News Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable

Toggle sidebar Toggle sidebar
punkncat

punkncat

Polypheme
Ambassador
Apr 3, 2018
11,402
3,008
62,890
Is Afterburner going to have issues as a result of this breach?

For instance, if you had already installed it, you can or cannot trust the auto-updates it wants to do from time to time?
 
Alvar "Miles" Udell

Alvar "Miles" Udell

Admirable
Apr 1, 2020
1,445
1,100
7,060
The real problem will be that since laptops are far less likely to receive BIOS updates than desktops, mostly because they're one off things, how many affected machines will never be updated to blacklist the affected keys, assuming they can be anyway? It's always possible their sites are hacked and malware programs inserted in them, like what happened with CCleaner, and even more reasonable that their forums and others are seeded with so called "beta updates" and such from imposters using the stolen keys to install malware.
 
digitalgriffin

digitalgriffin

Splendid
Jan 29, 2008
3,540
1,483
25,390
Why why why do major companies NOT keep the keys to the company on air gapped systems? Why?!?

Now they will have to invoke an update invalidating the old keys.

But what's worse is if a virus gets past av software, it can generate and implant it's own bios and prevent future updates to fix corruption.

Dumbasses
 
  • Like
Reactions: bigdragon
Math Geek

Math Geek

Titan
Ambassador
Oct 15, 2014
18,026
2,337
101,590
TechieTwo said:
This is why hackers should go to prison for 50 years, be fined millions and lose all personal and business assets to repay those impacted by their hack.
Click to expand...
not really the answer. wouldn't hurt but not gonna stop it.

this is why the companies need to actually begin to give a darn about security. pretty much every time we actually find out how they got hacked it's a non patched system, some default password not changed or other Day 1 rule you learn about in any computer security 101 type class.

there are plenty of laws in place requiring better security and each has plenty of penalties attached for breaking the rules. these include jail time for not just security head but also CEO of said company!! yet we never read about these companies facing any penalties for not securing their systems as the law says they must.

throw a few CEO's in jail and fine em millions of bucks like the law says they can, and i 100% guarantee we'll see less and less of this happening. hackers are not magicians, they just know how to exploit the stupidity of system admins and general users. remove the obvious ways in and they'll move on when they actually have to put work into breaking into systems.
 
W

wbfox

Distinguished
Jul 27, 2013
78
38
18,570
gregss said:
Can't the keys which have been leaked be revoked?
Click to expand...
Probably? But at the least would require a download of something that has a new list of revoked signatures and you would want to be able to verify...right, the keys. And stuff like updating the bios, but who does that?
 
W

wbfox

Distinguished
Jul 27, 2013
78
38
18,570
Math Geek said:
not really the answer. wouldn't hurt but not gonna stop it.

this is why the companies need to actually begin to give a darn about security. pretty much every time we actually find out how they got hacked it's a non patched system, some default password not changed or other Day 1 rule you learn about in any computer security 101 type class.

there are plenty of laws in place requiring better security and each has plenty of penalties attached for breaking the rules. these include jail time for not just security head but also CEO of said company!! yet we never read about these companies facing any penalties for not securing their systems as the law says they must.

throw a few CEO's in jail and fine em millions of bucks like the law says they can, and i 100% guarantee we'll see less and less of this happening. hackers are not magicians, they just know how to exploit the stupidity of system admins and general users. remove the obvious ways in and they'll move on when they actually have to put work into breaking into systems.
Click to expand...
This, but more than a few and bump that up to a sliding scale of billions to hundreds of millions based on if they are a zuck or a worthless little hundred millionaire. And actually just no more universal silver bullets that can kill all users at once. Or even in great quantity. Cisco...nvidia...intel...amd...the rest....you know who you are.
 
W

wbfox

Distinguished
Jul 27, 2013
78
38
18,570
digitalgriffin said:
Why why why do major companies NOT keep the keys to the company on air gapped systems? Why?!?

Now they will have to invoke an update invalidating the old keys.

But what's worse is if a virus gets past av software, it can generate and implant it's own bios and prevent future updates to fix corruption.

Dumbasses
Click to expand...
I mean, its the age of wifi. I've never seen anyone monitoring the air in their airgap yet. Sure there are some. But how about no more systems that all fall sway under The One Ring and this happens every time Bob in PR uses a bad password and responds to a phishing email from his long lost great aunt?
 
digitalgriffin

digitalgriffin

Splendid
Jan 29, 2008
3,540
1,483
25,390
wbfox said:
I mean, its the age of wifi. I've never seen anyone monitoring the air in their airgap yet. Sure there are some. But how about no more systems that all fall sway under The One Ring and this happens every time Bob in PR uses a bad password and responds to a phishing email from his long lost great aunt?
Click to expand...
You don't let them have wifi. And you don't allow them to read from or write to USB keys. Only onc machine inside a cage is allowed to act as software distribution with nightly backups.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom