TC7 day 2 – Hiding behind antiquity


Apparently when Jason Spence isn’t reading Hack-A-Day he is reading manufacturer data sheets. He’s fun in real life; I swear. The talk started with an overview of motherboard architecture. By studying manufacturer data sheets you can figure out a pathway to attack the BIOS. A proof of concept BIOS backdoor has already been developed. This is a very scary situation since the OS isn’t even loaded yet and will be completely blind once it is up. Jason pointed out that smaller manufactures (VIA, SIS) don’t publish data sheets fearing patent infringement. This lack of information makes security a lot harder to pull off. Jason says he’ll be contributing a couple articles in the future.

UPDATE: Jason has posted his uncensored slides.
UPDATE: Slides on the Toorcon site.


  1. dan says:

    crazy l33t shit! woo first post

  2. Dunks0r says:

    I see the man likes ye ol Red Hat Fedora! interesting stuff!

  3. coward says:

    Pretty cool talk, but when will information about this be online or accessable, or are the talks already up loaded someplace?


  4. steve says:

    any additional information on this subject (and the others posted) would be wonderful if anyone has it.

  5. dephyler says:

    is this the same jason spence that got his ass scammed by sal wise, and then turned the entire internet against the guy?

  6. fatdrunkenbastard says:

    “The goal of attackers is to make unauthorized changes to the target …”

    … and you folks wonder why no one trusts you.

  7. Jason spence says:

    No, I’m not that Jason Spence. Also, the uncensored version of the slides are at:

    The sanitized ones will be posted on the toorcon site, I’m told.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 96,669 other followers