Conversation
@AAKL @arstechnica @dangoodin
This is how you market your infosec company :-)
Not disregarding the vulnerability but you would need:
1. Access to local network.
2. PXE enabled in BIOS (I mean UEFI).
Practical exploiting scenarios are very limited so not loosing my sleep at night for this :-) I neither do not believe that TianoCore developrs are "scrambling" because of this...
This is how you market your infosec company :-)
Not disregarding the vulnerability but you would need:
1. Access to local network.
2. PXE enabled in BIOS (I mean UEFI).
Practical exploiting scenarios are very limited so not loosing my sleep at night for this :-) I neither do not believe that TianoCore developrs are "scrambling" because of this...
2
0
0
@AAKL @arstechnica @dangoodin To add, most of then I've seen PXE in practical use has been a lab space in hardware company in a network that is already closed from rest of the company network. This is not to say that would not be other uses for this too but yeah...
1
0
0
@AAKL @arstechnica @dangoodin E.g. consider common ways to do remote attack such as taking advantage of memory error and/or finding RoP (return-oriented programming) chain to implement an exploit. Those happen all the time and nobody gives a dime. If you find such issues in JavaScript or browser engine you can make them "drive-by-shooting" by injecting them e.g. to an ad banner. That sort of stuff actually worries me not stuff that happens in R&D lab :-)
0
0
0
Dan Goodin
dangoodin@infosec.exchangeThose requirements are prominently noted by both the researchers and the post I wrote. I mean they're way, way high in both. I don't see how marketing plays into this at all.
People always point out the limitations of a vulnerability and then, x years later once it becomes viable to overcome those limitations and exploit it in real-world attacks, they pretend they never made such statements.
1
0
1
Jarkko Sakkinen
jarkko
@dangoodin @arstechnica @AAKL I'm happy to admit that I was wrong. Here it is not just about limitations tho of applicability. Besides the highly access controlled R&D labs I could imagine educational institutes using PXE for perhaps computer classes.
Even in Universities, the research groups that work with private sector usually the valuable R&D work is protected with planned security policies and access control. Probably a network that could be hacked with PXE vuln would be broken to start with and there would be multiple exploitation techniques in the toolbox.
In the end even for black hatters robbery is business and you tend to prefer tools and techniques which are hard to detect and easy to turn into profit in high volumes.
Even in Universities, the research groups that work with private sector usually the valuable R&D work is protected with planned security policies and access control. Probably a network that could be hacked with PXE vuln would be broken to start with and there would be multiple exploitation techniques in the toolbox.
In the end even for black hatters robbery is business and you tend to prefer tools and techniques which are hard to detect and easy to turn into profit in high volumes.
0
1
1