Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Dr. Roy Schestowitz

2015-01-09 17:27:48 UTC
Modified: 2015-01-09 17:27:48 UTC

Summary: Some blobs like Microsoft's Windows patches and the binary-level UEFI 'validation' do not and cannot provide real security, only insecurity in disguise

THE 'PROMISE' of UEFI 'secure' boot is as ludicrous as Microsoft's claims that it pursues security. UEFI does nothing real for security; in fact, it once again does the very opposite. Quoting the news:

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development.

Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was linked to a variable used to reclaim empty space on SPI flash chips.

According to other news, as told (spun) by a Microsoft booster.,"Microsoft's advance security notification service no longer publicly available". The booster says that "Microsoft is taking its Advance Notification Service private, claiming the change is due to changes in the way users want their advance security notifications." Microsoft sure tells the NSA about ways to hijack/wiretap Microsoft software, so it's a matter of privilege, not some company-wide policy.

How does the above serve users? It doesn't. This is about Microsoft, not users. Users will be left even more vulnerable. As Pogson correctly points out, "There are no Patch Tuesdays with Debian GNU/Linux so the bad guys are no further ahead. We can all get Debian’s patches as soon as they generate them and we can usually install the updates on running systems with no adverse consequences, like a re-re-reboot."

Moreover, in large corporations in particular, patching code internally is possible or even relying on third parties. Don't ever trust security at binary level, such as large blobs being sent that are supposedly 'patched' or some opaque board giving 'approval' before the running of a binary blob, mostly likely based on some cryptic signature approved by unknown people for unknown reasons (usually employees of companies that work with the NSA). Real security emanates from transparency, which breeds trust and provides to ability for one to study and patch one's own programs (or rely on others to do so using their specialised skills). ⬆

"Anyone wonder why the Microsoft SQL server is called the sequel server? Is that because no matter what version it's at there's always going to be a sequel needed to fix the major bugs and security flaws in the last version?"

