News Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable

Toggle sidebar Toggle sidebar
The real problem will be that since laptops are far less likely to receive BIOS updates than desktops, mostly because they're one off things, how many affected machines will never be updated to blacklist the affected keys, assuming they can be anyway? It's always possible their sites are hacked and malware programs inserted in them, like what happened with CCleaner, and even more reasonable that their forums and others are seeded with so called "beta updates" and such from imposters using the stolen keys to install malware.
 
Why why why do major companies NOT keep the keys to the company on air gapped systems? Why?!?

Now they will have to invoke an update invalidating the old keys.

But what's worse is if a virus gets past av software, it can generate and implant it's own bios and prevent future updates to fix corruption.

Dumbasses
 
  • Like
Reactions: bigdragon
TechieTwo said:
This is why hackers should go to prison for 50 years, be fined millions and lose all personal and business assets to repay those impacted by their hack.
Click to expand...
not really the answer. wouldn't hurt but not gonna stop it.

this is why the companies need to actually begin to give a darn about security. pretty much every time we actually find out how they got hacked it's a non patched system, some default password not changed or other Day 1 rule you learn about in any computer security 101 type class.

there are plenty of laws in place requiring better security and each has plenty of penalties attached for breaking the rules. these include jail time for not just security head but also CEO of said company!! yet we never read about these companies facing any penalties for not securing their systems as the law says they must.

throw a few CEO's in jail and fine em millions of bucks like the law says they can, and i 100% guarantee we'll see less and less of this happening. hackers are not magicians, they just know how to exploit the stupidity of system admins and general users. remove the obvious ways in and they'll move on when they actually have to put work into breaking into systems.
 
gregss said:
Can't the keys which have been leaked be revoked?
Click to expand...
Probably? But at the least would require a download of something that has a new list of revoked signatures and you would want to be able to verify...right, the keys. And stuff like updating the bios, but who does that?
 
Math Geek said:
not really the answer. wouldn't hurt but not gonna stop it.

this is why the companies need to actually begin to give a darn about security. pretty much every time we actually find out how they got hacked it's a non patched system, some default password not changed or other Day 1 rule you learn about in any computer security 101 type class.

there are plenty of laws in place requiring better security and each has plenty of penalties attached for breaking the rules. these include jail time for not just security head but also CEO of said company!! yet we never read about these companies facing any penalties for not securing their systems as the law says they must.

throw a few CEO's in jail and fine em millions of bucks like the law says they can, and i 100% guarantee we'll see less and less of this happening. hackers are not magicians, they just know how to exploit the stupidity of system admins and general users. remove the obvious ways in and they'll move on when they actually have to put work into breaking into systems.
Click to expand...
This, but more than a few and bump that up to a sliding scale of billions to hundreds of millions based on if they are a zuck or a worthless little hundred millionaire. And actually just no more universal silver bullets that can kill all users at once. Or even in great quantity. Cisco...nvidia...intel...amd...the rest....you know who you are.
 
digitalgriffin said:
Why why why do major companies NOT keep the keys to the company on air gapped systems? Why?!?

Now they will have to invoke an update invalidating the old keys.

But what's worse is if a virus gets past av software, it can generate and implant it's own bios and prevent future updates to fix corruption.

Dumbasses
Click to expand...
I mean, its the age of wifi. I've never seen anyone monitoring the air in their airgap yet. Sure there are some. But how about no more systems that all fall sway under The One Ring and this happens every time Bob in PR uses a bad password and responds to a phishing email from his long lost great aunt?
 
wbfox said:
I mean, its the age of wifi. I've never seen anyone monitoring the air in their airgap yet. Sure there are some. But how about no more systems that all fall sway under The One Ring and this happens every time Bob in PR uses a bad password and responds to a phishing email from his long lost great aunt?
Click to expand...
You don't let them have wifi. And you don't allow them to read from or write to USB keys. Only onc machine inside a cage is allowed to act as software distribution with nightly backups.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom