←back to thread

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

(securityonline.info)
658 points transpute | 10 comments | 06 May 23 17:39 UTC | HN request time: 1.687s | source | bottom
1. rolph ◴[06 May 23 17:43 UTC] No.35843605[source]
wieghting in at 1.5TB, it should take a while for first seeds to appear.
replies(3): >>35844114 #>>35844424 #>>35845169 #
2. flangola7 ◴[06 May 23 18:39 UTC] No.35844114[source]
A 1.5TB private key?
replies(2): >>35844145 #>>35844157 #
3. rolph ◴[06 May 23 18:43 UTC] No.35844145[source]
the entire leak was said to be 1.5TB
4. inciampati ◴[06 May 23 18:44 UTC] No.35844157[source]
The total exfiltrated data.
5. teddyh ◴[06 May 23 19:08 UTC] No.35844424[source]
Link?
replies(1): >>35844458 #
6. rolph ◴[06 May 23 19:12 UTC] No.35844458[source]
first paragraph

>>In April, MSI fell victim to a cyberattack perpetrated by the ransomware group Money Message, who successfully infiltrated MSI’s internal systems and exfiltrated a staggering 1.5TB of data, predominantly comprising source code.<<

https://securityonline.info/intel-oem-private-key-leak-a-blo...

replies(2): >>35844693 #>>35847172 #
7. ◴[06 May 23 19:37 UTC] No.35844693{3}[source]
8. capableweb ◴[06 May 23 20:37 UTC] No.35845169[source]
How poor must your security be at such a big company for no one or no system to detect 1.5TB data being exfiltrated to a remote host? Especially supposedly extra sensitive data like private keys...
9. ftxbro ◴[07 May 23 01:58 UTC] No.35847172{3}[source]
> 1.5TB of data, predominantly comprising source code

that's a lot of source code it makes my typing fingers tired just thinking of it

It's possible they could have written it if all 2,672 MSI employees typed this source code constantly in 8-hour shifts seven days a week for five years with no lunch break no restroom break and not allowed to think before typing.

replies(1): >>35851040 #
10. hduebdivd ◴[07 May 23 12:57 UTC] No.35851040{4}[source]
they probably kept the node_modules and .cargo directories