(only vaguely game-related)

So I get my new PC with its MSI motherboard, and on the same day
learned that the key MSI uses to sign its drivers and firmware updates
have been leaked.*

<sigh>

It's a serious breach, but not /immediately/ of concern to MSI
customers; yes, it allows the Nefarious (tm) with access to those keys
to write drivers/firmware which look official but - so long as you
restrict yourself to downloading drivers/firmware only from MSI's
website - you probably won't be vulnerable. And, generally, you
shouldn't be downloading drivers or firmware from dodgy third-party
sites anyway.

Still, not the sort of thing I want to read on the day I get the new
PC. Couldn't the hackers have waited a week and allow me my honeymoon?





* read more here: https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thursday, May 11, 2023 at 7:16:36 AM UTC-7, Spalls Hurgenson wrote:

(only vaguely game-related)

So I get my new PC with its MSI motherboard, and on the same day
learned that the key MSI uses to sign its drivers and firmware updates
have been leaked.*

<sigh>

It's a serious breach, but not /immediately/ of concern to MSI
customers; yes, it allows the Nefarious (tm) with access to those keys
to write drivers/firmware which look official but - so long as you
restrict yourself to downloading drivers/firmware only from MSI's
website - you probably won't be vulnerable. And, generally, you
shouldn't be downloading drivers or firmware from dodgy third-party
sites anyway.

Still, not the sort of thing I want to read on the day I get the new
PC. Couldn't the hackers have waited a week and allow me my honeymoon?

Aw crap, my VC is MSI. :(

- Justisaur

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Justisaur <justisaur@gmail.com> wrote:

On Thursday, May 11, 2023 at 7:16:36???AM UTC-7, Spalls Hurgenson wrote:

(only vaguely game-related)

So I get my new PC with its MSI motherboard, and on the same day
learned that the key MSI uses to sign its drivers and firmware updates
have been leaked.*

<sigh>

It's a serious breach, but not /immediately/ of concern to MSI
customers; yes, it allows the Nefarious (tm) with access to those keys
to write drivers/firmware which look official but - so long as you
restrict yourself to downloading drivers/firmware only from MSI's
website - you probably won't be vulnerable. And, generally, you
shouldn't be downloading drivers or firmware from dodgy third-party
sites anyway.

Still, not the sort of thing I want to read on the day I get the new
PC. Couldn't the hackers have waited a week and allow me my honeymoon?

Aw crap, my VC is MSI. :(

I assume this is with modern motherboards, not very old ones like my 14
yrs. old mobo. :P
--
"Pray for us that the message of the Lord may spread rapidly and be honored, just as it was with you." --2 Thessalonians 3:1. Damn 76ers & my tired body even after Zing ~8.5 hrs. overnite + <30 mins. nap 4 a slammy Th. :O
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 12 May 2023 06:30:12 +0000, ant@zimage.comANT (Ant) wrote:

Justisaur <justisaur@gmail.com> wrote:

On Thursday, May 11, 2023 at 7:16:36???AM UTC-7, Spalls Hurgenson wrote:

(only vaguely game-related)

So I get my new PC with its MSI motherboard, and on the same day
learned that the key MSI uses to sign its drivers and firmware updates
have been leaked.*

<sigh>

It's a serious breach, but not /immediately/ of concern to MSI
customers; yes, it allows the Nefarious (tm) with access to those keys
to write drivers/firmware which look official but - so long as you
restrict yourself to downloading drivers/firmware only from MSI's
website - you probably won't be vulnerable. And, generally, you
shouldn't be downloading drivers or firmware from dodgy third-party
sites anyway.

Still, not the sort of thing I want to read on the day I get the new
PC. Couldn't the hackers have waited a week and allow me my honeymoon?

Aw crap, my VC is MSI. :(

I assume this is with modern motherboards, not very old ones like my 14
yrs. old mobo. :P

AFAIK, driver signing started in the WinXP era, so it could very well
affect your motherboard. Especially since MSI hasn't been very
proactive with key-security, so I wouldn't be surprised if they've
been using the same key to sign firmware/etc. for all that time.

Still, this whole problem isn't something most end-users really need
worry about. It won't let hackers do over-the-air hacking of your
motherboard, or forcibly download new drivers onto your computer. You
would need to download a hacked driver (or firmware) package from some third-party and install that first. Drivers directly from the MSI
website should be safe.

As I said, this isn't really worrisome... it's just annoying to have
the joy of my new PC spoiled with news like this before I can even
spill coffee into the new keyboard. ;-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 12 May 2023 16:26:06 -0600, "rms"
<rsquiresMOO@MOOflashMOO.net> wrote:

the joy of my new PC

No pics or details :(

Don't worry, I'll annoy you all with that sort of thing* once I'm done
setting it up. Right now I'm in the middle of reinstalling Windows 11, installing all mye software, copying over terabytes of data, tweaking
settings, and generally cursing the hell out of the awful Windows 11
interface.


