Recent revelations of the NSA\u2019s advanced firmware hacking have sent the InterWebs aflutter. The NSA\u2019s firmware hack is a software module capable of reflashing writeable firmware chips. It can also persist during system rebuilds and hide itself in such a way that makes regular antimalware detection very difficult.A handful of readers wrote me to say that the NSA\u2019s firmware hack is proof positive that Dragos Ruiu's BadBIOS tale is real.For those of you who missed the BadBIOS hysteria back in 2013, a well-liked, trusted, and knowledgeable antimalware expert, Dragos Ruiu, wrote about a superadvanced and mysterious malware program that had infected his computers.This malware program\u2019s abilities were unbelievable. It could not only flash and live in firmware (like the NSA\u2019s tool), but it worked on multiple platforms (OS X, Windows, BSD, and so on), could hide itself so that no one could analyze it, and could communicate with other infected computers using ultrahigh speaker frequencies.Ruiu\u2019s claims sounded like magic. If he hadn't been regarded as a reputable security expert, I would have blown off his accusations as yet another paranoid schizophrenic rant. Nearly everything Ruiu claimed was possible. But experts who examined those claims ended up contending they were either highly unlikely or relied on a dubious assumption (for example: PC speakers are capable of transmitting and receiving at frequencies they weren't designed to produce).To believe in the existence of BadBIOS, you had to believe all of these incredibly unlikely technological feats were possible and had been rolled into one malware program. Lots of people bought it. Many said they had experienced the same symptoms (or others that were as advanced or stealthy). There were big debates and flame wars, with each side calling the other na\u00efve.I started -- and ended up -- being skeptical that BadBIOS existed and essentially accused Ruiu and his supporters of seeing the picture they wanted to see. That's a common fault among accomplished scientists and researchers, much less laypeople. That\u2019s why independent, skeptical confirmation is so critical in real research. BadBIOS and all the other related claims had none.Then the NSA firmware hacking revelations started to become public in early 2014, revealing malware signs and symptoms that were eerily similar to BadBIOS. Again, I remained a BadBIOS skeptic.I still am. The biggest flaw in Ruiu\u2019s claims is that not only did he lack hard evidence of his malware program, but no one involved in the forensic investigation found evidence either. Examination by experts in the field found nothing unusual. What Ruiu had claimed showed signs of maliciousness were found to be normal and expected data. Reaching the point of absolute incredulity, Ruiu claimed the malware was erasing itself whenever he tried to make copies of it for forensic investigation.The NSA's recently revealed firmware hack is another matter. Although the revelations may be startling to some, there are two big reasons why it is demonstrably real, unlike BadBIOS.First and most important: It\u2019s detectable. No one could detect BadBIOS code, whereas the leading antivirus firms are easily detecting the NSA\u2019s firmware hack. It may be advanced, but it doesn\u2019t have magical abilities to hide from prying eyes. We can detect it. We can examine it. We can remove it.Equally as important, everything the NSA firmware hack does is possible without making incredible assumptions. It uses existing specifications and APIs to pull off feats that, although unusual, are easily understood without stretching the imagination. No experts in the field argue that what it does can\u2019t be done.I still like Ruiu, and I believe he genuinely thought he had discovered advanced, undetectable malware on his system. But he didn't. We all make mistakes -- and one mistake in the cyber security world shouldn\u2019t define the career of a single individual. We\u2019re in this fight together, and sometimes we end up chasing false leads. It\u2019s to be expected. We learn from our mistakes and it makes us better.I'd feel better, though, if readers didn\u2019t use every new firmware hack as an excuse to declare that BadBIOS was real, without first examining the reasons why BadBIOS wasn\u2019t to be believed.