submitted 15 hours ago* (last edited 14 hours ago) by lwCET to c/communityspotlight

Hello World,

This week's Community Spotlights are:

LW Community: Forgotten Weapons ([email protected]) - A community dedicated to discussion around historical arms, mechanically unique arms, and Ian McCollum’s Forgotten Weapons content.
Mod(s): @[email protected]

Fediverse Community: Aneurysm Posting ([email protected]) - For shitposting by people who can smell burnt toast.
Mod(s): @[email protected]

How to submit a community you would like to see spotlighted

Comment on any Weekly Spotlight post or suggest a community on our Discord server in the community-spotlight channel. You can also send a message to the Community Team with your suggestions.

submitted 52 minutes ago by return2ozma to c/news
submitted 35 minutes ago by L4s to c/technology

Tesla Whistleblower Says 'Autopilot' System Is Not Safe Enough To Be Used On Public Roads::"It affects all of us because we are essentially experiments in public roads."

submitted 1 hour ago by [email protected] to c/[email protected]
rule (lemmy.blahaj.zone)
submitted 12 minutes ago by [email protected] to c/[email protected]
submitted 1 hour ago by [email protected] to c/technology

Just seems like everything is "this company did this to their employees" and less about "this novel messaging protocol offers these measured pros and cons." Or similar

And yes, I could post things, but I'm referring to what hits the top, 12h.

Can anyone rec communities with less of a biz and politics and wfh vs in-office vibe?

submitted 1 hour ago by [email protected] to c/news

The six Republicans are accused of falsifying records and each face two felony charges.

Nestle (lemmy.world)
submitted 1 hour ago by TokenBoomer to c/politicalmemes
submitted 1 hour ago by [email protected] to c/news

The Medical University of South Carolina initially said it wouldn’t be affected by a law banning use of state funds for treatment “furthering the gender transition” of children under 16. Months later, it cut off that care to all trans minors.

submitted 23 minutes ago by [email protected] to c/world

A widespread criticism of the Trump administration’s foreign policy is that it wrecked—or at least severely undermined—the United States’ power and standing in the world, particularly by alienating long-standing allies and partners. Besides his public disdain for NATO, then-U.S. President Donald Trump questioned aloud why the United States maintained a security alliance with Japan, pressed South Korea to pay five-fold more to house U.S. troops, and approved of then-Philippine President Rodrigo Duterte’s plan to terminate a visiting forces agreement with the U.S. military.

submitted 1 hour ago by [email protected] to c/news
submitted 1 hour ago by [email protected] to c/world
submitted 13 minutes ago by [email protected] to c/[email protected]
submitted 45 minutes ago by HLMenckenFan to c/politics
submitted 15 minutes ago by [email protected] to c/[email protected]

There is a discussion on Hacker News, but feel free to comment here as well.

submitted 8 minutes ago by PeleSpirit to c/publicfreakout
submitted 8 minutes ago by [email protected] to c/technology

Firmware security company Binarly on Wednesday disclosed the details of an attack method that can be used to compromise many consumer and enterprise devices by leveraging malicious UEFI logo images.

The attack method, dubbed LogoFAIL, exploits vulnerabilities in the image parsers used by the UEFI firmware to display logos during the boot process or in the BIOS setup. Getting the affected parsers to process a specially crafted image can enable the attacker to hijack the execution flow and run arbitrary code.

Hackers can use the LogoFAIL attack to compromise the entire system and bypass security measures such as Secure Boot.

“These vulnerabilities can compromise the entire system’s security, rendering ‘below-the-OS’ security measures like any shade of Secure Boot ineffective, including Intel Boot Guard. This level of compromise means attackers can gain deep control over the affected systems,” Binarly explained.

Binarly’s analysis showed that UEFI vendors use various types of parsers for BMP, PNG, JPEG, GIF and other types of images. The security firm’s research targeted firmware from Insyde, AMI and Phoenix and led to the discovery of two dozen vulnerabilities, more than half of which have been assigned a ‘high severity’ rating.

The impacted firmware is shipped with hundreds of consumer and enterprise computer models — including x86 and ARM-based devices — made by companies such as Acer, Dell, Framework, Fujitsu, Gigabyte, HP, Intel, Lenovo, MSI, Samsung, and Supermicro. This means millions of devices worldwide could be exposed to attacks.

A LogoFAIL attack can be launched by abusing the firmware update procedure to replace the legitimate logo with a malicious version. Attacks through physical access may also be possible, using an SPI flash programmer, assuming that the logo is not protected by hardware verified boot technologies.

Some vendors — this includes Intel, Acer and Lenovo — offer features that enable users to customize the logos displayed during boot, which can make it possible to launch LogoFAIL attacks from the OS, without the need for physical access to the device.

It’s important to note that while image parser vulnerabilities have been found in devices from all of the aforementioned vendors, they cannot always be exploited. In Dell’s case, for instance, the logo is protected by Intel Boot Guard, which prevents its replacement even if the attacker has physical access to the targeted system. In addition, Dell does not offer any logo customization features.

Details of the attack were presented by Binarly at the Black Hat Europe conference on Wednesday, and the company has published a technical blog post describing its findings.

The security firm has published a video showing a proof-of-concept (PoC) LogoFAIL exploit in action, demonstrating how an attacker who has admin permissions on the operating system can escalate privileges to the firmware level.

The vulnerabilities were reported to impacted vendors through CERT/CC several months ago, but it can take a lot of time for patches for these types of security holes to reach end devices, even if vendors create the fixes.

submitted 57 minutes ago by [email protected] to c/[email protected]
submitted 1 hour ago by [email protected] to c/news

Apple and Google had been told to keep the practice secret until Sen. Ron Wyden revealed it in a letter Wednesday.

submitted 26 minutes ago by [email protected] to c/[email protected]
submitted 59 minutes ago by [email protected] to c/[email protected]
submitted 1 hour ago by rockSlayer to c/leftism
submitted 1 hour ago by LemmyKnowsBest to c/showerthoughts
submitted 28 minutes ago by [email protected] to c/[email protected]
submitted 15 minutes ago by [email protected] to c/[email protected]
view more: next ›


144,083 readers
2,411 users here now

The World's Internet Frontpage Lemmy.World is a general-purpose Lemmy instance of various topics, for the entire world to use.

Be polite and follow the rules (https://legal.lemmy.world/fair-use/).

Get started

See the Getting Started Guide

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the mastodon.world donation URLs:

LW Legal & Help Center


Join the team 😎

Check out our team page to join

Questions / Issues

More Lemmy.World

Mastodon Follow



Alternative UIs

Monitoring / Stats 🌐

Open Collective backers and sponsors

founded 6 months ago