* just like I annoyed you all with posts earlier about buying the PC
in the first place

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

the joy of my new PC

No pics or details :(

rms

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Spalls Hurgenson <spallshurgenson@gmail.com> wrote:

AFAIK, driver signing started in the WinXP era, so it could very well
affect your motherboard. Especially since MSI hasn't been very
proactive with key-security, so I wouldn't be surprised if they've
been using the same key to sign firmware/etc. for all that time.

Driver signing keys aren't the problem. If MSI signs any drivers and
their keys have leaked then they can be revoked by Microsoft. I'm not
sure what drivers MSI would be signing anyways, normally motherboard
drivers are written and signed by the chip manufactureres (Intel, AMD,
Realtek, etc..) that the drivers are for.

The problem is the firmware files, the BIOS updates, as there's no
way to revoke the keys used to sign them. This is also something
that only affects newer MSI motherboards, ones that use UEFI, as older traditional BIOSs didn't use signing keys. This let me use a slightly
modified version of the firmware on my old MSI motherboard, something
that wouldn't be possible for me do with a newer UEFI motherboard.
Unless I had an MSI one of course.

--
l/ // Ross Ridge -- The Great HTMU
[oo][oo] rridge@csclub.uwaterloo.ca
-()-/()/ http://www.csclub.uwaterloo.ca:11068/
db //

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/05/2023 15:16, Spalls Hurgenson wrote:

(only vaguely game-related)

So I get my new PC with its MSI motherboard, and on the same day
learned that the key MSI uses to sign its drivers and firmware updates
have been leaked.*

<sigh>

It's a serious breach, but not /immediately/ of concern to MSI
customers; yes, it allows the Nefarious (tm) with access to those keys
to write drivers/firmware which look official but - so long as you
restrict yourself to downloading drivers/firmware only from MSI's
website - you probably won't be vulnerable. And, generally, you
shouldn't be downloading drivers or firmware from dodgy third-party
sites anyway.

Still, not the sort of thing I want to read on the day I get the new
PC. Couldn't the hackers have waited a week and allow me my honeymoon?

As you say for the average user it probably doesn't make any difference.
The bigger concern to me is it points to their data security been sloppy
enough that a signing key was leaked and they seemingly have no plan in
place if it happens.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 11 May 2023 10:16:15 -0400, Spalls Hurgenson <spallshurgenson@gmail.com> wrote:

(only vaguely game-related)

And, anyway... I just realized I /don't/ have an MSI motherboard. I
have a (nearly identical) ASUS motherboard.

Which shouldn't come as a shock to me. I talked about getting an ASUS
board. The order (and invoice) indicated I paid for an ASUS board.
There's ASUS branding on the hardware itself. When the computer boots
up, it shows an ASUS logo. My hardware diagnostic programs all reveal
that it is manufactured by ASUS.

So why did I think it was an MSI board? Because the vendor included
the packaging for an MSI motherboard in the box with the PC and my
brain jumped to the wrong conclusion despite all the obvious
indications to the otherwise.

<sigh> Brains. Can't live with 'em, can't live without 'em.

Fortunately, the difference between the ASUS and MSI boards were so
slight that the drivers from MSI installed without issue. In fact, it
was only the MSI crapware that refused to recognize the board, which
is what (finally) made me realize that the motherboard with the big
ASUS logo on it was, in fact, made by ASUS and not MSI.

(although thank God I didn't try to update the firmware... that might
have been messy if I used the MSI update).

I sent a snarky email to the vendor over their error. As I said, it
really doesn't affect anything. I mean, I would have liked to have the
correct packaging (I'm a sucker for a good box), and now I need to
take apart the PC to find the sticker with the serial number, but
other than that, it's not a problem.

And on the plus side, I don't have to worry about MSI's fuckup.
Although I wouldn't be surprised (and am too chicken to check) if ASUS
has had a similar issue. ;-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 12 May 2023 06:30:12 +0000, in comp.sys.ibm.pc.games.action, Ant
wrote:

Justisaur <justisaur@gmail.com> wrote:

On Thursday, May 11, 2023 at 7:16:36???AM UTC-7, Spalls Hurgenson wrote:

(only vaguely game-related)

So I get my new PC with its MSI motherboard, and on the same day
learned that the key MSI uses to sign its drivers and firmware updates
have been leaked.*

<sigh>

It's a serious breach, but not /immediately/ of concern to MSI
customers; yes, it allows the Nefarious (tm) with access to those keys
to write drivers/firmware which look official but - so long as you
restrict yourself to downloading drivers/firmware only from MSI's
website - you probably won't be vulnerable. And, generally, you
shouldn't be downloading drivers or firmware from dodgy third-party
sites anyway.

