Stories
Slash Boxes
Comments

SoylentNews is people

Despite Warnings, Many Computers Still Vulnerable to Hackers at Start-Up

posted by azrael on Saturday August 02 2014, @04:34PM   Printer-friendly
from the security-on-the-honour-system dept.

mendax writes:

Despite a "multi-year effort to prevent hackers from altering computers while they boot up has largely failed because of lax application of preventive steps, researchers say, despite disclosures that flaws are being exploited."

More from the article:

In the latest sign that the problem persists, researchers at the federally funded MITRE lab said this week that many customers of Intel Corp still had not adopted revised security designs Intel distributed in March after the MITRE team found new vulnerabilities in the start-up process. That could mean many newer Windows computers remain exposed, the MITRE team told Reuters ahead of a presentation at the Black Hat security conference in Las Vegas next week. The stubborn glitches illustrates how such well-funded spying programs as those exposed by former National Security Agency contractor Edward Snowden can continue to succeed against targets that depend on a complex supply chain.

Ironically, the article also points out:

Long before Snowden's documents began appearing the media, professional technicians and U.S. officials were concerned about the vulnerabilities that left computers severely exposed as they are turned on. Years ago, then-U.S. National Security Agency Director Keith Alexander privately urged the chief executives of major American technology companies to do something about the boot-up procedure known as the Basic Input/Output System, or BIOS.

 
This discussion has been archived. No new comments can be posted.
Despite Warnings, Many Computers Still Vulnerable to Hackers at Start-Up | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday August 04 2014, @04:03AM

    by Anonymous Coward on Monday August 04 2014, @04:03AM (#77087)

    Seems like a giant plot to evict user coded software from users computer system. NSA via Intel etc want to hook users into their exploits by mandate and force. As smartphones has shown. Code signing isn't really a protection but it sure obstruct free software. Or shall we say user audited and inspected code.

    IMH-and-possibly-mistaken-O I'll disagree about Code signing being a protection. And while I understand and agree with the basis of your fear of it as a way to obstruct free software, the real bottom line is that Code signing is wonderful, as long as the user has all of the source code, the tools to modify as they desire, and ability to generate their own keys and sign their own builds. If the user has the power of access and ability to modify all source, then Code signing is pure joy. The pathological case is simply a single signed boot loader that proceeds to bootstrap from unsigned code. There, the user whether they like or dislike code signing wins at no cost. The problem that code signing is trying to solve is a good one to solve. It's just whether or not the person who actually shelled out dollars for the device is the "owner" of the system, or just the "renter" of a black box. A society where everyone is the "renter" of a black box controlled by a corporation (easily infiltratable by one or more governments), does not sound good to me. But a society where everyone is the "owner" of devices that they can run according to manufacturer specs, or their own in a "general purpose" fashion, sounds like where I'd like to see things go. Snowden+14months and I'm not optomistic about the way the winds are blowing in a society where the president is quoted as "yeah, we torture some folks, and no, there will be no criminal prosecution of that"...