FOSSbytes: Comparing OEM Windows from Retail Windows

What is OEM Windows? How It’s Different From Retail Version Of Windows?

[…]The OEM Windows has its product key tied to a particular device. While the retail product key also works on one machine, it can be transferred to another one. Earlier, in the case of laptops, the OEM product key was written on the bottom part of the device. Nowadays, it’s embedded directly into firmware (BIOS or UEFI) of a device and used by Windows when required.[…]



Huawei: Security Advisory – Side-Channel Vulnerability Variants 3a and 4

SA No:huawei-sa-20180615-01-cpu
Initial Release Date: Jun 15, 2018
Last Release Date: Jul 17, 2018

Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown. These variants known as 3A (CVE-2018-3640)and 4 (CVE-2018-3639), local attackers may exploit these vulnerabilities to cause information leak on the affected system. (Vulnerability ID: HWPSIRT-2018-05139 and HWPSIRT-2018-05140).[…]



RWEverthing web site, HTTPS cert expired in January

RWeverything is a freeware tool, no source available. It includes a Windows kernel driver. CHIPSEC can be configured to trust and use that driver. It has been many years since I’ve trusted third-party freeware where I didn’t know the third-party author or have many other knowledgeable friends who trust them.

According to my system’s browser:

“rweverything.com uses an invalid security certificate. The certificate expired on January 8, 2018, 3:59:59 PM GMT-8. The current time is July 16, 2018, 3:58 PM.”


reminder: July24th: UEFI Forum’s first security webinar

Michael Krau, Industry Communications Working Group Chair
Eric Johnson, American Megatrends, Inc.
Tim Lewis, Insyde Software
Dick Wilkins, Phoenix Technologies
Vincent Zimmer, Intel

The panelists will outline the major challenges currently facing platform security, how the UEFI Forum and UEFI specification address these challenges and finally, how you can join us in the battle to protect firmware from outside threats. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.