Security researchers at FireEye / Mandiant [say] "We identified the presence of a financially-motivated threat group that we track as FIN1, whose activity at the organisation dated back several years."
[...] "FIN1 used this malware to access the victim environment and steal cardholder data. The group, which may be located in Russia, is known for stealing data that is easily monetised from financial services organisations such as banks, credit unions, ATM operations, and financial transaction processing and financial business services companies."
[...] The malware's installation location also means it will persist even after re-installing the operating system, widely considered the most effective way to eradicate malware.
Can we all agree that updating firmware should require the movement of a physical jumper?
(Score: 2) by DECbot on Tuesday December 08 2015, @11:48PM
I'll agree to your "talk to three people" challenge if you can direct me to the three people I need to converse with to implement a physical jumper in order to flash the bios.
cats~$ sudo chown -R us /home/base
(Score: 3, Informative) by anubi on Wednesday December 09 2015, @05:41AM
I do not think three people need to be involved.
Look for the "Write Protect" line in an EEPROM datasheet. Keep your boot code in an EEPROM.
You can read it as much as you want, but in order to write back to it, the Write Enable must be LOW. Pull it high with a resistor.
When you want to write new code into the chip, pull this line low first with a jumper to ground.
Then run your write code.
Anyway, that is what I am doing with my Arduino/Propeller stuff - when its my intention that only the possessor of the physical device should be able to program the thing.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]