Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Friday January 20 2023, @09:39PM   Printer-friendly
from the one-person's-insecurity-is-another-person's-opportunity dept.

MSI accidentally disables Secure Boot on hundreds of its motherboards:

One of the latest MSI UEFI updates accidentally disabled Secure Boot technology on hundreds of its motherboards, reports Bleeping Computer. As a consequence, over 290 motherboards for AMD and Intel processors can run insecure operating systems, which can be harmful.

MSI's firmware update version 7C02v3C released on January 18, 2022, comes with Image Execution Policy set to 'Always Execute' by default, which allows the PC to boot an operating system that lacks proper signature by its developer. This means that a computer can boot an OS that may have been tampered with, which is an insecure policy as the operating system may be infected or have malicious intent.

The discovery was recently made by Polish security researcher named Dawid Potocki. The researcher noted that he contacted MSI, but did not receive any response, which essentially means that so far the motherboard maker has not fixed its Secure Boot.

See article for a list of motherboard models.


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Saturday January 21 2023, @02:49PM (1 child)

    by Anonymous Coward on Saturday January 21 2023, @02:49PM (#1287898)

    Then what is the point, other than to make it harder to install linux? The only related matter is a warning that I can't use some drivers as secure boot is.not enabled. Which is a serious wtf. Why would loading drivers ever be related to how the OS boots. If I want to trust a driver I should be able to install it. Otherwise, why bother having it.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Tuesday January 31 2023, @12:17AM

    by Anonymous Coward on Tuesday January 31 2023, @12:17AM (#1289401)

    The people who devise this crap, like "secure boot", are maybe 1/4 as smart as the attackers.

    To make it worse, the people who devise this stuff are much better at convincing others that their hairbrained ideas are the be-all and end-all of security.

    tl;dr: "Security" people are usually much better at posturing and selling than innovating security.