I was listening to an interview between Paul Asadorian (of Pauldotcom fame) and Cigital CTO and software security expert Gary McGraw. They discussed how the target of attacks moved from Microsoft to Adobe and now that Adobe is showing signs of getting its act together, it’s going somewhere else.
“If I were Nvidia,” McGraw said, “I’d be thinking a lot about software security. Fortunately they are.”
Nvidia does sound like a juicy target.
Nvidia is perhaps on 30% of computers out there, but they’re valuable targets. If you have Nvidia drivers, you have an Nvidia GPU, which is good for mining bitcoins. Much better than, say, integrated Intel video, which is good for everyday use and incredibly common.
But here’s the problem. After a while, chipsets get dropped from the new drivers, so you’re stuck with old drivers. Old, potentially vulnerable drivers.
Intel and AMD will probably be happy, because it may mean more frequent upgrades.
Or maybe Nvidia can head them off at the pass. It will be interesting to watch.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.