Submitted via IRC for TheMightyBuzzard
AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor.
[...] Cfir Cohen, a security researcher with the Google Cloud Security Team, says he discovered a vulnerability in the Trusted Platform Module (TPM) of the AMD Secure Processor. The TPM is a component to store critical system data such as passwords, certificates, and encryption keys, in a secure environment and outside of the more easily accessible AMD cores.
"Through manual static analysis, we've found a stack-based overflow in the function EkCheckCurrentCert," Cohen says. The researcher claims that an attacker could use specially-crafted EK certificates to get remote code execution rights on the AMD Secure Processor, allowing him to compromise its security.
Cohen said that some basic mitigation techniques such as "stack cookies, NX stack, ASLR" were not implemented in AMD's Secure Processor, making exploitation trivial.
takyon: This bug is unrelated to Meltdown and Spectre. And you might be interested in this:
Source: Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online
(Score: 4, Insightful) by Justin Case on Sunday January 07 2018, @07:49PM (1 child)
Your suggestions make a lot of sense, which is will they will be energetically opposed.
But then, how can we show you relevant ads that tell you where to go? "Just fail to say No loudly enough, and the car will automatically drive you to our store! For your convenience of course!"
Be reasonable. Surely you don't think we're going to let it be your car? You merely get to pay for it.
(Score: 2) by takyon on Sunday January 07 2018, @09:43PM
I noted OTA updates because of one near and dear company's use of them: https://electrek.co/2017/07/19/tesla-software-updates-vs-auto-industry/ [electrek.co]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]