Great. Another grift.
Great. Another grift.
Ah! Cool! Always good to be expanding the fediverse.
I’m out of the loop. What’s this “Reddit thread from earlier today”?
Also, yes, welcome to former Reddit users. I’m also a former Redditor, but I left during the API pricing fiasco.
How so?
I wasn’t saying anything about who bears “fault”. My aim with that post (and honestly all the posts I’ve made in this thread) was about understanding the details of the vulnerability well enough for folks to be able to ascertain a) whether they’re affected and b) how to remediate.
About “fault”, I’m not sure I really agree that’s the best way to talk about these things in general unless they did them purposefully. (WEI, for instance, was malicious bullshit. But I don’t have any particular reason to think in this specific situation Microsoft didn’t handle responsible disclosure properly or anything.)
Clearly Microsoft made a boo boo in choosing to trust the vulnerable tools in the first place, but vulnerabilities are inevitable.
I’ll definitely say I don’t consider Microsoft “trustworthy” enough to protect my stuff. If only because Microsoft stuff is bloated and has a huge amount of attack surface. But also because their history make it clear they’ll perpetrate really shitty things against their users on purpose. The former could only really be addressed by them slimming down their technology stack. The latter by abolishing the profit motive.
And also, in general UEFI is apparently a cluster fuck of poor, buggy implementations. So there’s that.
In all, this is one doesn’t strike me as terribly high on the “blameworthy” meter unless you just consider it a symptom of Microsoft being assholes, which is undeniably true.
I don’t know where you got the idea that the key fob doesn’t transmit a signal when at rest. If you’re talking about keyless ignition with the button on the car (not remote start via key fob) the key fob transmits a response when it gets a request from the car.
The bad guys have a clever trick, though. They put one guy in your car and one guy next to you. The guy at the car hits the ignition button transmits the signal to the other guy, who transmits it to your fob. The second guy then transmits the response from your fob back to the guy in the car, who then sends it to the car. As far as your car knows, the fob is in the car. So it starts. A Faraday cage can protect against this.
Did you expect the screenshots you posted to make people want to side with you?
Removed by mod
I’ve heard nothing but good things about A People’s History Of The United States and it’s been on my short list of books to read for a while. Haven’t gotten to it yet, but I think it’s worth a read.
Cryptobro logic right there.
Me neithe- I mean what does that say?
His proficiency with math is a little ruff.
I unironically want to see this movie.
Yes! Screen capture! Standardize it! Standardize it! Then get FFMPEG and Zoom to adopt the new standard!
Also, that Simon guy sounds like a good and nice guy.
“Monk! I need a monk!”
“Woolooloo woolooloo.”
“Hey. I’m in your town.”
“We will NOT tolerate this behavior.”
“Start the game already!”
“All hail, king of the losers.”
“I’ll beat you back to Age of Empires.”
“Sure, blame it on your ISP.”
“Don’t point that thing at me.”
“Long time, no seige.”
“Eh. Smite me.”
“Quit touchin’ me.”
“Raiding party.”
“The wonder, the wonder, the… no!”
Uninstall it and make the world a slightly better place?
They don’t even have to be signed…
Yeah. My understanding is that Microsoft has signed several tools made by other companies that boot as UEFI PE executables and aren’t supposed to allow loading arbitrary (including unsigned and malicious) UEFI PE binaries, but due to security vulnerabilities in the tool, they’ll load any old UEFI PE binary you give them.
The payload/malicious UEFI PE binaries don’t have to be signed. But the third-party tools that contain the vulnerabilities have to be signed by a signer your UEFI firmware trusts. (And the tools are signed by Microsoft, which your UEFI firmware almost definitely trusts, unless you’ve already applied a fix).
(And I don’t know exactly what sort of tools they are. Maybe they’re like UEFI Shell software or something? Not sure. Not sure it matters that much for purposes of understanding the impact or remediation strategy for this vulnerability.)
The fix, I’d imagine is:
Now, I’m not 100% sure if there needs to be yet another step in there where individual users explicitly install/trust the replacement certs. Those replacement certs are signed by Microsoft’s root certificate, right? As long as all the certificates in the chain from the root certifcate down to the signature are included with the UEFI PE binary, the firmware should be able to verify the new binary? Or maybe having chains of certs is not how UEFI PE binaries work. Not sure.
Here is an example of something similar that disables Windows Platform Binary Table…(I’m not advocating that anybody actually use this).
Yuck. Thanks for letting me know of that. I’m still firmly in the “learning” phase when it comes to this UEFI stuff. It’s good to be aware of this.
The funniest part is that the laptop has been in sleep or hibernate all that time, not off.
I doubt they can hear much of anything with their heads lodged that far up Trump’s ascending colon.
I made the post you responded to before he edited his post to say “The war on drugs is a load of bullshit.” I wasn’t asking about that bit. And I agree with that bit.
I was asking “how so?” about his statement that “this is actually good news.”
But I don’t really see how this pardon is any move to weaken or end the war on drugs.
When I have more time, I might see about responding to OP’s “sigh” post in this thread with more.