Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mas.to is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hello! mas.to is a fast, up-to-date and fun Mastodon server.

Administered by:

Server stats:

12K
active users

mas.to: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Tony Arcieri 🌹🦀

If you're going to put an image parser at the most sensitive stage of a computer's boot process, make sure to use one which has been written in a memory-safe language.

This UEFI exploit impacts pretty much every Windows and Linux device and bypasses Secure Boot

arstechnica.com/security/2023/

Ars Technica · Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attackUEFIs booting Windows and Linux devices can be hacked by malicious logo images.
Dec 08, 2023, 06:56 PM·Public·Web
19boosts·31favorites
Public
baloo

@bascule I still don't think the image parser is the only issue here.
I don't get why there is no memory protection (why segments that are executable are also writable), nor why there couldn't be ASLR.

Public
Tony Arcieri 🌹🦀

@baloo I wonder if getting your UEFI bootloader to display an image is like “Hello, world!” and it just was never properly hardened after that

Public
Silicon Underground (Dave F)

@bascule I suddenly want a hacked BIOS with that image parser fixed. And by fixed, I mean overwritten with 0x90.

Public
Metafrastis

@bascule kind of like you can spellcheck a document ten times, you will probably still have a spelling error in the headline.

ExploreLive feeds
About