(securityonline.info)

658 points transpute | 1 comments | 06 May 23 17:39 UTC | HN request time: 0.379s | source

Show context

josephcsible ◴[06 May 23 19:00 UTC] No.35844339[source]▶

This isn't a blow to real security, just to DRM and treacherous computing. There's no legitimate security from "Secure" Boot.

replies(2): >>35844366 #>>35845021 #

bawolff ◴[06 May 23 19:03 UTC] No.35844366[source]▶

>>35844339 #

Evil maids?

replies(6): >>35844387 #>>35844545 #>>35844816 #>>35845120 #>>35845414 #>>35849808 #

Filligree ◴[06 May 23 19:05 UTC] No.35844387[source]▶

>>35844366 #

How many of us have maids? How many of those maids are evil?

replies(3): >>35844414 #>>35848100 #>>35865747 #

ghostpepper ◴[06 May 23 19:07 UTC] No.35844414[source]▶

>>35844387 #

"Evil maid" is a generic descriptor for any number of attacks that can be performed with physical access to a device.

https://en.wikipedia.org/wiki/Evil_maid_attack

"The name refers to the scenario where a maid could subvert a device left unattended in a hotel room – but the concept itself also applies to situations such as a device being intercepted while in transit, or taken away temporarily by airport or law enforcement personnel. "

replies(3): >>35844820 #>>35845994 #>>35848125 #

1. codedokode ◴[06 May 23 22:40 UTC] No.35845994[source]▶

>>35844414 #

With physical access you can simply install a keylogger, GPS tracker, and maybe something worse (malicious PCI-Express or USB device for example).

↑

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security