Are you using Firefox? I've had Firefox crashes like clockwork for the last few weeks, never before. 3.0.6 was fine, 3.0.7 and 3.0.8 are crashing. This is on roughly a dozen machines, some with no addons at all.
"Waiter, this steak tastes like shit. Get your boss out here so I can tell him I refuse to pay."
Incredibly enough, the manager usually comes, and unless he thinks you're simply trying to scam a free meal, he'll usually apologize and offer to get you something else. If you decline, the demand of 'no charge' is typically accepted.
Then again, resturants are an intensely consumer-driven industry where a good or bad review makes a difference, and they know it.
UEFI won't be vulnerable in the same way because it's not structured the same way.
If you RTFA, they're actually discussing a *very* old approach, just using newer tools and procedures. They're also not talking about the guts of the virus being in the flash rom, just a glorified hook/loader. They're talking about patching into the decompression module, then watching for INT10 to be available. If it is, it's fairly late in the boot process and time to jump to work. The proof of concept as presented basically just hooks around the OS and offers system-level CPU access to a hidden file or patched binary, depending on the OS.
If they get really advanced, they could write around the BIOSes own reflashing code, and/or patch the flash rom as it's being written. As presented, it will do nothing unless the infected HDD and infected BIOS are in contact.
Back to UEFI: You could drop this payload as an app on UEFI, and you could try hacking around inside UEFI itself, but the exploit as presented is very very low tech and relies on the abysmal security of traditional firmware (checksums only). UEFI is a little bit more secure when it comes to tampering with the firmware in place.
The main reason I pooh-pooh this article is that it's repacking and re-presenting a very old exploit method as if it is new.
Also, to address your comment more directly: It's not the 'unified' or 'open' part of UEFI or OpenFirmware that makes them immune, it's that they are differently laid out and a little more secure than traditional BIOS.
Also, even though most motherboards no longer come with flash write protect jumpers, they do come with BIOS-based flash protections, which should be suitable to this task. Disable flash updating in your BIOS and the exploit can't get in. Need the exploit to bypass the protection, and the protection prevents the exploit.
TPM module wouldn't help. It doesn't do diddly until long after machine boot. Heck, if you RTFPDF, there's a TCPA init module in the sample BIOS contents they were presumably fiddling with.
Not only do you need root or physical access, you also need the victim to be using a particular type of BIOS. While you could abstract this up to a module, so that it nailed all Phoenix BIOSes, or all Award BIOSes, you'd still need semi-specific payloads for each BIOS OEM. Also, you'd need the target to be using a mainstream commercial BIOS, not UEFI, OpenFirmware, or anything similar.
UEFI will be here and widespread very soon (it's in some machines already, and more every day), and the only real power this 'new' malware has is the persistence/difficulty in removal.
(Microsoft) purchase Richard Stallman. That line made me literally LOL. I don't think there's enough material wealth in the universe to buy out Stallman's ideals, and that's both a good and bad thing (see 'idealist' and contrast 'zealot').
(Microsoft) purchase Richard Stallman. That line made me literally LOL. I don't think there's enough material wealth in the universe to buy out Stallman's ideals, and that's both a good and bad thing (see 'idealist' and contrast 'zealot').
It's very very easy to compensate for this. MS figured it out years ago. You want to give your existing customers preferential pricing on a new OS, but still gouge the new users?
UPGRADE PRICING.
Suddenly every existing OS release was an 'upgrade license', and there are two packages at retail for 10.6. 149$ gets you Snow Leopard Upgrade, which will install on any branded Mac without issue, just like existing versions have. You now have a new 499.99$ Unsupported Full Install package sitting next to it. Apple gets their money, Hackintosh users get somewhat validated, Apple still doesn't have to take their phone calls, and everyone is either happier or status quo pro ante.
I've never seen anything to confirm any video driver differences between 2K and XP. Since they're using the same drivers and the same directx, I'm skeptical.
