Tagged: intel

VU#758382: Unauthorized modification of UEFI variables in UEFI systems 0

VU#758382: Unauthorized modification of UEFI variables in UEFI systems

Vulnerability Note VU#758382 Unauthorized modification of UEFI variables in UEFI systems Original Release date: 09 Jun 2014 | Last revised: 09 Jun 2014 Overview Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead to bypass of security features and/or denial of service for the platform. Description According to Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of the MITRE Corporation, certain UEFI systems contain a vulnerability which could allow unauthorized modification of UEFI variables: As discussed in recent conference publications ( CanSecWest 2014 , Syscan 2014, and Hack-in-the-Box 2014 ) certain UEFI implementations do not correctly protect and validate information contained in the ‘Setup’ UEFI variable

The Economics of Bulk Surveillance 0

The Economics of Bulk Surveillance

Ross Anderson has an important new paper on the economics that drive government-on-population bulk surveillance: My first big point is that all the three factors which lead to monopoly – network effects, low marginal costs and technical lock-in – are present and growing in the national-intelligence nexus itself. The Snowden papers show that neutrals like Sweden and India are heavily involved in information sharing with the NSA, even though they have tried for years to pretend otherwise. A non-aligned country such as India used to be happy to buy warplanes from Russia; nowadays it still does, but it shares intelligence with the NSA rather then the FSB.