@kanongil @dangoodin Dan seems to be completely mistaken about what a "bootkit" is (it is a bootloader-launched rootkit, not a UEFI firmware implant), which is somewhat concerning given he's the Senior Security Editor, and particularly concerning since the article itself is pretty clear about this and following any of the other bootkit links there would have further confirmed the correct interpretation. I would expect someone who writes coverage on deep security stuff like this to know what the EFI System Partition is and that it is not the UEFI firmware flash.
This then leads to a large number of false claims in the article, including the claim that bootkits are "undetectable and unremovable" (just like rootkits they can be hard to detect and remove, but they are by no means undetectable and unremovable).
Then there's the completely baseless speculation that the author of this was "most likely a malicious threat actor", no doubt fueled by the mistaken beliefs about what this is at all. As far as I'm concerned, this was mostly likely developed by an infosec student or intern as an exercise. Come on, it even has a credits screen with special thanks.
Personally, my take is that Dan wasn't paying attention, got caught in his mistake from the very get-go, and then was too deep into confirmation bias to realize he was writing a misinformation clickbait piece on a nothingburger proof-of-concept the whole time.
https://social.treehouse.systems/@marcan/113561106563762607
No replies.
────