Extinction Rebellion München<p>👓🍑 <a href="https://climatejustice.social/tags/LogoFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFail</span></a> <a href="https://climatejustice.social/tags/M%C3%BCnchenW%C3%A4hlt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MünchenWählt</span></a> <a href="https://climatejustice.social/tags/OB2026" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OB2026</span></a> <a href="https://climatejustice.social/tags/DesignDesTages" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DesignDesTages</span></a> <a href="https://climatejustice.social/tags/BrilleAufRealityCheck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BrilleAufRealityCheck</span></a> <a href="https://climatejustice.social/tags/M%C3%BCnchen2026" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>München2026</span></a> <a href="https://climatejustice.social/tags/M%C3%BCnchen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>München</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon.
Funding graciously provided by the OpenStreetMap Foundation.
Administered by:
Server stats:
265active users
en.osm.town: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#logofail
0 posts · 0 participants · 0 posts today
Leeloo<p>Why do I keep seeing cars with "Ki" in cyrillic letters?</p><p>Ки</p><p><a href="https://techhub.social/tags/LogoFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFail</span></a></p>
PrivacyDigest<p>Code found online <a href="https://mas.to/tags/exploits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploits</span></a> <a href="https://mas.to/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> to install <a href="https://mas.to/tags/Bootkitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bootkitty</span></a> <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mas.to/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> <br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p><p><a href="https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/</span></a></p>
Elias Griffin<p>BSD, UNIX, Linux Security Advisory</p><p>Lenovo has released the patch for the LogoFAIL UEFI vulnerablity for all products now.</p><p>I've now tested the upgrade already running DragonflyBSD and Alpine Linux on Thinkpads. </p><p>* The upgrade worked well with no issues.</p><p>* No warnings or performance impact was recorded.</p><p>* dmidecode and CHIPSEC verify the vulnerability removal and report 3.14 3/22.</p><p>Please update your BIOS as soon as you can no matter the OS or device.</p><p>My Dragonfly BSD repo is based on a Thinkpad, so here is Thinkpad T495.</p><p><a href="https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t495-type-20nj-20nk/downloads/driver-list/component?name=BIOS%2FUEFI&id=5AC6A815-321D-440E-8833-B07A93E0428C" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pcsupport.lenovo.com/us/en/pro</span><span class="invisible">ducts/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t495-type-20nj-20nk/downloads/driver-list/component?name=BIOS%2FUEFI&id=5AC6A815-321D-440E-8833-B07A93E0428C</span></a></p><p><a href="https://infosec.space/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> <a href="https://infosec.space/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.space/tags/dragonflybsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dragonflybsd</span></a> <a href="https://infosec.space/tags/freebsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freebsd</span></a> <a href="https://infosec.space/tags/openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openbsd</span></a> <a href="https://infosec.space/tags/netbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>netbsd</span></a> <a href="https://infosec.space/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Daniel aka CyReVolt 🐢<p>Are you interested in <a href="https://mastodon.social/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a>? 👩💻<br>Want to know about <a href="https://mastodon.social/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> and <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a>?<br>Have you heard of the <a href="https://mastodon.social/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> vulnerability?</p><p>Come visit us at the <a href="https://mastodon.social/tags/37C3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>37C3</span></a> Open Source Firmware Foundation (OSFF) assembly! 🥳🏳️🌈</p><p><a href="https://events.ccc.de/congress/2023/hub/en/assembly/OSFF/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">events.ccc.de/congress/2023/hu</span><span class="invisible">b/en/assembly/OSFF/</span></a></p>
ADMIN magazine<p>LogoFAIL, an attack that executes malware during the boot process, is affecting hundreds of Windows and Linux devices <a href="https://www.admin-magazine.com/News/Windows-and-Linux-Devices-Vulnerable-to-LogoFAIL-Attack" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">admin-magazine.com/News/Window</span><span class="invisible">s-and-Linux-Devices-Vulnerable-to-LogoFAIL-Attack</span></a> <a href="https://hachyderm.io/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> <a href="https://hachyderm.io/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://hachyderm.io/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://hachyderm.io/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://hachyderm.io/tags/attack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>attack</span></a> <a href="https://hachyderm.io/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a></p>