Further, 2K can do all the compat shim tricks XP can. They're all in slayerui.dll, just the tab isn't there on.exes by default.
XP *is* a service pack of 2000. Kind of a service pack of service packs, compiling all the fixes to date and adding a few new features. There's not a lot different. Windows 7 is an SP of Vista even moreso.
If you want to argue that SPs don't introduce major changes, then XP SP2 was a different OS. That sucker brought more changes, both visible and behind the scenes, than 2000->XP did.
Dual-head is generic and a freebie on all current cards.
Under 100$ would have you looking at the Radeon HD 4670. Lots of them on Newegg for between 60-80USD. Very respectable performance, especially for the price and given the featureset.
For just a hair over 100$ you can snag a Radeon HD4830. It's just like the top end cards, just some shader units disabled and the clock speeds dropped a bit.
If you really want to show your support, however, I'd suggest pinching one or two additional pennies and grabbing one of the top end Radeon HD 4870s. They're as good as a single GPU gets in AMD-land lately, and a vast selection are available at the 200$ mark. Even the 1GB versions are available for about 20-30$ more, and those ought to remain future-proof for quite a while to come.
Problem is that the drivers you're referencing and the Carmack's comments on them date from around 2000. Lots has changed in the meantime. FWIW, the Carmack was referring to Rage128 era hardware/software, which was one unusable ball of software workarounds for hardware bugs and hardware workarounds of legacy software bugs. ATI threw it all away and started fresh roughly around the time they ditched the Rage architecture and had released drivers on the newer codebase when they released the second-gen Radeons. The hardware wasn't fully new-gen and pretty until roughly Radeon 9700.
They repeated the process on a smaller scale again roughly the time the X1K cards were released (software restart) and around the time the HD2K cards came out (completely new hardware generation).
This is all just a lot more info than you needed, but the simple answer is 'Yes, everything has changed since the paleolithic quote's time. Twice'.
The current quality of ATI/AMD's Windows drivers is debatable, but I'd be entirely comfortable saying 'they are very comparable in quality to Nvidia's current drivers'.
I didn't even think about using a GPO to force the WUAU setting on the clients. I'll consider that some more. Thanks.
Downloading the updates over my anemic 150KB/s isn't the concern really, it's sending it back out ~400 times, probably with most of that demand happening on one or two days of the month.
That only leaves the problem of my 125KB/s versus 400 students all wanting updates.
If it were a simple matter of setting up WSUS, I'd make the policy changes here before sending out the machines. It's also a matter of my budget not allowing a monster net connection.
Thanks, yeah, I'm a lazy asshole. Are you donating hardware or are you just making fun of our single lonely T1 line here at the office?
We *HAVE* a solution. It's not a good one, and it's not what I'd like, but it's what can be done with what we have.
Unfortunately, precisely because of the geographical distribution of our students (pretty much all of PA), most solutions simply will not work. The few that are left are the hackneyed mostly-standalone way we're doing it, or are less functional or vastly more expensive, or most often, *both*.
Slashdot Mirror
Perhaps it's only Infinitely Improbable?
Are you using Firefox? I've had Firefox crashes like clockwork for the last few weeks, never before. 3.0.6 was fine, 3.0.7 and 3.0.8 are crashing. This is on roughly a dozen machines, some with no addons at all.
Been there, done that.
"Waiter, this steak tastes like shit. Get your boss out here so I can tell him I refuse to pay."
Incredibly enough, the manager usually comes, and unless he thinks you're simply trying to scam a free meal, he'll usually apologize and offer to get you something else. If you decline, the demand of 'no charge' is typically accepted.
Then again, resturants are an intensely consumer-driven industry where a good or bad review makes a difference, and they know it.
