It appears that some NICs can be reflashed over the network with no interaction by the host OS required. The creation of malicious firmware images for such devices is what's new. The very idea is stupid anyway. If you want to flash a bunch of NICs in bulk the right way to do that is to have management software running at the OS level that can properly authenticate the request and then program the flash locally. Just imagine the "fun" involved if someone attacked an iSCSI SAN with this.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds