I am currently a bit confused, I have read today an article about the BIOS-rootkit Lighteater made by John Loucaides and Andrew Furtaki. In their presentation 'How many million BIOSes would you like to infect?' they explain what they have done. They spoke at the CanSecWest this month. This is real serious, as in a concept of proof they were able to get a a private GPG key in plain text from memory, although using Tails that is just running in RAM.
They said: "The high amount of code reuse across UEFI BIOSes means that BIOS infection is automatable and reliable". As far as I know, UEFI is the successor of the old BIOS. So I am a bit confused about these two terms. What I do not understand is, they say that the UEFI is vulnerable, is the old BIOS vulnerable to these kind of attacks, too? I am asking because I still have an older BIOS and not UEFI, am I vulnerable to these attacks too and have to quickly flash a newer version on my board, if one exists? And what are you doing about this?