Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Kenn White (kennwhite@mastodon.social)'s status on Friday, 26-Jul-2024 22:24:50 JST Kenn White
- Dan Goodin
Protip: When choosing a root-of-trust encryption key for a hardware secure enclave, maybe don't use the vendor's asymmetric key literally labeled "CN=DO NOT TRUST - Test PK". New scoop by @dangoodin: Secure Boot is Completely Broken on 200+ Models from 5 Big Device Makers
https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
In conversation about 4 months ago from mastodon.social permalink
Attachments
1. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
  
  Secure Boot is completely broken on 200+ models from 5 big device makers
  
  Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.
- clacke likes this.
- Embed this notice
  Kenn White (kennwhite@mastodon.social)'s status on Friday, 26-Jul-2024 22:25:01 JST Kenn White
  in reply to
  
  Great quote: “Imagine all the people in an apartment building have the same front door lock and key. If anyone loses the key, it could be a problem for the entire building. But what if things are even worse and other buildings have the same lock and the keys?”
  
  In conversation about 4 months ago permalink
  
  clacke likes this.

Feeds