The Tek 0244: Hack The Planet | Tek Syndicate

Wendell and Qain discuss Internet of Things!


 Epic Pants
 Zotac Magnus EN980 - ZBOX Overview | Tiny GTX 980 PC - YouTube
 Hack Unlocks 100 Million Volkswagen Vehicles | The Daily Dot
 Smart Locks Hacked: Researchers Demonstrate Flaws in Bluetooth Locks | BGR
 Hackers Make the First-Ever Ransomware for Smart Thermostats | Motherboard
 Tattoos by Robotic Arm With Pinpoint Accuracy | Hackaday
 Microsoft Mistakenly Leaks Secure Boot Key | Threatpost | The first stop for security news
 The Economist explains: Why airlines’ computer systems crash so often | The Economist
 FCC loses court battle to let cities build their own broadband | The Verge
 The Tor Social Contract | The Tor Blog
 Major Qualcomm chip security flaws expose 900M Android users | Ars Technica
 CYBERCOM Grows Up, Chinese IP Theft, and Apple's Bug Bounty - Lawfare
 Pete Davies: The ‘Invadar’ Arcade Collection – The Arcade Blogger
 Is Nvidia Going to Announce GTX 1080 Ti? - YouTube
 For all you updating to Windows 10, this is how to remove the Xbox application that limits you to 60fps and adds an unnecessary overlay! : DotA2
 No Man's Sky
 No Man's Sky on

This is a companion discussion topic for the original entry at

Wait, so are saying that Secure Boot isn't just for signing kernels, it's also used to protect UEFI firmware?

Anyways, in my opinion, firmware on board should not be able to be modified unless the user gives his consent physically by for instance flipping a switch, the operating system should not be able to write anything to the firmware otherwise and the firmware should be signed by hardware manufacturers.

When it comes to checking the integrity of the operating system I think the user should be able to use his own key pair but that is probably not going to happen.

Wendell are you bored of No Man's Sky yet? :P

Good episode guys, I think this is the best episode that Wendell and Qain have done!

Re: Tor

Nation State actors with the ability to reliably conduct traffic timing correlation attacks have never been part of the Tor threat model. It wasn't designed to defend against that, and it's always been stated in their documentation on their website, at least since like 2006 or 2007, cause that's when I first started learning about the project.

Just look at the first sentence of section 3.1 in their design documentation.

A global passive adversary is the most commonly assumed threat when
analyzing theoretical anonymity designs. But like all practical
low-latency systems, Tor does not protect against such a strong
adversary. Instead, we assume an adversary who can observe some fraction
of network traffic; who can generate, modify, delete, or delay
traffic; who can operate onion routers of his own; and who can
compromise some fraction of the onion routers.

That's been there for as long as I can remember. So you are correct in that Tor cannot defeat the NSA, for example. But that's because it's not designed to.

I definitely agree with you @DeusQain that if everyone used Tor, it would be a lot better. So maybe Tek Syndicate should run active promotions for Tor. They would take up time you could use for paying advertisements, but it would be for the betterment of humanity if thousands more people starting using it as a result, no?


900 million phones.... Microsoft's golden key.... Volkswagen.... Airlines....
I'm feeling a little dizzy. Might be from all the head shaking.
Very good episode! Thank you.

@DeusQain, is that a Commodore 64 to your left? Just for retro or are you doing something with it?

"Security through obscurity" - Not considered a real security measure anymore.

Oh shit he is actually installing backula on it.



1 Like

Honestly, I'd probably would get a robot to provide services to a lot of things instead of a human if it runs very well and doesn't make egregious mistakes. Both sides can make mistakes but if one can make less mistakes while providing a better service or result, then I'm going with that side. Tattoos would be one of them.

So @DeusQain, how is the performance of No Man's Sky treating you if you have got the chance to play it? There are reports from many PC players that are having completely unsatisfactory results. Some are saying the port to this game is Arkham Knight levels of bad porting.

Suggestion: ¨I am not planning for future nothing¨ T-Shirt. I loved that line...

When Secure Boot was announced, you criticized it, saying that Microsoft is using it to prevent people from installing Linux.

Then, when Microsoft stopped requiring manufacturers, who want Windows certification, to implement a way to disable secure boot, you wanted a way to disable Secure Boot.

Now, that we know for sure, that anybody can disable Secure Boot, you complain, because now you suddenly want to use Secure Boot.

You say, that disabling Secure Boot can allow the creation of viruses, which survive a harddrive reformat, but you didn't say anything about that, when you were demanding a way to disable Secure Boot because of Linux.

Did you actually repeat what you just wrote in your head....

Being able to disable secure boot to keep your device open to other software (an ability that a security system should not be tampering with btw) and being able bypass secure boot when enabled using a golden key are two entirely different matters...The guys did not defend secure boot as a technique. They just expressed how much of a bad idea is to have golden keys for such systems...Whether secure boot or any other.

Secure Boot works by only allowing code, that has been digitally signed by Microsoft.

This only works, if there is a key, that Microsoft uses to sign the code, the golden key.

How exactly do you implement this without a golden key ?

Then why did they talked about this exploit being used be viruses, when you can also have the same viruses if Secure Boot is disabled, because you want to run a different operating system.

About the Xbox app on Windows 10.

You guys do realize, that the Reddit post is one year old right ? It's from Jul 26, 2015. It's from before Windows 10 was even released.

It's so old, that the problem has probably been fixed by now.

They talked about being exploited because the update manager on windows has access to the bios. That is OS specific...

Actually, it's because the UEFI allows the OS to to access it.

If Linux doesn't support it, it doesn't matter, because anybody can make a driver for Linux, which will allow it to access the UEFI and change it.

It will require root access to install the driver, but in Windows, accessing the UEFI also requires admin access.

In windows it is built in by default and machine comes pre-installed. If you want to exploit the same thing on Linux you need to also solve the issue of deploying it. Not impossible to do, of course, but definitely more difficult

You could use more distributed protocol methods that just one key would not be a single point of failure? Or allowing the user to disabled at will for bios updates instead of having a golden key...

Actually I was wrong. It turns out, that Linux does support it as well:

The Linux kernel gives access to the UEFI configuration variables

It is designed to flash BIOS/EFI/coreboot/firmware

Portability. Supports DOS, Linux, FreeBSD

On systems with UEFI 2.5+, the goal is to make it easy to update your system's BIOS via the GNOME Software program

Well that can solve the deployment issue under certain circumstance then (if you actively use these programs or the kernel update is compromised)...You would still have to move through more hoops to make it though...