Oh wow, this is not the first time for MSI either. According to the article, mal-coders could craft malicious firmware updates with the data they stole.

Although the hack took place in early April, the image-signing keys are posted online now, as apparently, MSI has not yet paid the 4 million USD ransom.

Thanks for the notice.

awwe crap and I just bought my first MSI mobo. I'm ON A ROLL!. First AMD now this!. G.skill, Seagate and Cougar cases are next, mark my words.

Why would I install anything from an any unofficial website?

Wynters eredeti hozzászólása:

Why would I install anything from an any unofficial website?

If I'm not mistaken they could hack MSI's official website and place a jacked file on there. I think that's what happened with Ccleaner?

Clever mal-coders can impersonate many legit entities, that's for sure. I've read a little more, this is having a ripple effect on various other hardware firms incl. Lenovo, Dell, even Intel.

It's very serious. MSI is radio-silent, no surprise.

And I blame MSI, no sympathy. It was hacked before but didn't learn its lesson. Save a few bucks now and blow it all later on damage-control.

Happens all the time.

emoticorpse eredeti hozzászólása:

If I'm not mistaken they could hack MSI's official website and place a jacked file on there. I think that's what happened with Ccleaner?

Well now, that cannot be good. Not good at all...

Wynters eredeti hozzászólása:

emoticorpse eredeti hozzászólása:

If I'm not mistaken they could hack MSI's official website and place a jacked file on there. I think that's what happened with Ccleaner?

Well now, that cannot be good. Not good at all...

Or since that would be too obvious, maybe leave that alone and put it on Softpedia or other reputable official download sites for people who haven't heard about this and don't necessarily get it from the official manufacturer but still a place that's reputable.

... and just think. The UK, EU and USA are all pushing to have a "key" that can unlock any computer. Just saying. Think about it.

emoticorpse eredeti hozzászólása:

awwe crap and I just bought my first MSI mobo. I'm ON A ROLL!. First AMD now this!. G.skill, Seagate and Cougar cases are next, mark my words.

Ahhh haha! (I'm... not actually teasing but just awkwardly laughing at the "luck" if it isn't apparent.)

If it makes you feel any better, it's sort of a big portion of things in the last many years that have succumbed to some level of security breach as opposed to just the ones you picked.

Hopefully you luck out on Seagate because it's happening with Western Digital right now.

nVidia was another big one in the last many years.

There's money to be made with data, and the ones you hear about certainly aren't the only ones who have been hit. Just imagine all of the ones you don't hear or know about.

Hard to tell how much the issue with the AM5 motherboard voltages will affect you long term, but you'll probably be fine (disclaimer, this is obviously not a promise you will be, just if I were in your position I wouldn't be worried because it caused damage short term to a newly released CPU, so if you haven't seen any issues yet [you did physically inspect your stuff like I suggested, right?], then you should be fine going forward if you updated your BIOS). Probably more so given how frequently you seem to change platforms.

Illusion of Progress eredeti hozzászólása:

emoticorpse eredeti hozzászólása:

awwe crap and I just bought my first MSI mobo. I'm ON A ROLL!. First AMD now this!. G.skill, Seagate and Cougar cases are next, mark my words.

Ahhh haha! (I'm... not actually teasing but just awkwardly laughing at the "luck" if it isn't apparent.)

If it makes you feel any better, it's sort of a big portion of things in the last many years that have succumbed to some level of security breach as opposed to just the ones you picked.

Hopefully you luck out on Seagate because it's happening with Western Digital right now.

nVidia was another big one in the last many years.

There's money to be made with data, and the ones you hear about certainly aren't the only ones who have been hit. Just imagine all of the ones you don't hear or know about.

Hard to tell how much the issue with the AM5 motherboard voltages will affect you long term, but you'll probably be fine (disclaimer, this is obviously not a promise you will be, just if I were in your position I wouldn't be worried because it caused damage short term to a newly released CPU, so if you haven't seen any issues yet [you did physically inspect your stuff like I suggested, right?], then you should be fine going forward if you updated your BIOS). Probably more so given how frequently you seem to change platforms.

I could tell you were being humerous. I am laughing at this at the moment. It is funny when you look at it a certain way. I am still wondering though, where will I get my drivers now.

I think they can revoke those certificates right? I'm wondering at what point will I'll be safe to trust MSI certificates or how this works after the fact. I guess I can just check checksums/hashes but what it they spoof that too? I don't think t hat's possible and I'm not sure MSI even offers md5/sha1's for their files. I'll have to check.

Just wanted to be sure. Tone doesn't always transfer through text.

Unfortunate reality of the world we live in, maybe. Digital security, like happiness, isn't something you achieve and then have in perpetuity. It's a constant back and forth.

Wynters eredeti hozzászólása:

Why would I install anything from an any unofficial website?

Exactly. Only a complete idiot would.

But I understand the feeling. As sometimes we would use trusted mirror sites that are generally faster. As often times downloading directly from MSI, ASUS, GIGABYTE, NVIDIA is often very slow many hours of the day.

But yes generally it's best to avoid 3rd party sites for anything. Not just drivers but literally anything you download

or just go full 3rd party, and don't look back, make it a personal goal to limit your real user data on the web, lots of educational schools use real user names creating logins and emails, and that in itself is a stupid move. nobody in the educational sector seems to have any education when it comes to common sense.

also why would you ever consider paying a ransom attack, that is why they happen, cause the first stupid people who got them paid, so they target more, if people where like oh well you got me, im just gonna wipe my pc and reinstall, because there is really nothing ransom ware can do to you, at that point they could get your money and still release the data so don't ever pay.

Csgo4dead eredeti hozzászólása:

also why would you ever consider paying a ransom attack, that is why they happen, cause the first stupid people who got them paid, so they target more,

Actually, some corporations have their personal emails and other highly sensitive data stolen. Ransomware can also be "extortion-ware." Some corporations will gladly pay to avoid the risk of public exposure of whatever was stolen.

In Western Digital's case, the AlPHV operators called the corporate bigwigs there "hounds," saying WD "deserved" it and if the data is leaked, the operators will demonstrate just how "bad" that corporation is.

That's just one example.

Edit: many big-time operators have kind of a twisted sense of justice. If you pay, they typically will NOT release whatever they stole. It is ransomware-as-a-service, I'm not joking. It's bad for their business model if they release the data after the payment was received. And I believe what ALPHV said about Western Digital.

There are actually brokers and mediators who act as go-betweens with ransomware operators and the affected organizations.

BlackBloodRum eredeti hozzászólása:

... and just think. The UK, EU and USA are all pushing to have a "key" that can unlock any computer. Just saying. Think about it.

None of my PCs will abide by any such law. I will abide when they give me the key to their TOP SECRET stuff.

Trust doesn't go one way, it goes both ways. Why should I trust a government of any kind that can't trust me?