[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

From: Perry E. Metzger
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Tue, 28 Oct 2014 13:11:55 -0400

On Tue, 28 Oct 2014 12:52:55 -0400 Stefan Monnier
<address@hidden> wrote:
> > (I'll point out that given that the NSA "Ant Catalog" includes a
> > bunch of BIOS-inserted malware and other load-time infection
> > techniques. Secure booting is actually a priority for ordinary
> > people.
> How would secure-booting protect the user against BIOS-inserted
> malware? A Free BIOS would seem to be much more useful/effective
> for that purpose.

It is necessary but not sufficient to have a free software BIOS. You
also need to make it difficult to modify the BIOS without physical
access to the machine (unless the user has put in a particular jumper
and the new BIOS is signed by a key the user trusts or some such.
There are legitimate applications for remote BIOS upgrades, but not
for normal users.)

Note that there are interesting ways to exploit BIOS code even
without replacing it unless one takes great care -- see, for example,
the recent round of UEFI exploits.

However, as you note, we have gotten far afield from the topic.

Perry E. Metzger                address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]