Announcement

**mjg59** · 27 March 2013, 04:07 PM

Originally posted by duby229 View Post

So what prevents a malware author from using an existing key? (Or having a list of known keys for that matter)

Where would the malware author get that key?

**nomadewolf** · 27 March 2013, 04:09 PM

Originally posted by mjg59 View Post

Where would the malware author get that key?

Microsoft distributes and manages all the keys.

**mjg59** · 27 March 2013, 04:11 PM

Originally posted by frign View Post

What this leads to is the thought: Why force the hardware-vendors to implement a "security"-mechanism when the actual problem is the OS it is bound to? Isn't it Microsoft which should fundamentally change the security-model of their still-based-on-NT-OS to fullfil contemporary security-demands?

If you believe that Linux is somehow immune to the types of attacks used against Windows, you're wrong. http://cve.mitre.org/cgi-bin/cvename...=CVE-2013-1848 was last month, for instance.

**mjg59** · 27 March 2013, 04:13 PM

Originally posted by nomadewolf View Post

Microsoft distributes and manages all the keys.

What does that have to do with the question?

**frign** · 27 March 2013, 04:20 PM

Originally posted by mjg59 View Post

If you believe that Linux is somehow immune to the types of attacks used against Windows, you're wrong. http://cve.mitre.org/cgi-bin/cvename...=CVE-2013-1848 was last month, for instance.

Yes, but this requires the user to run malicious code in the first place. And most common sense prevents this from happening, even if you ignored the fact that OpenSource is generally safer and faster in regards to fixing security issues.

**juanrga** · 27 March 2013, 04:20 PM

Originally posted by Sonadow View Post

(anecdotal example: in my country, more and more people are asking for touchscreen enabled notebooks even though they plan to wipe Windows 8 and replace it with Windows 7)

Therefore do they want touch-enabled devices for using with a touch-unfriendly OS?

Originally posted by Sonadow View Post

and Office 2013 will finally use the OOXML Strict specification which they pushed to be recognized as a standard some time back.

Do you mean that defective specification approved in that broken standardisation process involving the most controversial and unusual ballots ever convened, vote buying, policiy violations, Microsoft submitted misinformation, and other very unusual behaviour in standards bodies?

Standardization of Office Open XML - Wikipedia

http://en.wikipedia.org/wiki/Standardization_of_Office_Open_XML

I only can say WOW!

**nomadewolf** · 27 March 2013, 04:22 PM

Originally posted by mjg59 View Post

What does that have to do with the question?

Q: Where would the malware author get that key?
A: Microsoft distributes and manages all the keys.

Am I missing something?

**mjg59** · 27 March 2013, 04:24 PM

Originally posted by frign View Post

Yes, but this requires the user to run malicious code in the first place. And most common sense prevents this from happening, even if you ignored the fact that OpenSource is generally safer and faster in regards to fixing security issues.

We're not talking about who's better. We're talking about whether Linux is vulnerable to the kinds of attacks that Secure Boot protects against. The answer is yes, it is.

**yogi_berra** · 27 March 2013, 04:27 PM

Originally posted by frign View Post

even if you ignored the fact that OpenSource is generally safer and faster in regards to fixing security issues.

Page not found | Network World

http://www.networkworld.com/news/2013/031313-opensource-security-267636.html

**mjg59** · 27 March 2013, 04:28 PM

Originally posted by nomadewolf View Post

Q: Where would the malware author get that key?
A: Microsoft distributes and manages all the keys.

Am I missing something?

Yes. Microsoft don't distribute keys.

Announcement

Linux Group Files Complaint With EU Over SecureBoot

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment