LogoFail. All UEFI based systems vulnerable.
I don’t know how the malicious actors are going to get their version of the OS vendors Logo onto your system in the first place mind.
https://arstechnica.com/security/2023/1 ... re-attack/
Got a credit card? use our Credit Card & Finance Calculators
Thanks to Anonymous,bruncher,niord,gvonge,Shelford, for Donating to support the site
Rather important security alert
-
- Lemon Quarter
- Posts: 2127
- Joined: November 4th, 2016, 9:40 am
- Has thanked: 1057 times
- Been thanked: 861 times
-
- The full Lemon
- Posts: 10978
- Joined: November 4th, 2016, 8:17 pm
- Has thanked: 1505 times
- Been thanked: 3050 times
Re: Rather important security alert
GrahamPlatt wrote:I don’t know how the malicious actors are going to get their version of the OS vendors Logo onto your system in the first place mind.
US lawful intercept legislation?
As (IIRC) revealed in connection with thrangrycat (but buried under the much bigger shock revelation of Pegasus the same day), the spooks have the right to get their hands on your hardware before you do, at least if you are in the US or your supplier values its business there. Though that was specifically routers.
-
- Lemon Quarter
- Posts: 4565
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 653 times
- Been thanked: 1291 times
Re: Rather important security alert
https://www.coreboot.org/users.html
Be interesting to see if Coreboot and its variants are resistant to this firmware issue...
Cont.Security
coreboot comes with a minimal Trusted Computing Base which reduces the general attack surface. It also supports a secure boot process called VBOOT2. It’s written in MISRA-C standard and provides other languages like Ada for formal verification of special properties. Also the use of platform features like IOMMU, flash protections and deactivated SMM mode increases the security as well.
Be interesting to see if Coreboot and its variants are resistant to this firmware issue...
-
- Lemon Quarter
- Posts: 3302
- Joined: December 7th, 2016, 9:09 pm
- Has thanked: 376 times
- Been thanked: 1094 times
Re: Rather important security alert
Infrasonic wrote:https://www.coreboot.org/users.htmlCont.Security
coreboot comes with a minimal Trusted Computing Base which reduces the general attack surface. It also supports a secure boot process called VBOOT2. It’s written in MISRA-C standard and provides other languages like Ada for formal verification of special properties. Also the use of platform features like IOMMU, flash protections and deactivated SMM mode increases the security as well.
Be interesting to see if Coreboot and its variants are resistant to this firmware issue...
Looking into the details it's likely that Coreboot et-al would be resistant.
In essence the exploit entails replacing a customizable graphical image with one that overflows the buffer.
Move to firmware where the image is embedded or size checked and the exploit won't work.
https://palantetech.coop/blog/palante-s ... y-logofail
-
- Lemon Quarter
- Posts: 2045
- Joined: November 4th, 2016, 10:25 am
- Has thanked: 230 times
- Been thanked: 489 times
Re: Rather important security alert
I don't profess to understand a lot of the detail here, but this quote from the article seemed a bit glib:
Given that the way in which this vulnerability could be exploited is by installing a fake firmware update, this palces a lot of trust in making sure you are getting your firmware update from the right place (or that they haven't been compromised).
The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday’s coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device.
Given that the way in which this vulnerability could be exploited is by installing a fake firmware update, this palces a lot of trust in making sure you are getting your firmware update from the right place (or that they haven't been compromised).
-
- The full Lemon
- Posts: 10978
- Joined: November 4th, 2016, 8:17 pm
- Has thanked: 1505 times
- Been thanked: 3050 times
Re: Rather important security alert
chas49 wrote:I don't profess to understand a lot of the detail here, but this quote from the article seemed a bit glib:The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday’s coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device.
Given that the way in which this vulnerability could be exploited is by installing a fake firmware update, this palces a lot of trust in making sure you are getting your firmware update from the right place (or that they haven't been compromised).
If your system installs *any* updates that aren't cryptographically signed by a fully trusted source, you're asking for trouble.
Return to “Technology - Computers, TV, Phones etc.”
Who is online
Users browsing this forum: No registered users and 13 guests