General Chat Thread, [News] UEFI and Secure Boot - The Linux users are not happy! in General; ...
1st April 2013, 01:05 PM #46
Originally Posted by Arthur
Actually being at the sharp end of something like this way back, it mainly boils down to the centrally hosted nature of primary school websites. It only requires one undetected breach to make many dozens of site malware centric. As with privately hosted primary sites. Often those who set them up will have a very poor idea of security and keeping their systems patched as well as having complex passwords in place for admin accounts. High schools fare better due to the higher level of technical expertise on hand when it comes to their sites security issues.
1st April 2013, 01:22 PM #47
+1. It's one rule for Microsoft, and another for Apple, Google and Co.
Originally Posted by SYNACK
Google's Wi-Fi sniffing to result in $7 million fine
... in 2010, Google discovered that enterprising engineer Marius Milner had written code that captured not only the location of open WiFi hotspots, but also some of the traffic, on the basis that “it might be useful”. The data had been captured for three years before the sniffing was "discovered".
Investigations were launched in a number of countries, with varying outcomes. Or example, Britain eventually decided to clear Google, Australia attacked it with a wet lettuce, and France imposed a fine of €100,000.
Consumer Watchdog is upset at the rumoured deal, calling the $US7 million settlement "measly": "Once again it looks like Google, the serial privacy violator, is buying it's way out of a jam with what for the Internet giant is pocket change", its John Simpson wrote. (Source
Google and Opera behind Microsoft's $730-million EU antitrust fine, says FT
A report from the Financial Times claims that Google and Opera "informally provided the tip-off" that led to the EU fining Microsoft over $730 million yesterday. The fine was levied because Microsoft failed to include a "browser ballot" screen that let European users choose what browser to use when setting up their Windows PC. The Financial Times cites "several people familiar with the case" as confirming that Microsoft's browser-making rivals were behind the tip, and claims that both companies also helped the EU throughout the investigation. (Source
Capturing data from unencrypted wireless networks seems just as bad as (if not worse than) not showing the browser ballot screen on Windows 7 SP1 PCs.
The European Commission announcement of the fine said Microsoft's mistake meant 15 million European users of Windows did not see the browser choice screen. (Source
1st April 2013, 01:27 PM #48
Unfortunately that has been my experience too. If primary schools do not have someone who can keep their website software patched, they would be better off with hosted solutions such as Wordpress.com, Squarespace etc.
Originally Posted by Dos_Box
1st April 2013, 01:46 PM #49
Hey don't tar all the Primary Schools with the same brush, lack of skill can be anywhere and I have encountered my fair share of it in High Schools too. To be fair a lot of the frameworks that seem to be the favourites are also turned to Swiss cheese every few months or so thanks to their popularity and the double edged sword of OSS, people can easily fix it but people can also easily crack it open and use the exact same skills to find holes and exploit them instead. Updates, checking and backups are all requirements when dealing with a website, a CMS especially.
Originally Posted by Arthur
I have to say also that some of the prevalence of the hacks in school sites is spear fishing, if your going to find an overtaxed system to exploit that people probably won't report that also has access to a bunch of other machines internally a school is a good target. Many teachers also seem to be an easy target for them as they seem to implicitly trust and click anything that mentions free teaching resources. I have lost count of how many reports I have had of weird stuff tracked back to the user being at this 'great free education resource site' and clicking anything and everything till they get stung with the latest malware. This is one of the many reasons I hate java - as the vector for many of these attacks but they of course require it to use the one in three educational resources that are not actually hidden malware.
Last edited by SYNACK; 1st April 2013 at 01:47 PM.
1st April 2013, 07:01 PM #50
I know what you are saying but If I were to buy a diesel car I could if I wanted to change the engine to a petrol if i wanted in theory.
Originally Posted by SYNACK
I don't buy apple products, or blackberry because you are "not allowed" to monkey around with them. I know this, that's why I don't buy them. Being geeky I can't help it so just avoid them.
I know you are playing devil's advocate Synack but that's my opinion and will never change. I've been taking things apart and breaking them since I could use a screwdriver. Look's like I'm just going to have to be more careful before buying new hardware.
1st April 2013, 10:41 PM #51
The fact that the Acer W510's (and other 'Clover Trail' tablets) only support Windows 8 would have been a deal breaker for me. As you say, research is very important (probably more so than ever).
Originally Posted by markwilfan
3rd April 2013, 08:11 AM #52
I dont know if any of you have IBM Flex Series or x3500 series servers but they take an age to get past the post screen, It's really annoying as on some of out blade servers UEFI is enabled with legacy mode. Some versions of Linux want Legacy only so this means you have to go all the way back to the BIOS to change the settings - It's annoying and takes longer to build a system.
5th April 2013, 04:37 PM #53
Motherboard manufacturer Jetway has done something really stupid. They put their UEFI private signing key on a publicly accessible FTP server along with the source code for their latest American Megatrends (AMI) firmware.
Security Done Wrong: Leaky FTP Server « Adam Caudill
By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated & installed for the vendor’s products that use this ‘Ivy Bridge’ firmware. If the vendor used this same key for other products - the impact could be even worse. Even with a quick reaction, odds are users will be unprotected for some time. As users often don't install firmware updates unless they are having issues - I expect this one to be around for a while.
This kind of leak is a dream come true for advanced corporate espionage or intelligence operations. The ability to create a nearly undetectable, permanent hole in a system’s security is an ideal scenario for covert information collection.
This vendor’s lax (non-existent?) security could have much broader repercussions though. For AMI, they now have a major piece of intellectual property freely available for download by competitors. For users, this code could now be subject to new scrutiny - if a security issue is found in the firmware, it could potentially impact all users whose firmware is based on the leaked code.
Last Post: 12th January 2011, 12:23 PM
By DaveP in forum General Chat
Last Post: 28th October 2009, 09:32 PM
By amccanny in forum Virtual Learning Platforms
Last Post: 29th September 2009, 09:42 PM
By tarquel in forum Windows
Last Post: 15th May 2006, 10:50 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)