Linux Magazine<p>Newly discovered LogoFAIL leaves hundreds of Linux and Windows systems vulnerable <a href="https://www.linux-magazine.com/Online/News/Hundreds-of-Consumer-and-Enterprise-Devices-Vulnerable-to-LogoFAIL" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linux-magazine.com/Online/News</span><span class="invisible">/Hundreds-of-Consumer-and-Enterprise-Devices-Vulnerable-to-LogoFAIL</span></a> <a href="https://fosstodon.org/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://fosstodon.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://fosstodon.org/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a></p>
📡 RightToPrivacy & Tech Tips<p>⚠️ LogoFAIL: Windows / Linux UEFI Hardware Vulnerable With Persistence</p><p>(get patched)</p><p><a href="https://fosstodon.org/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://fosstodon.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://fosstodon.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://fosstodon.org/tags/Blackhat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blackhat</span></a> <a href="https://fosstodon.org/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/logoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logoFAIL</span></a> <a href="https://fosstodon.org/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://fosstodon.org/tags/BIOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BIOS</span></a> <a href="https://fosstodon.org/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a> </p><p><a href="https://tube.tchncs.de/w/xrk3chJJtiq94cPKstwfj9" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tube.tchncs.de/w/xrk3chJJtiq94</span><span class="invisible">cPKstwfj9</span></a></p>
Stéphane Bortzmeyer<p>C'est absolument génial, l'attaque <a href="https://mastodon.gougere.fr/tags/LogoFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFail</span></a>. Comme bien des ordinateurs affichent un logo au démarrage, et que ce logo n'est pas en dur dans le code mais chargé depuis un fichier, l'analyseur du fichier est critique (cf. la faille récente sur WebP). Or, plein de BIOS ont un analyseur bogué, qui tourne avant le système d'exploitation, donc en open bar complet, et qui peut être trompé par une image malveillante.<br><a href="https://www.blackhat.com/eu-23/briefings/schedule/index.html#logofail-security-implications-of-image-parsing-during-system-boot-35042" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">blackhat.com/eu-23/briefings/s</span><span class="invisible">chedule/index.html#logofail-security-implications-of-image-parsing-during-system-boot-35042</span></a></p>
Xavier «X» Santolaria :verified_paw: :donor:<p>📨 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> list of resources for week #49/2023 is out! It includes the following and much more:</p><p>➝ 🔓 🧬 <a href="https://infosec.exchange/tags/23andMe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>23andMe</span></a> updates user agreement to prevent <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> lawsuits<br>➝ 🔓 🇺🇸 Hackers Exploited <a href="https://infosec.exchange/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ColdFusion</span></a> Vulnerability to Breach Federal Agency Servers<br>➝ 🔓 🇺🇸 <a href="https://infosec.exchange/tags/Navy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Navy</span></a> contractor Austal USA confirms <a href="https://infosec.exchange/tags/cyberattack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberattack</span></a> after <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataleak</span></a><br>➝ 🔓 🇯🇵 <a href="https://infosec.exchange/tags/Nissan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nissan</span></a> is investigating cyberattack and potential data breach<br>➝ 🔓 🇬🇧 Sellafield nuclear site hacked by groups linked to <a href="https://infosec.exchange/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> and <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>China</span></a><br>➝ 🔓 👾 <a href="https://infosec.exchange/tags/Roblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Roblox</span></a>, <a href="https://infosec.exchange/tags/Twitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Twitch</span></a> allegedly targeted by <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> cartel<br>➝ 🇰🇵 N. Korean <a href="https://infosec.exchange/tags/Kimsuky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kimsuky</span></a> Targeting South Korean Research Institutes with <a href="https://infosec.exchange/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoor</span></a> Attacks<br>➝ 🇷🇺 🦠 ITG05 operations leverage <a href="https://infosec.exchange/tags/Israel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Israel</span></a>-<a href="https://infosec.exchange/tags/Hamas" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hamas</span></a> conflict lures to deliver Headlace <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a><br>➝ 🇷🇺 Russian military hackers target <a href="https://infosec.exchange/tags/NATO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NATO</span></a> fast reaction corps<br>➝ 🇮🇪 🇮🇱 Cyberattack on Irish Utility Cuts Off Water Supply for Two Days<br>➝ 🇷🇺 🇬🇧 Russia hacking: '<a href="https://infosec.exchange/tags/FSB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FSB</span></a> in years-long