Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

Recent Items
 
CyLab's Angle on Sustainable Computing and Trustworthiness
 
C# Moves Head in Statistical Leapfrog
 
Open Authentication: One-Time Passwords and Crypto-Hashing
 
Is Faith in Innovation Wearing Thin?
 
Repairing Aberrant Behavior: But Is That the Threat?
 
Standards as Arbitrary Solutions to Recurring Problems
 
Easy trouble-free use of IT tops the list
 
Maturing UML and Increasing Expressiveness
 
More Open Than Open
 
Removing Complexity Makes Less Better

Archives
2004-06-13
2004-06-20
2004-06-27
2004-08-29
2004-09-05
2004-09-12
2004-09-19
2004-10-10
2004-10-24
2004-11-07
2004-11-28
2004-12-05
2004-12-12
2004-12-26
2005-01-30
2005-02-06
2005-03-06
2005-03-13
2005-03-20
2005-04-03

All Your BIOS Are Still Mine

ACM News Service: Call of the Wild for BIOS.  I always relish an opportunity to be mildly prophetic.  The Free Software Foundation is calling for an open-source BIOS that cracks the thicket of proprietary, non-disclosed, and trade-secret agreements around the PC BIOS and the different components that can be configured to operate with it (and vice versa).

John G. Spooner's 2005-04-05 CNet News.com article covers the points of the debate and the current tightly-held, secretive efforts to prevent reverse engineering and counter electronics piracy as well as unwanted competition.  Although the secrecy-through-obscurity principle is also used as an argument that the current state protects users, that makes no sense.  As far as I can tell, hackers are fully aware of BIOS vulnerabilities.

Stay tuned.  This arcane conflict is not likely to turn in open-source's favor.

---

I am presently in possession of a BIOS, in my Averatec C3500, of unknown lineage and scary behavior.  Actually, this is also the first time I obtained Windows XP Pro as an OEM installation and I'm not thrilled about that either, especially since this OEM doesn't provide clean-install Windows disks and some of the defaults somebody chose for me are really scary. 

The scary part of this BIOS is that computer glitches will drive it back to the default setup, the most scarily-insecure frailty I've seen.  It looks easy to induce too, though I don't go looking for trouble.  The reversion to default drops every safeguard I put in place: setup access password, boot password, boot from hard drive first, perform full POST, and drop the OEM wallpaper so I can see the progression of the startup sequence (and have the option to launch recovery console once I learn how to install it on XP SP2.  To name a few precautions.  Heh.

I can't figure out how to kill the LAN card though, since it insists on enabling boot-on-LAN and staying active when I shut down the machine what I thought was completely.  But no, the lights on my hub stay solid on for the that is connected to li'l Blocco.  So I make sure the powered-down machine has the lid closed and the LAN connector unplugged.  But, you know, I just don't trust the machine to stay protected, and I haven't even listed my software safeguards.  If the BIOS is vulnerable, practically all other bets are off and the obscurity of the BIOS implementation is not a source of reassurance [;<).

posted by orcmid at 4/7/2005 10:24:11 PM, rating data by NewsGator Online