Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday October 30 2015, @01:52PM   Printer-friendly
from the users-are-up-in-ARMs dept.

Joanna Rutkowska's blog points to recent paper on a survey of the various problems and attacks presented against the x86 platform over the last 10 years. The paper does not present new exploits but does cover: the BIOS (UEFI) and booting; peripherals; the Intel Management Engine; and several other aspects of x86 insecurity. Some of the problems appear insurmountable as described.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by novak on Friday October 30 2015, @08:43PM

    by novak (4683) on Friday October 30 2015, @08:43PM (#256650) Homepage

    The only mitigation to ARM's many woes is that at least we have multiple vendors producing them and the BIOS is sometimes open. x86 is rapidly becoming intel only, and nearly every x86 board ever made runs proprietary BIOS and firmware.

    Going to another architecture- even one not much better- could still be a massive step in the right direction as the amount of devices running open firmware skyrockets. Allowing modification of firmware and BIOS at least helps clear up glaring backdoors like IPMI and badUSB which have been standing wide open for years.

    --
    novak
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by NCommander on Friday October 30 2015, @11:42PM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday October 30 2015, @11:42PM (#256722) Homepage Journal

    ARM mostly uses the same UEFI base (TianoCore) as x86 for anything that isn't embedded.

    I'm not kidding when I can say with a straight face it was an improvement in increasing the "just works" factor over u-boot. Unfortunately, TianoCore isn't GPL, so its not required that vendors post their firmware source.

    --
    Still always moving