--Unknown

99.99% Uptime in First Half of 2025: Since January there was only one noticeable outage
When People Call a Best/Close Friend of Bill Gates a "Serial Rapist": Good thing that the Linux Foundation keeps the "Linux" trademark ("Linux Mark") clean
Microsoft Bankruptcy in Russia, Shutdown in Pakistan, What Next?: It seems possible that in 2025 alone Microsoft will have laid off over 50,000 workers
What Matters More Than "Market Share": The goal is freedom, not "market share"
Credit Suisse collapse obfuscated Parreaux, Thiébaud & Partners scandal: Reprinted with permission from Daniel Pocock
[Meme] 9AM Meeting at Brett Wilson LLP: Brett Wilson LLP in space
Listing as Staff People Who Left the Company More Than Six Years Earlier: There are apparently no laws against that
Brian Fagioli Shovels Up LLM Slop (Plagiarism) Onto Slashdot, Then Uses Slashdot for Affirmation or as Badge of Honour: Notice how some of his latest slop is presented ("as featured on Slashdot")
Social Control Media Productivity: Snapping photos of the bone
The Law Firm SLAPPing Us For the Microsofters Lost 72% of Its Tangible Assets in the Past Year, According to Its Own Reports: That might help explain why they're willing to tolerate serial stranglers from Microsoft as clients
Slopwatch: LinuxSecurity.com Slopfarm and Slopfarms Propped Up by Google News: "As LLM slop is foisted onto the WWW in place of knowledge and real content, it now gets ingested and processed by other LLMs, creating a sort of ouroboros of crap."
Links 18/07/2025: Weather Events and Health Hazards: Links for the day
Microsoft's All-Time Low in Finland: Microsoft is in a freefall
Security: Shane Wegner & Debian statement of incompetence: Reprinted with permission from Daniel Pocock
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, July 17, 2025: IRC logs for Thursday, July 17, 2025
Gemini Links 17/07/2025: "Goodreads for Gemini" and Defence of "The Small Web": Links for the day
Links 17/07/2025: Anger and Morale Issues at Microsoft, Wars and Conflicts Get Digital: Links for the day
CALEA / CALEA2 is the Real Problem, Not Chinese Operatives Exploiting CALEA / CALEA2 (as Any Other Nation Can): CALEA / CALEA2 is more of a front door than a back door
Nils Torvalds and Anna "Mikke" Torvalds (née Törnqvis) Hopefully Use GNU/Linux by Now: "Torvalds Family Uses Windows, Not Linus’ Linux"
Attack of the Slopfarms: FUD-amplifying bots with slop images, slop text (LLM slop)
Not My Problem, I Don't Care: Context/inspiration: Martin Niemöller
Honest Journalism About the European Patent Office Ceased to Exist After SLAPPs and Bribes to the Media: The EPO is basically a Mafia
Life Became Simpler When I Stopped Driving and I Don't Miss Driving When I See "Modern" Cars: Gee, wonder why car sales have plummeted...
Why I Believe Brett Wilson LLP and Its Microsoft Clients Are All Toast: So far our legal strategy has worked perfectly
EPO Jobs Are Very Toxic and Bad for One's Health: Health first, not monopolies
Response to Ryo Suwito Regarding the Four Freedoms: the point of life isn't to make more money
Microsoft's Morale Circling Down the Drain: Or gutter, toilet etc.
Tech Used to be Fun. To Many of Us It's Still Fun.: You can just watch it from afar and make fun of it all
Links 17/07/2025: "Blog Identity Crisis" and Openwashing by Nvidia: Links for the day
Greffiers and the US Attorney of the Serial Strangler From Microsoft: The lawsuit can help expose extensive corruption in the American court system as well
The People Who Promoted systemd in Debian Also Promote Wayland: This is not politics
UK Media Under Threat: Cannot Report on Data Breach, Cannot Report on Microsoft Staff Strangling Women: The story of super injunction (in the British media this week, years late)
Victims of the Serial Strangler From Microsoft, Alex Balabhadra Graveley, Wanted to Sue Him But Lacked the Funds (He Attacked Their Finances): Having spoken to victims of the Serial Strangler From Microsoft
Links 17/07/2025: Science, Hardware, and Censorship: Links for the day
Gemini Links 17/07/2025: Staying in the "Small Web" and Back on ICQ: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 16, 2025: IRC logs for Wednesday, July 16, 2025
Under the Guise of "MIT Technology Review Insights" the Site MIT Technology Review Posts Corporate Spam as 'Articles': Some of the articles aren't even articles but 'hit pieces' against Free software and some are paid advertisements
Brett Wilson LLP Has Track Record in Scam Coin Cases (e.g. Craig Wright and More), Now It Works for 'Crypto' Scam Purveyors: But wait, it gets worse
Exclusive: corruption in Tribunals, Greffiers, from protection rackets to cat whisperers: Reprinted with permission from Daniel Pocock
Will Brett Wilson LLP Handle Its Own Winding Up Petition or be Struck Off for Overt Abuse of Process?: Today we sue not only the first Microsofter
Links 16/07/2025: Chip Bans and Microsoft’s “Digital Escort” Program: Links for the day
Ubuntu Becomes Microsoft GitHub, Based on Decision Made by British Army Officer: You're hopeless, Canonical
Revolving Doors: One Day You're a Judge, the Next Day You're an Attorney Paying Public Officials and Working for Violent and Dangerous Microsoft Employees: how the US justice system works
Sharing Code and Recipes: It helps explain the triviality of software freedom
Slopwatch: Noise, Plagiarism and Even Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation: What are we meant to do to prevent a false association or misleading connotations? Game the LLMs? No. Boycott slopfarms.
How Many Women Has Microsoft's Alex Balabhadra Graveley Already Strangled and Where Does That End?: If you too are a victim of this man and wish to share information, contact us
Gemini Links 16/07/2025: BaseLibre Numerical System and Simple Web Browsing with TLS: Links for the day
Links 16/07/2025: Fascist Slop Takes "Intelligence" Clothing, New Criminal Case Against MElon: Links for the day
"We Might Save Somebody's Life": I follow the example of my father
Why I am Suing the Serial Strangler From Microsoft, Alex Balabhadra Graveley, in the UK High Court This Week: Out of respect to the process and to the Court, I shall not share any pertinent details about the case
Links 16/07/2025: China’s Economy Grows Steadily, France Takes Action Regarding Harm to Children by GAFAM and Fentanylware (TikTok): Links for the day
It is Not About Politics: Beware the people who try to make this about politics
Good Journalism Saves Lives: a shocking number of women die or get seriously hurt every day due to violence from a partner
Recognition of Women's Contributions to Free Software: Being passive is not an option when bad things are happening
Slopfarms Are Going to Perish Because Public Opinion is Changing: Many slopfarms will simply go offline
19 Years of Standing Up for Justice, Equality, and Truth: This week we shall take it up a notch
Gemini Links 16/07/2025: Tmux and OCC25 Working TLS: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 15, 2025: IRC logs for Tuesday, July 15, 2025

Another Reason to Boycott UEFI and Proprietary Software From Microsoft: Insecurity

Recent Techrights' Posts