OpenSSL: Another Supply Chain Vulnerability By now, you’ve likely already heard that there is a new set of vulnerabilities in OpenSSL, a popular open-source library included in most Linux distributions and many other software packages (including firmware). The flaw exists in OpenSSL version 3.0.0 through 3.0.6 and is fixed in ... Read More

One of the most common questions I’ve heard regarding the need for firmware security is “Could you provide examples of real-world attacks”? I began to research the history of attacks against firmware inside your computer and uncovered quite a list of various pieces of malware with firmware-based attack capabilities. For ... Read More

In this third (and final) post in the Firmware Security Realizations series (see Part 1 on Secure Boot and Part 2 on Intel ME) I will discuss one of the more common vulnerabilities I’ve discovered on several of my systems. In general, I’ve found missing BIOS write protections, the mechanisms ... Read More

Start Your Management Engine In the process of scanning my systems for firmware vulnerabilities, I discovered that my Intel-based machines are vulnerable to a wide range of issues related to Intel’s Management Engine (ME). As it turns out this is a fairly common problem as one of our programs that ... Read More

Firmware security has been and continues to be, a passion of mine. This is just one reason I am excited to be working here at Eclypsium. Joining a firmware security company really got me thinking even more about the security of my own devices, specifically what lies at the firmware ... Read More