|
LogoFAIL
LogoFAIL is a security vulnerability and exploit thereof that affects computer motherboard firmware with TianoCore EDK II, including Insyde Software's InsydeH2O modules and similar code in AMI and Phoenix firmware, which are commonly found on both Intel and AMD motherboards, and which enable loading of custom boot logos. The exploit was discovered in December 2023 by researchers at Binarly. Description The vulnerability exists when the Driver Execution Environment (DXE) is active after a successful Power On Self Test (POST) in the UEFI firmware (also known as the BIOS). The UEFI's boot logo is replaced with the exploit payload at this point, and the exploit can then take control of the system. Patches Intel patched the issue in Intel Management Engine The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platfor ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Insyde Software
Insyde Software () is a company that specializes in UEFI system firmware and engineering support services, primarily for OEM and ODM computer and component device manufacturers. They are listed on the Gre Tai Market of Taiwan and headquartered in Taipei, with offices in Westborough, Massachusetts, and Portland, Oregon. Overview The company's product portfolio includes InsydeH2O BIOS (Insyde Software's implementation of the Intel Platform Innovation Framework for UEFI/EFI), BlinkBoot, a UEFI-based boot loader for enabling Internet of Things devices, and Supervyse, which is a full-featured systems management/ BMC firmware for providing out-of-band remote management for server computers. Insyde Software was formed when it purchased the BIOS assets of SystemSoft Corporation (NASDAQ:SYSF) in October, 1998. Initially Insyde Software was a company that included investments from Intel Pacific Inc., China Development Industrial Bank, Professional Computer Technology Limited (PCT), c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
TianoCore EDK II
TianoCore EDK II (formerly Tiano) is the reference implementation of UEFI by Intel. EDK is the abbreviation for EFI Development Kit and is developed by the TianoCore community. TianoCore EDK II is the de facto standard generic UEFI services implementation. History In 2004, Intel released their "Foundation Code" of their EFI implementation using a free license. The resulting code formed the basis of the community-run EDK project on SourceForge, started in 2004. The name "Tiano" was present in the initial Intel code. The last update to the EDK (version 1) project happened in May 2010. Version 2 is in active development. An "edk2" project was imported into SourceForge in April 2006, with a package-oriented code base again written by Intel. The initial "DeveloperManual" referred to this project as "Tiano R9". In 2008, a stable, validated version of EDK II was tagged as "UEFI Development Kit 2008" (UDK2008). The tag includes a BuildNotes.txt dating to November 2006 describing the co ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Vulnerability (computing)
Vulnerabilities are flaws or weaknesses in a system's design, implementation, or management that can be exploited by a malicious actor to compromise its security. Despite a system administrator's best efforts to achieve complete correctness, virtually all hardware and software contain bugs where the system does not behave as expected. If the bug could enable an attacker to compromise the confidentiality, integrity, or availability of system resources, it can be considered a vulnerability. Insecure software development practices as well as design factors such as complexity can increase the burden of vulnerabilities. Vulnerability management is a process that includes identifying systems and prioritizing which are most important, scanning for vulnerabilities, and taking action to secure the system. Vulnerability management typically is a combination of remediation, mitigation, and acceptance. Vulnerabilities can be scored for severity according to the Common Vulnerability S ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Exploit (computer Security)
An exploit is a method or piece of code that takes advantage of Vulnerability (computer security), vulnerabilities in software, Application software, applications, Computer network, networks, operating systems, or Computer hardware, hardware, typically for malicious purposes. The term "exploit" derives from the English verb "to exploit," meaning "to use something to one’s own advantage." Exploits are designed to identify flaws, bypass security measures, gain unauthorized access to systems, take control of systems, install malware, or data breach, steal sensitive data. While an exploit by itself may not be a malware, it serves as a vehicle for delivering malicious software by breaching security controls. Researchers estimate that malicious exploits cost the global economy over US$450 billion annually. In response to this threat, organizations are increasingly utilizing cyber threat intelligence to identify vulnerabilities and prevent hacks before they occur. Description Expl ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, and Delaware General Corporation Law, incorporated in Delaware. Intel designs, manufactures, and sells computer components such as central processing units (CPUs) and related products for business and consumer markets. It is one of the world's List of largest semiconductor chip manufacturers, largest semiconductor chip manufacturers by revenue, and ranked in the Fortune 500, ''Fortune'' 500 list of the List of largest companies in the United States by revenue, largest United States corporations by revenue for nearly a decade, from 2007 to 2016 Fiscal year, fiscal years, until it was removed from the ranking in 2018. In 2020, it was reinstated and ranked 45th, being the List of Fortune 500 computer software and information companies, 7th-largest technology company in the ranking. It was one of the first companies listed on Nasdaq. Intel supplies List of I ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
UEFI
Unified Extensible Firmware Interface (UEFI, as an acronym) is a Specification (technical standard), specification for the firmware Software architecture, architecture of a computing platform. When a computer booting, is powered on, the UEFI implementation is typically the first that runs, before starting the operating system. Examples include AMI Aptio, Phoenix Technologies, Phoenix SecureCore, TianoCore EDK II, and InsydeH2O. UEFI replaces the BIOS that was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide Backward compatibility, backwards compatibility with the BIOS using #CSM booting, CSM booting. Unlike its predecessor, BIOS, which is a de facto standard originally created by IBM as proprietary software, UEFI is an open standard maintained by an industry consortium. Like BIOS, most UEFI implementations are proprietary. Intel developed the original ''Extensible Firmware Interface'' (''EFI'') specification. The last Inte ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Intel Management Engine
The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards. The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off. This issue can be mitigated with the deployment of a hardware device which is able to disconnect all connections to mains power as well as all internal forms of energy storage. The Electronic Frontier Foundation and some security researchers have voiced concern that the Management Engine is a backdoor. Intel's main competitor, AMD, has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs. Difference from Intel AMT The Management Engine is often confused with Intel AMT (Intel Active Management Technology) ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
2024 In Computing
4 (four) is a number, numeral and digit. It is the natural number following 3 and preceding 5. It is a square number, the smallest semiprime and composite number, and is considered unlucky in many East Asian cultures. Evolution of the Hindu-Arabic digit Brahmic numerals represented 1, 2, and 3 with as many lines. 4 was simplified by joining its four lines into a cross that looks like the modern plus sign. The Shunga would add a horizontal line on top of the digit, and the Kshatrapa and Pallava evolved the digit to a point where the speed of writing was a secondary concern. The Arabs' 4 still had the early concept of the cross, but for the sake of efficiency, was made in one stroke by connecting the "western" end to the "northern" end; the "eastern" end was finished off with a curve. The Europeans dropped the finishing curve and gradually made the digit less cursive, ending up with a digit very close to the original Brahmin cross. While the shape of the character ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer Security Exploits
A computer is a machine that can be programmed to automatically carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic sets of operations known as ''programs'', which enable computers to perform a wide range of tasks. The term computer system may refer to a nominally complete computer that includes the hardware, operating system, software, and peripheral equipment needed and used for full operation; or to a group of computers that are linked and function together, such as a computer network or computer cluster. A broad range of industrial and consumer products use computers as control systems, including simple special-purpose devices like microwave ovens and remote controls, and factory devices like industrial robots. Computers are at the core of general-purpose devices such as personal computers and mobile devices such as smartphones. Computers power the Internet, which links billions of computer ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
