Jake, when I look at Rich Smith's work, what I see is someone attacking embedded software
/via/ the network card, but only in the same sense that someone connects to your SSH daemon
/via/ the network card. So Rich Smith's scenario is at most a timely reminder that if you buy
a black box and plug it into your network it's still a black box and might do (or fail to do)
anything depending on what goofs the designer made. Since he's from HP I'd guess he was
interested in this from the point of view of either their office router products (if sending
nonsense to a router not only crashes it, but permanently disables it, that's a pretty serious
flaw) or their printers (there's a good "protection money" option there, once you demo it on
one printer that's vulnerable the victim has no way to know how many more you could hit, so
they might pay even if actually you can only take out a few of the more expensive ones).
The Arrigo Triulzi thing is a third hand report, it could be anything.
I'm not ruling out the idea that some fancy network cards might incorporate a remote firmware
feature per se, but the idea that cards which have flash storage updated over the network are
"typical" requires a lot more than a hand-waving claim as made in the second paragraph. That's
an expensive feature to silently include in millions of $5-10 products and never bother to
mention in the manual. Right now it's a bit like walking out of a James Bond movie and
declaring "Well, all cars have a missile launcher of course, but the movie doesn't really show
exactly how to operate it so I guess that part will remain a mystery".