diff --git a/state_harmful.md b/state_harmful.md
index 9d32a1c..075812a 100644
--- a/state_harmful.md
+++ b/state_harmful.md
@@ -865,7 +865,7 @@ inject the malware].
 The author believe such a move would be extremely risky for a vendor like Intel.
 Again, we should remember that such malware insertion (by either the processor
 or FSP blob) could not be conditioned on any persistent state, and so would be
-subject to reply "attack". In other words, once the processor or the FSP got
+subject to replay "attack". In other words, once the processor or the FSP got
 caught while pulling this off, it should be possible for the user to reproduce
 and demonstrate this malicious behaviour arbitrary number of times subsequently.