PreOS Security releases CHIPSEC quickref for SysAdmins

[Disclaimer: I work for PreOS Security.]

CHIPSEC is a suite of dozens of tests/tools/utilities, many of which are strictly for security researchers. Timed with SysAdmin Appreciation Day, PreOS Security has created a 1-page quick reference for CHIPSEC for sysadmins. The below message also mentions an upcoming short ebook for sysadmins:

Currently this quickref is only availble by filling out a form:

on the PreOS Security site, with some opt-in stuff to help the new startup.

PS: PreOS Security has joined the Twitosphere(sp), first post above. And we have a LinkedIn page. Please ‘Follow us’. Thanks!

Twitter’s firmware researcher community list

I’m new to Twitter, still don’t have an account. A while ago I started looking into the right Twitter feeds to read:

but I’ve not updated that list in a while. Luckily for me, Jacob Torrey, one of the firmware researchers on above list the helped me out by creating (and maintaining) an EXCELLENT list of Twitter feeds for firmware research:

I’ve got a lot more OEM/IHV/etc Twitter feeds since 0.3, will be working on a 0.4 release, but I can’t match Jacob’s list. Check it out!

Firmware Twitter feeds, v0.3

2015-08-14 UPDATE: see also this EXCELLENT list:

The below list is outdated, I’ll make a newer one soon…..

Firmware-related Twitter feeds, v0.3

Change from last release: added about half a dozen security researchers, with help from one of them (thanks!).

BIOS/UEFI security researchers:



Other chips:


TODO: AMD, ARM, other chip makers, OEMs, IHVs, IBVs, other UEFI Forum members…
TODO: Learn WordPress, store link resources on page not as blog entries.

Firmware-related Twitter feeds, v0.2

A week or two ago I posted an initial list of Twitter feeds:

Below is a better list. It is still not comprehensive, but a bit better than previous list.

[ Many of you probably already know about this, but I’m a Twitter newbie. I don’t have a Twitter account. I only just starting “using” Twitter, in “digest mode”: I look at these web pages once/day, or each time I’m trying to figure out the latest news in firmware. But I don’t use it interactively, and look at the links as they change, that’s too much data and requires too many interruptions… 🙂 ]

Some Intel sites:

Some BIOS/UEFI security researchers (and/or some people who otherwise discuss UEFI issues):

For coreboot, in addition to main site, note that Michael Larabel of Phoronix does an *EXCELLENT* job of tracking coreboot checkins and related news:

I don’t yet have any good Twitter feeds for AMD or ARM that cover firmware and/or security yet, perhaps in a v0.3 revision of this list, sorry. For other chips, here’s a few:

I’m sure all of you know to use Twitter better than I. But just in case, you can setup custom feeds based on hash tags, two of which I’ve found used are:

I need to add feeds for AMD, ARM, and other chip makers, and the list of existing BIOS/UEFI security researchers, and start to work on a list of OEMs/IHVs/IBVs/ISVs. I’ll try to get a 0.3 update in a month or two. I have yet to find a Twitter to NNTP gateway…

Once of these days, I’ll learn how to use WordPress and Php, and WordPress plugins and customizations, and add some web resource links, like blogrolls and Twitter feeds, and vendor press/event/news page links, and archives. Sorry the blog has such a sucky UI, this is the default theme (I’d expected a bit more).

Twitter, and Hacking Team

This blog isn’t attempting to cover ALL firmware news issues. I presume you’re reading about elsewhere, and don’t need this blog to tell you about. Especially stories that make it ‘mainstream’, like the recent Apple EFI vulnerability, or the recent Hacking Team’s use of UEFI in their malware.

In general, I go online and try to see what is new with firmware news only once a day, and miss some days. I don’t use Twitter as much as many, so I’m naturally behind-the-times of fresh news. To track UEFI issues with Twitter, here are a few URLs to start with:

For example the Hacking Team’s use of UEFI. Twitter is a good place for this kind of news:

And a few security researchers are starting to dig deeper with research about the malware, such as: