networks, such as how to plan for data center consolidation, the effects of cloud...

Gartner Hype Cycle deems software-defined networking obsolete

A Gartner report on enterprise networking has declared the definition of SDN and its architectural approach as deceased. Cause of...

The top 5 capabilities your edge infrastructure should have

The network edge plays a vital role in the future of networking and digital transformation. Make sure your infrastructure has ...

SearchDataCenter

Iran says it's building an AI supercomputer, despite sanctions

In a tweet, Iran said it is building a new supercomputer. Other nations are doing the same because high performance computing ...

IBM Power chip instruction set now open source

IBM opened up its Power server Instruction Set Architecture allowing the open source community to develop more innovative ...

Big Switch updates its Cloud-First Networking portfolio

Big Switch Networks' new products and features aim to help solve issues such as lack of operational consistency, visibility and ...

SearchDataManagement

ArangoDB 3.5 update improves multi-model database platform

ArangoDB 3.5 accelerates its database platform with improved query performance and enhanced data security capabilities, as market...

GDPR, AI intensify privacy and data protection compliance demands

This guide covers the challenges data management teams face on data protection and privacy, particularly with the rise of GDPR ...

SnapLogic boosts its data integration technology with AI

SnapLogic's latest update for its Intelligent Integration Platform aims to make it easier for users to benefit from data ...

Read more on Security policy and user awareness

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.