SupplyChainAttacks

By binarly-io
Add to my DEV experience Suggest topics
Source Code
SupplyChainAttacks Reviews
Suggest alternative
Edit details
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

SupplyChainAttacks Alternatives

Similar projects and alternatives to SupplyChainAttacks

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better SupplyChainAttacks alternative or higher similarity.
Suggest an alternative to SupplyChainAttacks

SupplyChainAttacks reviews and mentions

Posts with mentions or reviews of SupplyChainAttacks. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-07-19.
  • Web Environment Integrity Explainer
    2 projects | news.ycombinator.com | 19 Jul 2023
    Why should anyone trust a remove server providing a signed statement of authenticity when Intel[1], MSI[2], Lenovo[3], NVIDIA[4], Microsoft and others keep losing their keys? Even if they haven't lost their keys recently, technology companies don't have a great track record of producing foolproof hardware designs (e.g. recent case of [5]), if foolproof was ever a reasonable expectation. For starters, it's assuming technology such as ptychographic X-ray computed tomography and focused ion beam machining won't become more commonplace and commercially viable to readily break TPM attestation schemes. Or that with wider use of TPM attestation, more effort will be expended into breaking it whereas for the current state with minimal adoption, few people care.

    The issue client-side is that if a single vendor or TPM design is compromised, your threat actors have more motive, resources and ability to exploit this compromised hardware than you do. And critically, you as a user are blocked by your own choice of TPM attestation technology from discovering attacks and auditing your own system security, as you ceded control of your own systems. Instead, your systems are controlled by a few technology companies that have a proven terrible track record of fulfilling their alleged intent of keeping your systems and data secure. Why should they care if it doesn't lead to a higher profit at the end of the year.

    [1] https://github.com/binarly-io/SupplyChainAttacks/blob/main/M...

    [2] https://github.com/binarly-io/SupplyChainAttacks/blob/main/M...

    [3] https://github.com/binarly-io/SupplyChainAttacks/blob/main/L...

    [4] https://news.ycombinator.com/item?id=30565985

    [5] https://arxiv.org/abs/2304.14717

  • Money Message Ransomware Group Uploads Stolen MSI Data to Dark Web
    1 project | /r/u_Gamemasterone | 23 May 2023
    Money Message has this week claimed that MSI has refused to meet their demands - as a result, an upload of stolen data started on Thursday with files appearing on the group's own website, and spreading to the dark web soon after. Binarly, a cybersecurity firm, has since analyzed the leaked files and discovered the presence of many private code signing keys within the breached data dump. Alex Matrosov, Binarly's CEO states via Twitter: "Recently, MSI USA announced a significant data breach. The data has now been made public, revealing a vast number of private keys that could affect numerous devices. FW Image Signing Keys: 57 products (and) Intel Boot Guard BPM/KM Keys: 166 products." Binary has provided a list of affected MSI devices (gaming laptops & mobile workstations) on their GitHub page.
  • 1200 € high fps 1440p gaming build
    1 project | /r/buildapc | 22 May 2023
    lol, yes. but not their mobos... mainly laptops: https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/MsiImpactedDevices.md
  • Hackers Leak Intel BootGuard & OEM Image Signing Keys for 200+ Products and Vendors
    1 project | /r/hardware | 15 May 2023
    Binarly also posted another set of keys that were apparently leaked in the MSI breach. These aren't Boot Guard keys, but are instead orange unlock keys for Gemini Lake and Apollo Lake systems. Intel CPUs expose various sets of debug capabilities to debug production systems; there are several levels of debug access that are supported, with higher levels requiring authentication. Red unlock is the most powerful state - it lets you access much more than just architectural x86 state, including microarchitectural state [such as the decrypted microcode sequencer ROM]; it also can be used to execute undocumented instructions. It even lets you debug the Intel ME x86 core!
  • Are people overreacting towards Asus issue or it should really be avoided?
    1 project | /r/buildapc | 13 May 2023
  • are ASRock the best for AM5 right now?
    1 project | /r/buildapc | 12 May 2023
    Link: Binarly GitHub
  • Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable
    1 project | /r/tomshardware | 10 May 2023
  • Leaked and Detected In-The-Wild Intel Keys from Lenovo/LCFC/AlderLake Leak - Intel Alder Lake BIOS code leak
    1 project | /r/blueteamsec | 10 May 2023
  • Hackers Leak Private Keys for MSI Products… PRIVATE SIGNING KEYS!
    1 project | /r/GamingLaptops | 9 May 2023
  • Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security
    3 projects | news.ycombinator.com | 6 May 2023
    Or the GitHub link below

    https://github.com/binarly-io/SupplyChainAttacks/blob/main/M...

  • A note from our sponsor - InfluxDB
    www.influxdata.com | 6 May 2024
    Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Stats

Basic SupplyChainAttacks repo stats
15
227
3.3
about 2 months ago

Popular Comparisons

  1. SupplyChainAttacks VS Web-Environment-Integrity

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com