cyber attacks on UK', says government<br>➝ 🇷🇺 🤖 Russia's AI-Powered Disinformation Operation Targeting <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a>, U.S., and <a href="https://infosec.exchange/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a><br>➝ 🇷🇺 📨 <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> Warns of Kremlin-Backed <a href="https://infosec.exchange/tags/APT28" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT28</span></a> Exploiting Critical <a href="https://infosec.exchange/tags/Outlook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Outlook</span></a> Vulnerability<br>➝ 🚢 💊 Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports<br>➝ 📱 🕵🏻♂️ Governments spying on <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a>, <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> users through push notifications - US senator<br>➝ 🤖 🕵🏻♂️ Due to AI, “We are about to enter the era of mass spying,” says Bruce Schneier<br>➝ 🇺🇦 🫡 Ukraine appoints new cyber chief following ouster of top officials<br>➝ 🇳🇴 💰 Norwegian Labor and Welfare Administration fined for data protection failures<br>➝ 🇫🇷 💬 French government recommends against using foreign chat apps<br>➝ 🐛 🛜 "Sierra:21" vulnerabilities impact <a href="https://infosec.exchange/tags/criticalinfrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>criticalinfrastructure</span></a> routers<br>➝ 🎠 🇹🇭 New Stealthy 'Krasue' <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> Trojan Targeting <a href="https://infosec.exchange/tags/Telecom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecom</span></a> Firms in Thailand<br>➝ 🦠 🤖 SpyLoan <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> malware on Google Play downloaded 12 million times<br>➝ 🦠 <a href="https://infosec.exchange/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a>: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks<br>➝ 🔓 💻 Just about every <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> and <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> device vulnerable to new LogoFAIL firmware attack<br>➝ 🔐 💬 <a href="https://infosec.exchange/tags/Meta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Meta</span></a> Launches Default End-to-End Encryption for Chats and Calls on Messenger<br>➝ 🔐 Addressing post-quantum <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> with <a href="https://infosec.exchange/tags/CodeQL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CodeQL</span></a><br>➝ 🤖 📨 <a href="https://infosec.exchange/tags/Gmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gmail</span></a>’s AI-powered <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a> detection is its biggest security upgrade in years<br>➝ 📱 🔓 Your mobile password manager might be exposing your credentials<br>➝ 🐛 <a href="https://infosec.exchange/tags/Qualcomm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Qualcomm</span></a> Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks</p> <p>📚 This week's recommended reading is: "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws" by Dafydd Stuttard</p> <p>Subscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosecMASHUP</span></a> newsletter to have it piping hot in your inbox every week-end ⬇️</p><p><a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-week-492023" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec-mashup.santolaria.net/</span><span class="invisible">p/infosec-mashup-week-492023</span></a></p>
Matt Willemsen<p><a href="https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/</span></a> Windows <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a> <a href="https://mastodon.social/tags/attack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>attack</span></a> <a href="https://mastodon.social/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://mastodon.social/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> <a href="https://mastodon.social/tags/Binarly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Binarly</span></a> <a href="https://mastodon.social/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://mastodon.social/tags/FilelessMalware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FilelessMalware</span></a></p>
4Dgifts<p>Slide from <a href="https://mastodon.social/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> presentation by Binarly<br> <br>Multibillion dollar UEFI vendors roll their own image parsers in firmware used by billions of devices worldwide...do they fuzz them? nahh, can't do that, that gives you dandruff<br>Where is your SBOM God now ?<br><a href="https://i.blackhat.com/EU-23/Presentations/EU-23-Pagani-LogoFAIL-Security-Implications-of-Image_REV2.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">i.blackhat.com/EU-23/Presentat</span><span class="invisible">ions/EU-23-Pagani-LogoFAIL-Security-Implications-of-Image_REV2.pdf</span></a></p>
