Phil Jaenke of RootWyrm’s Corner comments:
So, I just watched Jacob Applebaum’s presentation at CCC (I’m catching up) and frankly, I haven’t seen a more shameful display of zealotry and laziness in quite some time. That’s not security expertise — that’s mostly pitching policy using iffy examples, which just undermines the political arguments. Open source does not magically make things more secure — never has, never will. Just because you can ‘inspect’ code doesn’t magically fix other problems or prevent that code from being full of holes.
A thorough debunking of the badBIOS infection vector from Phil. I’m on his side here. BIOS may look like an appetizing target, but it’s so much easier to hack other things on the system. Complete testing and publication of methods is the only way to be sure the original researchers aren’t just losing their minds.
Read more at: Dismantling More ‘badBIOS’ Hyperbole and Explaining How TAO Works
