Code found online exploits LogoFAIL to install Bootkitty Linux backdoor (arstechnica.com)
from Stopthatgirl7@lemmy.world to technology@lemmy.world on 29 Nov 21:41
https://lemmy.world/post/22590015

Researchers have discovered malicious code circulating in the wild that hijacks the earliest stage boot process of Linux devices by exploiting a year-old firmware vulnerability when it remains unpatched on affected models.

The critical vulnerability is one of a constellation of exploitable flaws discovered last year and given the name LogoFAIL. These exploits are able to override an industry-standard defense known as Secure Boot and execute malicious firmware early in the boot process. Until now, there were no public indications that LogoFAIL exploits were circulating in the wild.

The discovery of code downloaded from an Internet-connected web server changes all that. While there are no indications the public exploit is actively being used, it is reliable and polished enough to be production-ready and could pose a threat in the real world in the coming weeks or months. Both the LogoFAIL vulnerabilities and the exploit found on-line were discovered by Binarly, a firm that helps customers identify and secure vulnerable firmware.

#technology

threaded - newest

Faresh@lemmy.ml on 29 Nov 22:41 next collapse

Oh to see a medieval peasant’s face after reading them this headline.

mdurell@lemmy.world on 29 Nov 23:43 next collapse

It would probably be blank. The literacy rate wasn’t particularly great back then.

lemmyng@lemmy.ca on 30 Nov 08:54 next collapse

Or you might get accused of being a witch.

sugar_in_your_tea@sh.itjust.works on 30 Nov 17:21 collapse

What does literacy have to do with hearing something?

davidgro@lemmy.world on 30 Nov 01:45 collapse

A famous one of these was the headline

Galaxy Nexus: Android Ice Cream Sandwich Guinea Pig

LorIps@lemmy.world on 30 Nov 14:05 collapse

I can’t read this either.

sugar_in_your_tea@sh.itjust.works on 30 Nov 17:20 next collapse

Galaxy Nexus

Android phone by Google released ~15 years ago.

Android Ice Cream Sandwich

Android 4.0

Guinea Pig

First to try something.

Make sense?

GeneralVincent@lemmy.world on 30 Nov 17:23 collapse

Pretty sure it means

Galaxy Nexus (the smartphone): Android (OS) Ice Cream Sandwich (OS Version) Guinea Pig (Test Subject)

(So the new Android OS version, Ice Cream Sandwich, is being tested on the Galaxy Nexus phone)

horse_tranquilizers@sh.itjust.works on 30 Nov 09:05 collapse

Ffs what laptop options are left?

PushButton@lemmy.world on 30 Nov 11:56 collapse

If you see a kitty cat during the boot, format / put your bios’ keys to “factory” and reinstall.

Not a big deal.

mint_tamas@lemmy.world on 30 Nov 15:30 collapse

Surely a malware that’s not a POC will not display an obvious logo to notify users of its presence?

catloaf@lemm.ee on 30 Nov 17:06 collapse

You overestimate both the competence of malware developers and the perceptiveness of users.