Details of BIOS security, Re: Intel to include DRM in new Pentium 4 seriesprocessors

[Ken Brown]

Brian Gladman wrote:

> And while we might not expect a script kiddie to attack our
> infrastructure, I believe that there are people with considerable
> sophistication that will want to do this if we give them the opportunity.

Nobody needs to *want* to attack the infrastructure, it can happen by
accident if isolated.

The rootscript attacks we see against Unix machines exposed to the
Internet seem increasingly to be automatic. Someone, somewhere,
somewhen, whether script kiddie or spammer starts them off, but then
they carry on regardless. I suspect we've been hacked by programs that
the originator forgot about months ago, if not years.  We've had
complaints about apparent attacks  originating from  a machine that had
been sitting in the corner of an office for so long that the current
inhabitants of the room couldn't even remember what it was for or who
used it, but hadn't turned it off for 2 years, just in case

If our toasters run using the same technology as our ftp servers then
sooner or later one of those silly scripts is going to wake up in the
crontab of some other forgotten Unix box in some other university and
start a DoS against the nearest toaster, because it knows no better.

Something similar started to happen with the attacks on M$ IIS servers
last year - they knocked out quite a few printers and even some routers
simply by sending heaps of stupid http to port 80 - but that was noticed
and nipped in the bud quite quickly. Who knows what device or network
get hits next?  My current bet would be that something will knock out
sections of the mobile phone network for a few days, but we'll see.