arstechnica.com

buwho, 1 year ago to linux in Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

is it common practice to have a web browser or media player running with elevated permissions? seems like a strange thing to do…

Acters, 1 year ago

Very unlikely unless there is an elevated privilege exploit to use alongside this

IzzyJ, 1 year ago to piracy in Film studios demand IP addresses of people who discussed piracy on Reddit

They do realize IP can be changed by just resetring your router, right?

derpgon, 1 year ago

Not everyone. Also, they should just give them their private range IPs for the lols (192.168.0.0/16, 10.0.0.0/16 etc.).

Buck, 1 year ago

Your ISP will still have a log of which IP was assigned to you at any date and time

cybersandwich, 1 year ago

Those are notoriously shitty and unreliable.

carlytm, 1 year ago to linux in New systemd update will bring Windows’ infamous Blue Screen of Death to Linux | Ars Technica

At last, the Year of the Linux Desktop.

youngGoku, 1 year ago to linux in New systemd update will bring Windows’ infamous Blue Screen of Death to Linux | Ars Technica

This is a joke, right?

youngGoku, 1 year ago

When the system crashes?

So very rarely I guess.

ardent_abysm, 1 year ago

It is a real, and useful feature, while also being a joke.

Cralder, 1 year ago

It’s real. A bluescreen is literally just an error message displayed in fullscreen so it’s not as weird as it sounds

virr, 1 year ago

More of it will display the LOG_EMERG message instead of just stopping without displaying anything.

There are some headless servers I’d prefer to just reboot, but unless actual hardware is faulty I would not be too worried about it.

Hagarashi8, 1 year ago to linux in Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

I may be wrong, but does it mean that if someone is able to modify my uefi - they would be able to inject virus in booting image?

BellaDonna, 1 year ago

Yes, that is exactly the implication

westyvw, 1 year ago to linux in Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Is this potentially useful to me? Since it is persistent, can I use it on this motherboard I have over here that insists on using UEFI even if I do not want to?

plinky, 1 year ago to linux in Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

damn 😱

redd, 1 year ago

Don’t panic!

ruination, 1 year ago to privacyguides in Google-hosted malvertising leads to fake Keepass site that looks genuine

Say it louder for the people at the back: adblock is a basic cybersecurity measurs

Crack0n7uesday, 1 year ago to upliftingnews in Experimental antibiotic kills deadly superbug, opens whole new class of drugs

Don’t tell China, they over use it until it’s no longer effective.

ExLisper, 1 year ago (edited 10 months ago)

Did you mean chickens?

olafurp, 1 year ago to linux in Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

On Linux/Mac you have no use sudo. For sudo you need a password.

This thing will make it very easy to make a rubber ducky though.

HiddenLayer5, 1 year ago (edited 1 year ago)

Would be pretty easy to pull off if you had hardware access. Just boot from a flash drive and drop the exploit from there.

Even if their OS is full disk encrypted, this can easily inject a backdoor or just keylog the bootup password prompt.

kelvie, 1 year ago to linux in Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

So I don’t get it, I have my entire boot image in a signed EFI binary, the logo is in there as well. I don’t think I’m susceptible to this, right? I don’t think systemd-boot or the kernel reads an unsigned logo file anywhere. (Using secure boot)

clmbmb, 1 year ago

This is way before reaching your bootloader. It’s about the manufacturer logo that’s displayed by UEFI while doing the whole hardware initialization.

kelvie, 1 year ago

That’s… Stored in the EFI partition or changeable in userspace?

clmbmb, 1 year ago

Depending on how the UEFI is configured, a simple copy/paste command, executed either by the malicious image or with physical access, is in many cases all that’s required to place the malicious image into what’s known as the ESP, short for EFI System Partition, a region of the hard drive that stores boot loaders, kernel images, and any device drivers, system utilities, or other data files needed before the main OS loads.

(from the article)

kelvie, 1 year ago

Right, I know EFI images are stored in the EFI partition, but with secure boot, only signed images can be executed, so they’d need to steal someone’s signing key to do this.

Marin_Rider, 1 year ago to fuck_cars in 280 million e-bikes are slashing oil demand far more than electric cars. E-bikes and scooters displace 4x as much demand for oil as all of the EVs in the world.

I have an ebike, and I really want an electric scooter/bike once the range can be improved, currently they couldn’t get me to and from work (it’s a long commute)

FeelThePower, 1 year ago to piracy in Film studios demand IP addresses of people who discussed piracy on Reddit

most reasonable corporation

lemming, 1 year ago to piracy in Film studios demand IP addresses of people who discussed piracy on Reddit

Why people insists using reddit is beyond me

Pika, 1 year ago to piracy in Film studios demand IP addresses of people who discussed piracy on Reddit

They are going about it the wrong way with reddit. All they gotta do is show the $$$$ and spez will bend right over with that information. After all that’s all he seems to see.