Author Topic: LogoFAIL - Do we need to worry ?  (Read 3728 times)

0 Members and 1 Guest are viewing this topic.

Offline fohat.digs

  • * Elevated Elder
  • Thread Starter
  • Posts: 6478
  • Location: 3555'N, 8353'W
  • weird funny old guy
LogoFAIL - Do we need to worry ?
« on: Thu, 07 December 2023, 11:56:28 »
I was surprised that Linux was equally vulnerable.

What is the best protection from it?
Now we see why the media hates Biden, he's old and boring and talks policy.
They want to hear about Hannibal Lector eating people, cancer windmills, electric sharks and ****.
    Alex Cole    July 11, 2024

Offline TomahawkLabs

  • Posts: 115
Re: LogoFAIL - Do we need to worry ?
« Reply #1 on: Thu, 07 December 2023, 12:32:03 »
From what I was reading the only thing to protect yourself is to wait for your specific Mobo manufacture to publish a BIOS update.
Always looking for Alps SKCM/SKCL switches. Feel free to DM.
AMD 5600x | RTX3080 | 2x 1TB NVME + 4x 4TB HDD | B550M Pro-P | 32GB RAM | RM850x | Node 804 | Schiit Modius/Magnius + Audeze LCD-2 | Dell S3422DWG
GMMK 1 Full Size Barebones | Zealio 67g ; Apple M3501 handwired | Alps SKCM Damped Cream
SA: Camping

Offline Leslieann

  • * Elevated Elder
  • Posts: 4519
Re: LogoFAIL - Do we need to worry ?
« Reply #2 on: Thu, 07 December 2023, 15:21:46 »
Lenovo can disable EFI/bios updates on at least some laptops, Dell does it automatically.

But I question the ease in infection on this.
You're likely to notice an image change in startup which means extracting the image, infecting it then replacing it. Infecting an image isn't that easy, much less doing it through multiple OS, OS versions, plus the payload of the image extractor and upload and then you have the code itself you want to run. Some reports was this could be done remotely, ehhh... That's quite a large amount of data  to move and you're going to be limited on space in the bios/EFI. Not saying it can't be done or it's even difficult, just not as easy to do in the wild through online means.

This would be more easily pulled off through an email attachment than a drive-by like some sites were reporting and so long as you're somewhat vigilant and have either an good alternate A/V program (I.E. NOT Defender*) or run Linux or Mac, you're probably pretty safe.

You shouldn't need to wait for mobo manufacturers, all the OS and computer and motherboard manufacturers who allow you to change that image know how to change the image which means they should know how to block changing the image as well. All you have to do is block/password protect/limit the command that allows you to change the file. The real problem now becomes who's ultimately going to do that work, OEMS can claim MS and linux devs, MS and linux devs can blame OEMs and nothing gets done ("not my job"). Happens all the time, you see it all the time in adware/spyware/malware.

*Defender itself isn't bad, the problem is, all your eggs are in one basket controlled by one company, and worse that same basket is the same basket as everyone else making it a very large target.
Novelkeys NK65AE w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| PF65 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)
Definitive Omron Guide. | 3d printed Keyboard FAQ/Discussion

Offline tp4tissue

  • * Destiny Supporter
  • Posts: 13571
  • Location: Official Geekhack Public Defender..
  • OmniExpert of: Rice, Top-Ramen, Ergodox, n Females
Re: LogoFAIL - Do we need to worry ?
« Reply #3 on: Thu, 07 December 2023, 20:18:55 »
What if you download and play pirated g4m3z ? :-X

Offline Leslieann

  • * Elevated Elder
  • Posts: 4519
Re: LogoFAIL - Do we need to worry ?
« Reply #4 on: Fri, 08 December 2023, 07:00:12 »
What if you download and play pirated g4m3z ? :-X
Then you're either already infected by other (probably worse) stuff or you already know how to protect yourself.
Novelkeys NK65AE w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| PF65 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)
Definitive Omron Guide. | 3d printed Keyboard FAQ/Discussion