So I whined in a silc channel today that I haven't posted on any cool topics in quite a while and this interesting link was pointed out to me (Thanks Chris for the pointer to the site and Ben Laurie for writing it up originally). The basis of the posting is how it's possible to remotely modify the firmware on some wired network cards and essentially create and deploy a piece of firmware level malware without having to ever take control of higher layers of the system. This is huge.

Once exploits are written for these issues we could see attacks that never really hit the OS and won't be detectable by current anti-virus and OS level security mechanisms. Detection should be relatively straight forward by looking at a hash of the firmware of the NIC and comparing that against known acceptable hash values. This could be done in hardware or software, however this isn't being done currently and is a somewhat new thought process.

Using this attack technique, the quoted author of the post was able to create a "Jedi Packet Trick" that would allow him to bypass CheckPoint FW-1 and Strongwall based firewall systems. This is really just the tip of the firmware rootkit iceberg. Using similar techniques it should be fairly straight forward to effect higher layers of the system and essentially create a very dangerous subversive system.