Uncategorized

MonitorDarkly: Dell monitor on-screen-display exploit

“This repo contains the exploit for the Dell 2410U monitor. It contains utilities for communicating with and executing code on the device. The research presented here was done in order to highlight the lack of security in “modern” on-screen-display controllers. Please check out our Recon 0xA presentation (included) for a detailed description of our research findings and process.[…]”

https://github.com/redballoonshenanigans/monitordarkly

Standard
Uncategorized

List of UEFI vendors who care about security

Which UEFI vendors care — or at least may care — about security? The list (alphabetically) is shorter than you might expect:

AMD
AMI
Apple
Dell
Hewlett Packard Enterprises
HP Inc.
Insyde Software
Intel Corp.
Lenovo
Microsoft
Phoenix Technologies

Nobody else. If your vendor is not listed above, ask them why you should purchase a UEFI-based system from them.

The above list is from the list of vendors who have feedback mechanisms listed on the UEFI Forum’s security contact page.

http://uefi.org/security

Standard
Uncategorized

William Leara reviews UEFI Tool

William Leara, a firmware engineer at Dell, has a new blog post on Nikolaj Schlej’s UEFI Tool. He shows how to use it, starting with using Intel’s Flash Programing Tool (FPT) to acquire a BIOS image. Lots of screenshots of the various menu UI components of this GUI tool.

“It is extremely useful for interrogating and manipulating the components of a UEFI BIOS image.  Download it and give it a test drive today!”

Full post:
http://www.basicinputoutput.com/2016/02/uefitool.html

Standard
Uncategorized

Dell info on Linux firmware updates

Regarding the new firmware update service available for Linux OEMs:

https://firmwaresecurity.com/tag/fwupd/

There is a new article from Dell on this topic:

(Published on behalf of Mario Limonciello, OS Architect of Dell Client Solutions Group’s Linux Engineering team.)

I’m happy to announce that starting with the Dell Edge Gateway 5000 we will be introducing support to natively flash UEFI firmware under Linux.  To achieve this we’re supporting the standards based UEFI capsule functionality from UEFI version 2.5.  Furthermore, the entire tool chain used to do this is open source. Red Hat has developed the tools that enable this functionality: fwupd, fwupdate, & ESRT support in the Linux kernel.  For the past year we have been working closely with Red Hat, Intel, & Canonical to jointly fix hundreds of issues related to the architecture, tools, process, and metadata on real hardware.  Dell will be publishing BIOS updates to the Red Hat created Linux Vendor Firmware Service (LVFS).  Red Hat provides LVFS as a central OS agnostic repository for OEMs to distribute firmware to all Linux customers. […]

http://en.community.dell.com/techcenter/b/techcenter/archive/2016/02/02/dell-firmware-updating-under-linux

Dell — along with Red Hat, apparently — are setting a great example, I hope other OEMs do as well with Linux. 🙂 It makes me think Dell is working to deal with this recent comment of William (of Dell):

Standard
Uncategorized

VMware

Business changes at EMC, impacting VMWare, multiple news sites with stories on it.

 

VMware Takes Restructuring Charge, Changes CFOs

http://www.wsj.com/articles/vmware-names-new-cfo-will-cut-800-jobs-1453847929

http://www.theregister.co.uk/2016/01/27/vmware_fusion_and_workstation_development_team_fired/

http://www.computerworld.com/article/3026842/virtualization/vmware-cuts-800-jobs-as-it-transitions-from-older-blockbuster-compute-products.html

 

Standard
Uncategorized

interview with AMI founder, Subramonian Shankar

http://www.basicinputoutput.com/2016/01/must-see-tvs-shankar.html

As reported by William Leara, a BIOS engineer at Dell, the “This Week In Tech” (TWIT episode 226) podcast did an inteview with Mr. Subramonian Shankar, founder of AMI in November. Excerpting from William’s blog post:

The interview discusses everything from how Shankar started AMI, to what he’s up to today, with lots of colorful anecdotes along the way.  I especially appreciated all the old Michael Dell stories, among other great stories.  It turns out Dell Inc. and AMI were allies from their infancy and helped each other grow to be the large, successful companies they are today.  It was also interesting to hear about the new Android products AMI is working on, especially AMIDuOS—and it’s only $10!

https://twit.tv/shows/triangulation/episodes/226?autostart=false

Standard