Submission + - A 512-byte "evil maid" bootloader steals user passwords (github.com)
iago-vL writes: Security researcher Alex Weber has implemented a so-called "evil maid" attack in a custom bootloader, weighing in at an impressive 512 bytes. This bootloader can be written to any USB device. When booted, it displays a face CHKDSK screen, which prompts for the user's password. It saves the password to the USB device, marks itself as unbootable and reboots. The machine will start up normally, and the user never knows they were compromised! Check out the termcap or video to see it in action!