Submission + - Ask Slashdot: Is Deliberately Misleading People On The Internet Free Speech? 6

dryriver writes: Before anyone cries "free speech must always be free", let me qualify the question. Under a myriad of different internet sites and blogs are these click-through adverts that promise quick "miracle cures" for everything from toenail fungus to hair loss to tinnitus to age-related skin wrinkles to cancer. A lot of the ads begin with copy that reads "This one weird trick cures ......" Most of the "cures" on offer are complete and utter crap designed to lift a few dollars from the credit cards of hundreds of thousands of gullible internet users. The IQ boosting pills that supposedly give you "amazing mental focus after just 2 weeks" don't work at all. Neither do any of the anti-ageing or anti-wrinkle creams, regardless of which "miracle berry" extract they put in them this year. And if you try to cure your cancer with an Internet remedy rather than seeing a doctor, you may actually wind up dead. So the question — is peddling this stuff online really "free speech"? You are promising something grandiose in exchange for hard cash that you know doesn't deliver any benefits at all.

Submission + - Some Motherboards Plagued by BIOS Firmware Implementation Flaws (bleepingcomputer.com)

An anonymous reader writes: Alex Matrosov, a security researcher for Cylance, has discovered several flaws in how some motherboard vendors implemented Intel UEFI BIOS firmware into their products. These flaws allow an attacker to bypass BIOS firmware protections, such as Intel Boot Guard and Intel BIOS Guard, to disable and alter UEFI BIOS firmware, such as placing a rootkit.

In total, Matrosov found six vulnerabilities in four motherboards he tested: ASUS Vivo Mini (CVE-2017-11315), Lenovo ThinkCentre systems (CVE-2017-3753), MSI Cubi2 CVE-2017-11312 and CVE-2017-11316), and Gigabyte BRIX series (CVE-2017-11313 and CVE-2017-11314). The motherboards Matrosov tested were based on AMI Aptio UEFI BIOS, a popular UEFI BIOS firmware package, also used by other motherboard OEMs such as MSI, Asus, Acer, Dell, HP, and ASRock.

"Some vendors don’t enable the protections offered by modern hardware, such as the simple protection bits for SMM and SPI flash memory (BLE, BWE, PRx), which Intel introduced years ago," Matrosov explained the problem. "This makes them easy targets for attackers since they have no active memory protections at the hardware level."

Slashdot Top Deals