Bonum Certa Men Certa

Microsoft and Its Boosters Worsen Linux Security

posted by Roy Schestowitz on Dec 01, 2023

The circus goes on and on. Latest:

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images: Secure? But whose standards?

Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.

Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others.

Dubbed "LogoFail," we're told the set of vulnerabilities allows attackers to use malicious image files that are loaded by the firmware during the boot phase as a means of quietly delivering payloads such as bootkits.

The vulnerabilities affect the image parsing libraries used by various firmware vendors, most of which are exposed to the flaws, according to the researchers at Binarly.

Image parsers are firmware components responsible for loading logos of vendors, or workplaces in cases where work-issued machines are configured to do so, flashing them on the display as the machine boots.

THE article above was shared just moments ago in IRC (by Sompi). It's yet another one of many such revelations and incidents. It's important to distinguish real, inherent security (auditable, reproducible, small and simple enough to exhaustively traverse and learn) from marketing junk and junk science. One need not go far back in time (just over a week) to grasp perils of Windows and shortcomings of fingerprint biometrics - i.e. quasi-futuristic security theatrics and gimmicks.

Where does this end? What happened to proper engineering?

The Microsofters like to break things and block Linux from booting and installing. Of course they call this whole charade "security" and anyone who questions their motives is "against security" or "homophobic" or something to that effect... so do not ever criticise what they do. Questioning Microsoft is an act of intolerance and disregard for the supposed needs of "Big Users" of Linux...

It should be noted that Microsoft's Poettering is pushing similar things and worse via systemd (even TPM). We covered this before. It'll get worse over time. As one reader put it some hours ago: "The Poettering-driven merge of /usr/bin and /bin is going to cause a tremendous amount of further damage to both the technological base as well as the community and add a lot of unnecessary effort."

This reader moreover cited "The collapse of Debian" - an ongoing discussion that relates to the above. And "there is a good three-point summary further down on the first page," this reader said, though to quote the top part: "Fedora and Ubuntu has nothing on what Debian was, and Debian is no longer what it was. We no longer have in our midst that which we used to have, and now more than ever need."

Almost all my machines run Debian and I heard that Debian 12 can be tough on some desktops/laptops. Heck, this site's server runs Debian 12, but so far no major issue. 4 Debian Developers have been added in 2 months, so one can hope the project can survive and thrive in an age when both IBM and Canonical push Microsoft agenda.

While GNU/Linux usage sure is increasing [1, 2], both in homes and businesses, the freedom of it is being compromised and security intentionally sabotaged (hence, many consider or move to BSD). It's rapidly becoming yet another back-doored platform that is vulnerable enough to be deemed "enterprise-ready" by the likes of the NSA.

Other Recent Techrights' Posts

Why Microsoft is Promoting/Hyping Up XBox Vapourware (Hardware That Does Not Even Exist) and 'Store' (or Titles) Instead of Physical Products
most operations/units at Microsoft shrink or lose money
Sexually Harassing and Intimidating Women, Then Sending "Final Warning" to Silence Them by Further Intimidation
Attacking women, blackmailing hosts, and falsely presenting (or misrepresenting) laws
Techrights' Statement on Julian Assange Verdict (February 20th, 2024) - Updated Throughout the Day
Techrights observes today's disturbing attempts to extradite a journalist for committing acts of journalism
Links 20/02/2024: More GAFAM Layoffs, Assange Missing From His Trial for Heath Reasons (the UK's Own 'Navalny Treatment')
Links for the day
[Meme] But the Boss Said...
"The illegal we do immediately. The unconstitutional takes a little longer."
An EPC-Violating Patent Granting Process: Unlawful Orders, According to the Central Staff Committee of the European Patent Office (EPO)
One can hope there's another strike (work stoppage) planned
In Cuba, Windows Dips to 'Market Share' of 16.8% and GNU/Linux Keeps Growing (Now ~6% of Desktops and Laptops)
it's harder for Microsoft to push Cubans around
[Meme] Code of Conduct (CoC): Too Much Power in the Wrong Hands
Might makes right?
[Video] For Software Freedom Avoid Free Bait
do not take any of this for granted
[Video] Trouble at Mozilla Means Trouble for Firefox and for the Web
The era of the open Web is ending
[Video] Microsoft Layoffs: It's Worse Than the Media Makes It Seem
Microsoft's fraudulent accounting
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 19, 2024
IRC logs for Monday, February 19, 2024
Gemini Links 20/02/2024: Kids Cannot Write, Misfin-Server, and More
Links for the day
[Meme] Not Only XBox is Failing at Microsoft (There's a Comprehensive Cover-up)
A lot of stuff at Microsoft has been a failure
[Video] Invalid European Patents and Invalid (Kangaroo) Courts: It All Comes Together, Enriching the Already-Rich Monopolists by Systemically Flawed Design, and Moreover in Defiance of Constitutions
If the EPO makes more money by granting more European monopolies (mostly to non-Europeans), does it mean politicians should celebrate it?
GNU/Linux in Egypt: From 0.1% to 6% in 15 Years
United Kingdom is about 4.1 times smaller than Egypt
Links 19/02/2024: Microsoft Reportedly Set to Cut Even More Jobs, Air Strikes in Yemen Continue
Links for the day
Claire M. Connelly, Melissa O'Neill & Debian relationship rumors
Reprinted with permission from Daniel Pocock
Links 19/02/2024: Terrorists in Twitter and Julian Assange Verdict Imminent
Links for the day
Gemini Links 19/02/2024: NNCP, Rust, and More
Links for the day
The Cyber|Show: Inscrutable (Proprietary) Systems - British Post Office - Part 2
modern day software complexity
WIPO UDRP Decision 2022-1524 explained
Reprinted with permission from Daniel Pocock
Perjury: Axel Beckert (ETH Zurich) & Debian lying and scapegoating
In the next snippets of Debian vendetta-by-lawyer, we are going to pick out the examples of perjury
[Meme] All Quiet On The Munich Front
On patent fodder
Freeloading Patent Monopolies in Europe (Typically Granted to Non-European Corporations) While the 'EPO Mafia' is "Frontloading"
lowering quality of examination
IRC Proceedings: Sunday, February 18, 2024
IRC logs for Sunday, February 18, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Almost 1,000 Microsoft Layoffs in California This Year, According to Official Pages Tied to Worker Adjustment and Retraining Notification (WARN) Act
a look at raw data
A Year After Microsofters Told Us Google Was 'Doomed' Google Reaches Peak Usage in Africa (Growing at Bing's Expense)
Microsoft chatbots have been a colossal failure
Microsoft 'News' Sites: All Those Tech Layoffs (Microsoft #1 in Tech Layoffs Last Month) Are Due to Buzzwords We Promote
curated by Microsoft staff
Microsoft: Our Bing Thing Does "Hey Hi" Now. Asia: Meh. We'd Rather Use Russia's Yandex.
There's really not much to see here except another Microsoft failure and lots more layoffs
[Meme] EPO is Holding It Wrong
just denying a known issue
EPO as Tower of Babel (No Formality Officers)
Only sufficient staffing allows a stable work-frame structure
[Meme] Germany Efficiency at the EPO
EPO: we are exceedingly efficient at crushing staff
“Microsoft is the Establishment That Intends on Ruining the Lives of the Working Class”
"Microsoft has gotten away with so much sh*t over the years."
Links 18/02/2024: Strikes and 'Banned' Memorials
Links for the day
Gemini Links 18/02/2024: Games and Git-based Sites
Links for the day
Susan G Kleinmann, MIT Lincoln Laboratory & Debian women role model
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, February 17, 2024
IRC logs for Saturday, February 17, 2024