Benjamin Carr, Ph.D. 👨🏻💻🧬<p>Just about every <a href="https://hachyderm.io/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> and <a href="https://hachyderm.io/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> device <a href="https://hachyderm.io/tags/vulnerable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerable</span></a> to new <a href="https://hachyderm.io/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> <a href="https://hachyderm.io/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a> attack using malicious logo images.<br>LogoFAIL can be remotely executed in post-e#xploit situations using techniques that can’t be spotted by traditional endpoint security. And because exploits run during the earliest stages of the boot process, they bypass defenses, like <a href="https://hachyderm.io/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://hachyderm.io/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>, and similar protections from other companies that are devised to prevent so-called <a href="https://hachyderm.io/tags/bootkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bootkit</span></a> infections<br><a href="https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/</span></a></p>
LinuxNews.de<p>UEFI Schwachstelle: LogoFAIL gefährdet viele Rechner<br><a href="https://linuxnews.de/uefi-schwachstelle-logofail-tauscht-logos-aus/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">linuxnews.de/uefi-schwachstell</span><span class="invisible">e-logofail-tauscht-logos-aus/</span></a> <a href="https://social.anoxinon.de/tags/logofail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logofail</span></a> <a href="https://social.anoxinon.de/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a></p>
skome<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@system76" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>system76</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@soller" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>soller</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@carlrichell" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>carlrichell</span></a></span> </p><p>Bumping because I'm super curious if my Oryx Pro would be a viable target for <a href="https://fosstodon.org/tags/logofail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logofail</span></a>. If not, wooha, everyone buy System76 open firmware 'puters.</p>
skua<p><span class="h-card" translate="no"><a href="https://piipitin.fi/@hiljaisuus" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hiljaisuus</span></a></span> <br><a href="https://mastodon.social/tags/LOGOfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LOGOfail</span></a> </p><p>What an article.</p><p>"...results from our fuzzing campaign unequivocally say that none of these image parsers were ever tested by IBVs or OEMs."</p><p>And what a cowboy industry!</p>
Marco Ivaldi<p>Cool research <a href="https://infosec.exchange/tags/logofail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logofail</span></a></p><p><a href="https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">binarly.io/posts/The_Far_Reach</span><span class="invisible">ing_Consequences_of_LogoFAIL/</span></a></p><p><a href="https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">binarly.io/posts/finding_logof</span><span class="invisible">ail_the_dangers_of_image_parsing_during_system_boot/</span></a></p>
Gus<p>Looking at the LogoFAIL white paper and I'm not connecting the "just about every device vulnerable" part of the headlines.</p><p>IIUC, vulnerable UEFI firmware has to support loading a custom logo from the EFI system partition. I can't find much vendor support for this?</p><p>The only documented method I've found is from HP: <a href="https://support.hp.com/au-en/document/c01646879" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">support.hp.com/au-en/document/</span><span class="invisible">c01646879</span></a></p><p>Do more vendors support this but don't document it?</p><p>Other "custom BIOS logo" tutorials I've found involve repacking a firmware image, in which case surely the logo is in the BGRT inside the firmware payload which is verified by Intel Boot Guard / Secure Boot before it's loaded. Isn't it?</p><p><a href="https://aus.social/tags/logofail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logofail</span></a> <a href="https://aus.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://aus.social/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a></p>
Jennifer Morency :mastodon:<p>Almost every <a href="https://toot.community/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> and <a href="https://toot.community/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> device is vulnerable to new <a href="https://toot.community/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> <a href="https://toot.community/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a> attack <a href="https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/</span></a> Limiting physical access and keeping browsers updated are essential. Some vendors will also offer patches. <a href="https://toot.community/tags/BIOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BIOS</span></a> <a href="https://toot.community/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://toot.community/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Joe Ortiz<p>Major heads up folks, every <a href="https://mastodon.sdf.org/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> and <a href="https://mastodon.sdf.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> device are affected by this. <a href="https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/</span></a></p><p><a href="https://mastodon.sdf.org/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> <a href="https://mastodon.sdf.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.sdf.org/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload