On Tue, Feb 17, 2015 at 12:02 PM, jd1008 <jd1008@xxxxxxxxx> wrote: > http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216 >From the article, I'm not connecting the dots on exactly what the sequence for persistent infection is, or how modified source code ended up in actual products since 2001. Maybe that's detailed in the Kaspersky Lab report. It seems obvious many foreign governments can get access to drive firmware source code, but then modify it and get it baked into production units? Or produce some kind of malware whose sole job is to flash the drive firmware post-production? And then what does the modified firmware do once on the drive? It can't have its own network stack to start funneling data somewhere. It seems more likely for e.g. OPAL drives it could retain the passcode for the KEK. So then this means physically acquiring (stealing) the drive and being easily able to decrypt the contents. Or could the firmware at power on not actually supply the firmware with LBA0 contents to execute but some arbitrary code (possibly even stored on hidden sectors on the drive) that acts as a persistent bootkit? -- Chris Murphy -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
