Risky Business #67 -- Firmware pwnage

Previously on Risky Business...
23 Jun 2008 » Risky Business

On this week's Risky Business we're taking a look at firmware root kits with John Heasman from the US arm of NGS Software. Some time ago, John figured out how to plonk a root kit on to a PCI device [pdf]. As you can imagine, those sorts of root kits can be very difficult to detect and remove.

But it gets worse.

Newer research, due to be presented at BlackHat in Las Vegas, will show how the CPU on some PCI devices (like the chip on network devices designed to do TCP checksum calculations) can actually be used to run the root kits. That means they never gets loaded into main memory. Try detecting that!

Also on this week's show, Munir Kotadia from ZDNet Australia joins us to discuss the week's news.