Lenovo 3000 N500 - Ubuntu 8.10 - 0 issues
Lenovo 3000 N500 #2 - Gentoo 2008.1 - some issues (WTF, IT'S GENTOO)
Dell Inspiron e1505 - Ubuntu 8.10 - 0 issues
Acer Extensa 4220 - Ubuntu 8.10 - 0 issues
Acer Extensa 4620 - Ubuntu 8.10 - 0 issues
HP 6710b - Ubuntu 8.10 - 0 issues
HP 6730b - Ubuntu 8.10 - 0 issues
IBM Thinkpad X41 Tablet - Ubuntu 8.10 - Some issues, mostly related to the tablet functionality.
Did you have a point, or were you just assuming that your (or your "friend's") one experience made a trend?
Crossover called, your Steam for Linux is ready.
Also Cedega called, same message but they sounded shifty.
(Yes, I do run Steam and many games, and through Crossover. KKTHXBAI)
I, for one, welcome our new lulz-killing overlords.
You must be new here.
Fixed that for you.
UEFI won't be vulnerable in the same way because it's not structured the same way.
If you RTFA, they're actually discussing a *very* old approach, just using newer tools and procedures. They're also not talking about the guts of the virus being in the flash rom, just a glorified hook/loader. They're talking about patching into the decompression module, then watching for INT10 to be available. If it is, it's fairly late in the boot process and time to jump to work. The proof of concept as presented basically just hooks around the OS and offers system-level CPU access to a hidden file or patched binary, depending on the OS.
If they get really advanced, they could write around the BIOSes own reflashing code, and/or patch the flash rom as it's being written. As presented, it will do nothing unless the infected HDD and infected BIOS are in contact.
Back to UEFI: You could drop this payload as an app on UEFI, and you could try hacking around inside UEFI itself, but the exploit as presented is very very low tech and relies on the abysmal security of traditional firmware (checksums only). UEFI is a little bit more secure when it comes to tampering with the firmware in place.
The main reason I pooh-pooh this article is that it's repacking and re-presenting a very old exploit method as if it is new.
Also, to address your comment more directly: It's not the 'unified' or 'open' part of UEFI or OpenFirmware that makes them immune, it's that they are differently laid out and a little more secure than traditional BIOS.
Also, even though most motherboards no longer come with flash write protect jumpers, they do come with BIOS-based flash protections, which should be suitable to this task. Disable flash updating in your BIOS and the exploit can't get in. Need the exploit to bypass the protection, and the protection prevents the exploit.
TPM module wouldn't help. It doesn't do diddly until long after machine boot. Heck, if you RTFPDF, there's a TCPA init module in the sample BIOS contents they were presumably fiddling with.
Not only do you need root or physical access, you also need the victim to be using a particular type of BIOS. While you could abstract this up to a module, so that it nailed all Phoenix BIOSes, or all Award BIOSes, you'd still need semi-specific payloads for each BIOS OEM. Also, you'd need the target to be using a mainstream commercial BIOS, not UEFI, OpenFirmware, or anything similar.
UEFI will be here and widespread very soon (it's in some machines already, and more every day), and the only real power this 'new' malware has is the persistence/difficulty in removal.
Not impressed.
Am I the only one who got a shiver at that particular mental picture?
Grammar Nazis for internet memes. *Now* I have seen everything.
Actually not, that row and column are light from the get-go, rewind and rewatch. I'm also not sure, but that could be a reflection.
Got just one on mine, and when I asked about it, I was told it was history.
Perhaps the decision to keep them was limited to grandfathered cases, new enrolls don't get the option.
Actually not, they did dump that feature, and to widespread annoyance/grief.
(Microsoft) purchase Richard Stallman. That line made me literally LOL. I don't think there's enough material wealth in the universe to buy out Stallman's ideals, and that's both a good and bad thing (see 'idealist' and contrast 'zealot').
(Previously posted to wrong parent)
(Microsoft) purchase Richard Stallman. That line made me literally LOL. I don't think there's enough material wealth in the universe to buy out Stallman's ideals, and that's both a good and bad thing (see 'idealist' and contrast 'zealot').
