- Joined
- Aug 20, 2007
- Messages
- 21,400 (3.41/day)
System Name | Pioneer |
---|---|
Processor | Ryzen R9 9950X |
Motherboard | GIGABYTE Aorus Elite X670 AX |
Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
Display(s) | 55" LG 55" B9 OLED 4K Display |
Case | Thermaltake Core X31 |
Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
Power Supply | FSP Hydro Ti Pro 850W |
Mouse | Logitech G305 Lightspeed Wireless |
Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
Why does the majority of exploits always require local access?
Because most code doesn't feature a netstack.
Because the way they work requires direct access to the hardware. Remote attacks are either extremely difficult or impossible.
It's nothing to do with that, really. It's more that nvidia is not stupid and has not given their core driver network access.
Linus said "fuck 'em" and AMD didn't bother fixing "if someone can put shit onto your BIOS, it means someone can put shit on your computer", as terribly vulnerably vulnerable it is, I think.
It was a code signature verification exploit that actually did get patched in later AGESA.
The whole idea behind trusted execution is that someone CAN write to your bios and get nowhere, really. The sigcheck fails (or should).
Then they can use this exploit to execute code locally.
Without admin rights, they can get admin rights.
That's the concern here.