Technology

60101 readers

3326 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

115

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor (arstechnica.com)

submitted 3 weeks ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Researchers have discovered malicious code circulating in the wild that hijacks the earliest stage boot process of Linux devices by exploiting a year-old firmware vulnerability when it remains unpatched on affected models.

The critical vulnerability is one of a constellation of exploitable flaws discovered last year and given the name LogoFAIL. These exploits are able to override an industry-standard defense known as Secure Boot and execute malicious firmware early in the boot process. Until now, there were no public indications that LogoFAIL exploits were circulating in the wild.

The discovery of code downloaded from an Internet-connected web server changes all that. While there are no indications the public exploit is actively being used, it is reliable and polished enough to be production-ready and could pose a threat in the real world in the coming weeks or months. Both the LogoFAIL vulnerabilities and the exploit found on-line were discovered by Binarly, a firm that helps customers identify and secure vulnerable firmware.

top 12 comments

sorted by: hot top controversial new old

[–] [email protected] 33 points 3 weeks ago (2 children)

Oh to see a medieval peasant's face after reading them this headline.

[–] [email protected] 26 points 3 weeks ago (1 children)

A famous one of these was the headline

Galaxy Nexus: Android Ice Cream Sandwich Guinea Pig

[–] [email protected] 2 points 3 weeks ago (2 children)

I can't read this either.

[–] [email protected] 7 points 3 weeks ago

Pretty sure it means

Galaxy Nexus (the smartphone): Android (OS) Ice Cream Sandwich (OS Version) Guinea Pig (Test Subject)

(So the new Android OS version, Ice Cream Sandwich, is being tested on the Galaxy Nexus phone)

[–] [email protected] 3 points 3 weeks ago* (last edited 3 weeks ago)

Galaxy Nexus

Android phone by Google released ~15 years ago.

Android Ice Cream Sandwich

Android 4.0

Guinea Pig

First to try something.

Make sense?

[–] [email protected] 15 points 3 weeks ago (2 children)

It would probably be blank. The literacy rate wasn't particularly great back then.

[–] [email protected] 6 points 3 weeks ago

Or you might get accused of being a witch.

[–] [email protected] 2 points 3 weeks ago

What does literacy have to do with hearing something?

[–] [email protected] 2 points 3 weeks ago (1 children)

Ffs what laptop options are left?

[–] [email protected] -3 points 3 weeks ago (1 children)

If you see a kitty cat during the boot, format / put your bios' keys to "factory" and reinstall.

Not a big deal.

[–] [email protected] 11 points 3 weeks ago (1 children)

Surely a malware that’s not a POC will not display an obvious logo to notify users of its presence?

[–] [email protected] -1 points 3 weeks ago

You overestimate both the competence of malware developers and the perceptiveness of users.