Yes. This is exactly why I advocate for the use of well vetted libraries, no/low-overhead abstractions, and the use of modern verification/validation tools.LE_746F6D617A7A69 wrote:If someone claims that his program does not have any bugs, then it only means that he didn't tested the program thoroughly
The probability that the program has a bug grows exponentially with the number of lines of code.
The probability that there's a security hole, grows exponentially with the number of bugs.
The above holds for 100% of software created by humanity so far.
This also explains why after tens of years of development of security systems still we have hundreds of CVEs each year.
I dare to claim that adding countless layers of security is the main factor responsible for countless security holes.
KISS = Keep It Simple, Stupid!
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
UEFI + SecureBoot : a bless or a disaster?
-
neuraleskimo
- Posts: 195
- Joined: 2019-03-12 23:26
Re: UEFI + SecureBoot : a bless or a disaster?
Re: UEFI + SecureBoot : a bless or a disaster?
Looked up boothole, got to the point where it said with local root access we were able to blahblahblah. Lost much interest right there, with root access local or remote, makes further discussion pointless. With that (root access) mostly game over if the person has malicious intent. Still glad people devote time/energy discovering-docing junk like this though, upstream will address it, as a desktop nixer clearly doesn't qualify as something which needs immediate attention. Naming it boothole was a perfect choice imo in this case.
Already noted think secureboot is mostly useless too. Though however many layers, whomever wishes to use, is up to each admin.
Already noted think secureboot is mostly useless too. Though however many layers, whomever wishes to use, is up to each admin.
Most powerful FREE tech-support tool on the planet * HERE. *
-
LE_746F6D617A7A69
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 68 times
Re: UEFI + SecureBoot : a bless or a disaster?
That's the whole point: most of that ''shocking vulnerabilities" discovered recently (in the past few years) require the root privileges - so the obvious and quite simple question is:Deb-fan wrote:Looked up boothole, got to the point where it said with local root access we were able to blahblahblah.
If those "security holes" are requiring the root privileges, then why they are called a "security holes"? - the admin is allowed to do just anything, including potentially insecure operations (like changing the firmware)
I think that it's all about the fame & fear -> some "hackers" with at most average skills can get attention and even get paid for pretending to be a "security experts" ...
Of course they can get paid only by the press - none of serious companies will hire them - to avoid scandals ...
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed