Anyone consider it strange that Ruiu’s claims of #badBIOS have been floating around the security community for weeks and yet the moment arstechnica publishes an article on it (16h ago) within hours every other tech site has jumped on the band wagon? Call me jaded but shouldn’t new threats be reported in a timely manner – even if they turn out to be incorrect, misreported or an outright hoax? Seems like a case of “follow the leader” amongst the tech journalists.
This is awfully disturbing to say the least. Even if it is a hoax or paranoid break down these sorts of threats need evaluated.
Absolutely. It seems the big tech journos are divided into two camps. One says “the sky is falling, destroy your computers and pray to the ancient gods for mercy” whilst the other denies the whole damn thing and claims it is but an elaborate hoax or the rantings of a delusional madman. Seems a middle of the road approach isn’t in vogue anymore.
Absolutely. He might be (and probably is) way off base, but to dismiss the guy at the outset seems wrong to me. At this point I am pretty confident that his core claim – that it infected his BIOS appears to be on very shaky ground. Many are commentating on using audio to breach an airgap being impossible. Not impossible, just downright strange. I can’t imagine the effective baud rate would be very high either!