Trailrunner7 writes “Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan. Researcher Brandan Wilson found the company’s data hosted on an unnamed vendor’s FTP server. Among the vendor’s internal emails, system images, high-resolution PCB images and private Excel spreadsheets was the source code for different versions of AMI firmware, code that was current as of February 2012, along with the private signing key for the Ivy Bridge firmware architecture. AMI builds the AMIBIOS BIOS firmware based on the UEFI specification for PC and server motherboards built by AMI and other manufacturers. The company started out as a motherboard maker, and also built storage controllers and remote management cards found in many Dell and HP computers. ‘The worst case is the creation of a persistent, Trojanized update that would allow remote access to the system at the lowest possible level,’ researcher Adam Caudill said. ‘Another possibility would be the creation of an update that would render the system unbootable, requiring replacement of the mainboard.'” Read more of this story at Slashdot.
Read more here:
AMI Firmware Source Code, Private Key Leaked
theodp writes “In a move that would do Bill Lumbergh (YouTube homage) proud, Microsoft has been pulling in about $25 million a year through its unusual practice of charging its vendors for occupying office space on its campus while working on Microsoft projects, according to the real estate firm that manages the program. And that’s before a planned July 1st rate increase that Microsoft informed vendors of earlier this week, which will boost the ‘chargeback’ rate for its ‘shadow workforce’ from $450 per month ($5,400 per year) for every workstation to $510 per month (or $6,120 per year). So, is there a discount if you’re moved downstairs into Storage B?” Read more of this story at Slashdot.