It's very very easy to compensate for this. MS figured it out years ago. You want to give your existing customers preferential pricing on a new OS, but still gouge the new users?
UPGRADE PRICING.
Suddenly every existing OS release was an 'upgrade license', and there are two packages at retail for 10.6. 149$ gets you Snow Leopard Upgrade, which will install on any branded Mac without issue, just like existing versions have. You now have a new 499.99$ Unsupported Full Install package sitting next to it. Apple gets their money, Hackintosh users get somewhat validated, Apple still doesn't have to take their phone calls, and everyone is either happier or status quo pro ante.
I've never seen anything to confirm any video driver differences between 2K and XP. Since they're using the same drivers and the same directx, I'm skeptical.
Further, 2K can do all the compat shim tricks XP can. They're all in slayerui.dll, just the tab isn't there on .exes by default.
2K and XP are more alike than you imagine.
XP *is* a service pack of 2000. Kind of a service pack of service packs, compiling all the fixes to date and adding a few new features. There's not a lot different. Windows 7 is an SP of Vista even moreso.
If you want to argue that SPs don't introduce major changes, then XP SP2 was a different OS. That sucker brought more changes, both visible and behind the scenes, than 2000->XP did.
I didn't see it as attacking you, more attacking the quote still being in use.
I'm sorry you read it that way, it wasn't my intent.
Dual-head is generic and a freebie on all current cards.
Under 100$ would have you looking at the Radeon HD 4670. Lots of them on Newegg for between 60-80USD. Very respectable performance, especially for the price and given the featureset.
For just a hair over 100$ you can snag a Radeon HD4830. It's just like the top end cards, just some shader units disabled and the clock speeds dropped a bit.
If you really want to show your support, however, I'd suggest pinching one or two additional pennies and grabbing one of the top end Radeon HD 4870s. They're as good as a single GPU gets in AMD-land lately, and a vast selection are available at the 200$ mark. Even the 1GB versions are available for about 20-30$ more, and those ought to remain future-proof for quite a while to come.
There're plenty of options.
Problem is that the drivers you're referencing and the Carmack's comments on them date from around 2000. Lots has changed in the meantime. FWIW, the Carmack was referring to Rage128 era hardware/software, which was one unusable ball of software workarounds for hardware bugs and hardware workarounds of legacy software bugs. ATI threw it all away and started fresh roughly around the time they ditched the Rage architecture and had released drivers on the newer codebase when they released the second-gen Radeons. The hardware wasn't fully new-gen and pretty until roughly Radeon 9700.
They repeated the process on a smaller scale again roughly the time the X1K cards were released (software restart) and around the time the HD2K cards came out (completely new hardware generation).
This is all just a lot more info than you needed, but the simple answer is 'Yes, everything has changed since the paleolithic quote's time. Twice'.
The current quality of ATI/AMD's Windows drivers is debatable, but I'd be entirely comfortable saying 'they are very comparable in quality to Nvidia's current drivers'.
I didn't even think about using a GPO to force the WUAU setting on the clients. I'll consider that some more. Thanks.
Downloading the updates over my anemic 150KB/s isn't the concern really, it's sending it back out ~400 times, probably with most of that demand happening on one or two days of the month.
That only leaves the problem of my 125KB/s versus 400 students all wanting updates.
If it were a simple matter of setting up WSUS, I'd make the policy changes here before sending out the machines. It's also a matter of my budget not allowing a monster net connection.
Thanks, yeah, I'm a lazy asshole. Are you donating hardware or are you just making fun of our single lonely T1 line here at the office?
We *HAVE* a solution. It's not a good one, and it's not what I'd like, but it's what can be done with what we have.
Unfortunately, precisely because of the geographical distribution of our students (pretty much all of PA), most solutions simply will not work. The few that are left are the hackneyed mostly-standalone way we're doing it, or are less functional or vastly more expensive, or most often, *both*.