Tuesday, January 19, 2021
  • Scanning Authenticated Web Assets with the Login Sequence Recorder
  • You Have A New Message From a Hacker: Malicious Files Infiltrating Business File Transfer Portals
  • Is MDR Cybersecurity Training an Oxymoron?
  • Balancing Security and User Behavior in Remote Work
  • Bringing Source Code Security Up to Speed

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » If Firm Implies Secure, Does That Imply My Firmware Is Secure?

If Firm Implies Secure, Does That Imply My Firmware Is Secure?

by David Henderson on October 28, 2018

Has there ever been a time in your life when you asked, “How does that work”?

In the early days of computing, we learned that BIOS stood for “Basic Input Output (instruction) Set.” It is a set of nonvolatile instructions that dictates how a hardware system should function at startup.

I remember my first experiences interacting with BIOS. I specifically recall configuring my first IBM 8088 computer. There were DIP switches on the motherboard which we could set to dictate a limited range of BIOS functionality at boot such as memory size and the number of floppy disk drives. Then we went to disk-based BIOS utilities on the early IBM/AT (80286) class of computers. When we were introduced to hard drives, we used jumpers to determine the master drive. From there, we went to allowing user access to the BIOS by pressing a key or key-combination at startup.

BIOS has been around for a while now. Only rarely were these instructions referred to as “firmware” in the early days. For sure, nobody ever thought of security on firmware back then, but today, it is a common thought amongst most security engineers.

Origins of Firmware

The term firmware was first coined back in 1967 and was meant to designate microprograms resident in the computer’s control memory but not the physical control memory itself. Originally, it referred to the contents of a writable control store containing microcode that defined and implemented the computer’s instruction set and that could be reloaded to specialize or modify the instructions that the central processing unit (CPU) could execute at startup.

How is it defined today? According to the Tech Terms dictionary, firmware is a software program or set of instructions programmed on a hardware device. It provides the necessary instructions (at startup) for how (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Henderson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/firmware-secure/

October 28, 2018October 29, 2018 David Henderson firm, firmware, government, IT Security and Data Protection, security
  • ← DerbyCon 2018, Richie Cyrus’ ‘When Macs Come Under ATT&CK’
  • 5 Insights From the 2018 Verizon DBIR →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Sonrai Security Marketing

Sonrai Security Closes 2020 with Record Growth and Customer Momentum

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Soon, Quantum Computing Could Break Your Encryption
Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Digital Ocean Minds its MANRS Alongside Other Service Providers
Your Quantum-Safe Migration Journey Begins with a Single Step
Managing Identities and Entitlements to Secure the Public Cloud 
Amanda Gorman: “The Hill We Climb” to be Biden’s Inaugural Poem
Lo que 2021 espera de los CIO
Security as Code: Why It’s Important and What You Need to Know
How Are Cybercriminals Stealing Business Data?
XKCD ‘1/10,000th Scale World’

Upcoming Webinars

Tue 19

A New Year’s Ransomware Resolution

January 19 @ 1:00 pm - 2:00 pm
Tue 19

Shift Left with NGINX Layer 7 Security

January 19 @ 10:00 pm - 11:00 pm
Wed 20

Vulnerability Discovery in the Cloud

January 20 @ 3:00 pm - 4:00 pm
Thu 21

Next Generation Vulnerability Assessment Using Datadog and Snyk

January 21 @ 1:00 pm - 2:00 pm
Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Bringing Source Code Security Up to Speed
Application Security Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Bringing Source Code Security Up to Speed

January 19, 2021 Dor Atias | 5 hours ago 0
Hackers Calling Fair Game on Healthcare Institutions
CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threat Intelligence 

Hackers Calling Fair Game on Healthcare Institutions

January 18, 2021 Caleb Barlow | Yesterday 0
Your Quantum-Safe Migration Journey Begins with a Single Step
CISO Suite Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Your Quantum-Safe Migration Journey Begins with a Single Step

January 15, 2021 Paul Lucier | 4 days ago 0

Top Stories

Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | Yesterday 0
Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Analytics & Intelligence Cybersecurity Featured Incident Response Malware Mobile Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

January 15, 2021 Richi Jennings | 3 days ago 0
Hackers Didn’t Only Use SolarWinds to Break In, Says CISA
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Hackers Didn’t Only Use SolarWinds to Break In, Says CISA

January 11, 2021 Richi Jennings | Jan 11 0

Security Humor

via     the respected information security capabilities of   Robert M. Lee     & the superlative illustration talents of   Jeff Haas   at   Little Bobby Comics  !

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 312’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.