Uncategorized

Eclypsium presentations from Blackhat and DEF CON uploaded

Re: https://firmwaresecurity.com/2018/08/10/eclypsium-remotely-attacking-system-firmware/

https://github.com/HackingThings/Publications/blob/master/2018/DC26_UEFI_EXPLOITATION_MASSES_FINAL.pdf

https://github.com/eclypsium/Publications/blob/master/2018/BlackHat_USA_2018/BH2018_REMOTELY_ATACKING_SYSTEM_FIRMWARE_FINAL.pdf

Standard
Uncategorized

more on Intel-SA-00161

Re: https://firmwaresecurity.com/2018/08/15/intel-sa-00161-l1-terminal-fault-l1tf-speculative-execution-side-channel-attack-foreshadow/

and https://firmwaresecurity.com/2018/08/15/more-on-intel-sa-00161/ :

Update from Intel:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

 

https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html

https://careers.tenable.com/blogs/tenable-blog-548d2213-b14f-4795-a028-c85ba38381df/foreshadow-speculative-execution-attack-targets-intel-sgx

https://www.amd.com/en/corporate/security-updates

https://www.tenable.com/plugins/nessus/111703

https://www.trendmicro.com/vinfo/in/security/news/vulnerabilities-and-exploits/foreshadow-l1tf-intel-processor-vulnerabilities-what-you-need-to-know

 

Standard
Uncategorized

more on Intel-SA-00161

Re: https://firmwaresecurity.com/2018/08/15/intel-sa-00161-l1-terminal-fault-l1tf-speculative-execution-side-channel-attack-foreshadow/

https://en.wikipedia.org/wiki/Foreshadow_(security_vulnerability)
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3620.html
https://support.microsoft.com/en-us/help/4343909/windows-10-update-kb4343909
https://xenbits.xen.org/xsa/advisory-273.html
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
https://blogs.oracle.com/oraclesecurity/intel-l1tf
https://cloud.google.com/blog/products/gcp/protecting-against-the-new-l1tf-speculative-vulnerabilities
https://kb.vmware.com/s/article/55636
https://blogs.vmware.com/security/2018/08/new-vmware-security-advisory-vmsa-2018-0022-and-updated-security-advisory-vmsa-2018-0019-1.html
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03874en_us
https://blog.rapid7.com/2018/08/14/patch-tuesday-august-2018/
https://lkml.org/lkml/2018/8/14/885
https://www.suse.com/support/kb/doc/?id=7023077
https://marc.info/?l=openbsd-tech&m=153431475429367&w=2

Standard
Uncategorized

Intel-SA-00161: L1 Terminal Fault (L1TF) speculative execution side-channel attack (Foreshadow)

Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices.[…]

https://foreshadowattack.eu/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html

https://access.redhat.com/security/vulnerabilities/L1TF

https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know

https://blogs.technet.microsoft.com/virtualization/2018/08/14/hyper-v-hyperclear/

https://blogs.technet.microsoft.com/srd/2018/08/10/analysis-and-mitigation-of-l1-terminal-fault-l1tf/

https://www.us-cert.gov/ncas/current-activity/2018/08/14/Intel-Side-Channel-Vulnerability

 

Standard
Uncategorized

Linux UEFI firmware updates via LVFS at Linaro Connect

System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules

Firmware is responsible for low-level platform initialization, establishing root-of-trust, and loading the operating system (OS). Signed UEFI Capsules define an OS-agnostic process for verified firmware updates, utilizing the root-of-trust established by firmware. The open source FmpDevicePkg in TianoCore provides a simple method to update system firmware images and device firmware images using UEFI Capsules and the Firmware Management Protocol (FMP). This session describes the EFI Development Kit II (EDK II) capsule implementation, implementing FMP using FmpDevicePkg, creating Signed UEFI Capsules using open source tools, and an update workflow based on the Linux Vendor Firmware Service (fwupd.org).

https://yvr18.pathable.com/meetings/740447

http://connect.linaro.org/schedule/

https://fwupd.org/

Standard
Uncategorized

mOSL: Bash script to audit and fix macOS High Sierra (10.13.x) security settings

Settings that can be audited/ fixed:

enable automatic updates
enable gatekeeper
enable firewall
enable admin password preferences
enable terminal secure entry
disable firewall builin software
disable firewall downloaded signed
disable ipv6
disable mail remote content
disable remote apple events
disable remote login
set airdrop contacts only
set appstore update check daily
check SIP
check kext loading consent
check EFI integrity
check filevault
check firmware password set

https://github.com/0xmachos/mOSL

 

Standard