"Apply all of the browser, application and OS patches you want,
your machine still can be completely and silently compromised at
the lowest level--without the use of any vulnerability.
"That was the rather sobering message delivered by a pair of
security researchers from Core Security Technologies in a talk at
the CanSecWest conference on methods for infecting the BIOS with
persistent code that will survive reboots and reflashing attempts.
Anibal Sacco and Alfredo Ortega (above) demonstrated a method for
patching the BIOS with a small bit of code that gave them conplete
control of the machine."