Bit9

In this Brave New World, fads fade quickly. For example, we have been accustomed on ignoring DDOS attacks. Organizations like Yahoo and anti-spam heavyweight http://www.spamhaus.org">SPAMHAUS seem to be continuously under attack. In one of the more recent instances, it took a coordinated ISP effort to reverse the bot net armies and tell them to shut up for an instant to stop the attack.

But now we wake up to a new type of problem, courtesy of friendly faces at Hewlett Packard. (By the way, it would be nice to hear more on their security strategy). Welcome PDOS, or permanent denial of service attacks. This type of attack claims that botched firmware updates can permanentely destroy hardware beyond repair. There are still quite a few embedded solutions that do not require a authentication for firmware updates. These are obviously the most vulnerable. Actually, it has been like that as long as we can remember and no one has attempted to truly exploit this vector. Infinite variety of hardware platforms and firmware must have something to do with it. Does anybody remembers this old article? It is about software killing hardware, relevant but not cataclysmic.

Yet, the beauty behind a PDOS attack, according to HP, is that it is much cheaper. A single attack can easily knock down your entire infrastructure. You do not need to continue paying bot herders their outrageous fees. Or not, depending on your point of view, as bot rental fees become dirt cheap. Should we say they are pegged to the market?

One thing that seems a natural solution is that all firmware updates as well as all OS updates need to be validated and only installed from trusted sources. Trusted Computing Group has spent years working on various plumbing to make this exercise fully feasibile. We are looking forward to see Application Whitelisting being overlayed as the controlling element of what is a trusted firmware or trusted OS update.