Intel Security Releases Detection Tool For EFI Rootkits After CIA Leak

After WikiLeaks revealed data exposing information about the CIA's arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a "Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant." The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.

Re:Conundrum

[JonWan]

Wait.... he has a low ID?

Yes! Front Row!

Re:Conundrum

[Junta]

My chance to shine has been ruined.

Re:Conundrum

[timelorde]

I've played this game before. I always lose.

Re:So how do I install it?

Dear Enrique:

I represent The Trump Organization ("PowerJELQ") in connection with its intellectual property rights. Your use of PowerJELQ is a violation of The Trump Organization's common law trademark rights, common law service mark rights, and trade name rights, and this letter constitutes The Trump Organization's demand that you cease and desist any and all use of this mark.

The Trump Organization is a family owned business offering JELQING/PENIS ENLARGEMENT EXERCISE services to consumers in the United States and throughout the world. The Trump Organization has continually used "PowerJELQ" (the "Mark") ever since the technique was invented by Donald Trump to increase his penis length from 1/4" (ONE QUARTER OF ONE INCH) to 3/4" (THREE QUARTERS OF ONE INCH).

Since its incorporation, The Trump Organization has continually used the Mark in advertising campaigns and in the community, including through its website at StormFront.org. In addition, The Trump Organization has been actively involved in the community in its efforts to further promote its brand including its sponsorship of various events. As a result of these efforts, The Trump Organization's customers, and the general public, have come to recognize The Trump Organization as an established and successful JELQING/PENIS ENLARGEMENT EXERCISE business.

Recently, The Trump Organization became aware of your use of the PowerJELQ mark. In the United States, common law trademark infringement occurs when a party utilizes a trade or service mark that creates a likelihood of consumer confusion. As you are undoubtedly aware, your mark is exactly the same as The Trump Organization's Marks. Because of your use of this mark, The Trump Organization has already witnessed actual confusion in the market.

Please be advised that you can avoid legal action by immediately ceasing and desisting from any and all infringing activity including use of the PowerJELQ mark. You must cease and desist all promotion and/or marketing of JELQING/PENIS ENLARGEMENT EXERCISES.

If you or your attorney have any questions, please feel free to contact me.

Sincerely,

Jeff Sessions

Re:Conundrum

[msk]

Indeed.