Still, not the sort of thing I want to read on the day I get the new
PC. Couldn't the hackers have waited a week and allow me my honeymoon?

Aw crap, my VC is MSI. :(

I assume this is with modern motherboards, not very old ones like my 14
yrs. old mobo. :P

They're still updating drivers for a 14-year-old mobo?

I would guess the last time you even saw a BIOS was around 6 years ago.

Yeah, you'll be fine. ;^)

--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 13 May 2023 13:09:07 -0400, in comp.sys.ibm.pc.games.action,
Spalls Hurgenson wrote:

So why did I think it was an MSI board? Because the vendor included
the packaging for an MSI motherboard in the box with the PC and my
brain jumped to the wrong conclusion despite all the obvious
indications to the otherwise.

This is why there's a huge window on the side of your machine, Spalls.

--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 17 May 2023 11:51:53 -0500, Zaghadka <zaghadka@hotmail.com>
wrote:

On Sat, 13 May 2023 13:09:07 -0400, in comp.sys.ibm.pc.games.action,
Spalls Hurgenson wrote:

So why did I think it was an MSI board? Because the vendor included
the packaging for an MSI motherboard in the box with the PC and my
brain jumped to the wrong conclusion despite all the obvious
indications to the otherwise.

This is why there's a huge window on the side of your machine, Spalls.

And here I thought it was just put there to piss me off ;-)

(Although it really wouldn't have really helped in this respect; any
ASUS branding on the motherboard is completely hidden behind the AIO
cooler and the massive block that is the 4070RTX. Still, you think the
huge "ASUS" logo when the computer booted might have given me a
hint...)

Arguably, ASUS users are worse off than MSI owners, though. The loss
of keys makes hacked firmware /possible/... but that possibility was
actually realized with ASUS in 2019, when its servers were hacked to unknowingly distribute malicious updates. And if it happened to ASUS
once, who's to say it hasn't happened again?

However, as a strong believer of ignorance leading to bliss, I refuse
to research the issue any further... at least in the near future. I
deserve to be happy with my new PC for at least a little while! ;-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Zaghadka <zaghadka@hotmail.com> wrote:

On Fri, 12 May 2023 06:30:12 +0000, in comp.sys.ibm.pc.games.action, Ant wrote:

Justisaur <justisaur@gmail.com> wrote:

On Thursday, May 11, 2023 at 7:16:36???AM UTC-7, Spalls Hurgenson wrote: >> > (only vaguely game-related)

So I get my new PC with its MSI motherboard, and on the same day
learned that the key MSI uses to sign its drivers and firmware updates >> > have been leaked.*

<sigh>

It's a serious breach, but not /immediately/ of concern to MSI
customers; yes, it allows the Nefarious (tm) with access to those keys >> > to write drivers/firmware which look official but - so long as you
restrict yourself to downloading drivers/firmware only from MSI's
website - you probably won't be vulnerable. And, generally, you
shouldn't be downloading drivers or firmware from dodgy third-party
sites anyway.

Still, not the sort of thing I want to read on the day I get the new
PC. Couldn't the hackers have waited a week and allow me my honeymoon?

Aw crap, my VC is MSI. :(

I assume this is with modern motherboards, not very old ones like my 14 >yrs. old mobo. :P

They're still updating drivers for a 14-year-old mobo?

Nope.

I would guess the last time you even saw a BIOS was around 6 years ago.

Yeah, you'll be fine. ;^)

:P
--
"If anyone has material possessions and sees his brother in need but has no pity on him, how can the love of God be in him?" --1 John 3:17. Bad Tuesday with Lakers and Colony. :( Heat have better melt Celtics down!
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 17 May 2023 13:28:30 -0400, in comp.sys.ibm.pc.games.action,
Spalls Hurgenson wrote:

Arguably, ASUS users are worse off than MSI owners, though. The loss
of keys makes hacked firmware /possible/... but that possibility was
actually realized with ASUS in 2019, when its servers were hacked to >unknowingly distribute malicious updates. And if it happened to ASUS
once, who's to say it hasn't happened again?

One thing about my ASUS board, and I don't know if they still do this, is
it installs a driver update dashboard, hard install, from UEFI BIOS
direct to your Windows directory, bypassing all Windows security
features. It doesn't default to autoupdate, but you can set it. It will
nag you to update your drivers regardless.

You have to turn it off in CMOS. I imagine it's buried in different ways
for different ASUS mobos. Or maybe they stopped give the user the option.

It took me forever to figure out where the software was coming from and
why I couldn't uninstall the software nor the accompanying service. It
just kept. coming. back. It's basically a rootkit.

And this is why they should *never* do something like that. Mobo drivers
should always be installed manually and only be done when you have a
problem. Automatic driver update is generally madness, except on a
barebones OS install, or on a "feature update" where Windows APIs may
have substantially changed and need the update.

--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)