Uncategorized

Intel seeks senior security researcher

Job ID: JR0037962
Senior Security Researcher

The Platform Engineering Group (PEG) is responsible for the design, development, and production of system-on-a-chip (SoC) products that go into Intel’s next generation client and mobile platforms. PEG strives to lead the industry moving forward through product innovation and world class engineering. Intel Security Center of Excellence’s goal is to be a prominent leader in the industry to assure security in computing platforms by conducting advanced security research. If you are a seasoned threat, vulnerability and exploit research expert who craves for tons of fun and pride in raising the security bar for ubiquitous computing systems, we would like you to join us as a proud member of Intel’s Advanced Security Research Team. Through your deep vulnerability analysis and mitigation development expertise, you will influence the security of a variety of Hardware, Firmware, Software & Systems spanning a range of products including Devices, Cloud, Auto, IOT, AI, VR, Drones, and Networks. Responsibilities include the following: Own emerging threat analysis, gain insights & know-how of evolving attack techniques, predict and extrapolate attack trends ahead of its occurrence, develop robust counter measures and mitigation. This role requires maintaining substantial knowledge of state-of-the-art security principles, theories, attacks etc. and contribute those insights to internal and external stakeholders. Participation in development or intellectual property is also a responsibility.

* Applicants should possess at least 10 years of experience in the field of system security research and excel in exploring software and hardware techniques as a method of attack against targets within the computing systems.
* Ability to span security expertise over HW, SW and Firmware domains. Passion for the latest gadgets and building security into these gadgets.
* Knowledge of computer architecture CPU, SoC, chipsets, BIOS, Firmware, Drivers, and others

 

 

http://jobs.intel.com/ShowJob/Id/1352711/Senior%20Security%20Researcher

 

Standard
Uncategorized

CLKSCREW: breaking TEEs with energy mgmt

CLKSCREW: Exposing the perils of security-oblivious energy management

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang

0x0atang.github.io/files/usenix17_clkscrew_preprint.pdf

https://hacks.hyperspacer.com/app/items/15303894

Standard
Uncategorized

Microsoft seeks senior embedded Linux firmware engineer

The Cloud Server Infrastructure Firmware Development (CSI-FW) team is responsible for server hardware definition, design and development of Server and Rack Infrastructure engineering for Microsoft’s online services.
This role will be for a highly-motivated Firmware Engineer with a solid background in embedded system design using embedded Linux.
* 5+ years professional experience in one or many of: designing, developing embedded solutions using ARM SoCs and Linux, extensive u-boot customization, Linux kernel internals and adding new hardware drivers.
* 2+ years proven and demonstrable programming skill in C/C++ for resource constrained embedded platforms.
* Experience with debugging tools such as JTAG, oscilloscopes and bus analyzers.

https://careers.microsoft.com/jobdetails.aspx?jid=321602&job_id=1070761

https://azure.microsoft.com/en-us/blog/ecosystem-momentum-positions-microsoft-s-project-olympus-as-de-facto-open-compute-standard/

Standard
Uncategorized

Apple macOS automatic EFI checks

High Sierra automatically checks EFI firmware each week

Upgrading to High Sierra brings a new and significant security feature: your Mac will automatically check its EFI firmware. In a series of tweets, Xeno Kovah, one of the three engineers responsible for the new tool, has outlined how this works.[…]

High Sierra automatically checks EFI firmware each week

AFAICT, the article references Tweets from earlier today that appear to have subsequently been deleted from Twitter.

Standard
Uncategorized

Intel Platform Armoring and Resiliency team seeks BIOS intern

Interesting: Intel SSG has a “Platform Armoring and Resiliency (PAR)” team! Wish I had more details on what they do (besides inferring from job postings). If you’re on the PAR team and you have a home page or more public info, please leave a Comment.

Security BIOS Engineering Intern Hillsboro, OR
Job ID: JR0034895
Job Category: Intern/Student

Intel Corporation’s Software and Services Group (SSG) is looking for an intern to work in the area of platform firmware resiliency. The Platform Armoring and Resiliency PAR team within SSG is responsible for creating a secure firmware capability within Intel and the ecosystem to proactively ensure the standard boot and recovery infrastructure of IA platforms is both usable and secure[…]

* Utilizing fuzzing and symbolic execution tools to explore target binaries
* Prototyping new functionality in UEFI/BIOS
* Developing/supporting software tools in C and Python
* Gathering and analyzing execution traces to identify patterns of interest
* Utilizing QEMU or virtualization environments to analyze target binaries

Preferred:
* 3 months experience with Intel Model-Specific Registers (MSRs) or Configuration Space Registers (CSRs)
* 3 months experience with developing kernel modules or kernel code

http://jobs.intel.com/ShowJob/Id/1352713/Security%20BIOS%20Engineering%20Intern

A bit less interesting: Intel HR webmaster posts URLs with spaces in them. 😦

Standard
Uncategorized

Intel MeshCentral2 updated with Load Balancer & Peering Support

Intel has released an updated version of MeshCentral2, an Intel AMT-based management tool for Windows. New version has “server peering” support, which I confess I don’t yet understand what that means, but sounds signficant, something to learn about…

[…]MeshCentral2 is a free open source web-based remote computer management solution allowing administrators to setup new servers in minutes and start remotely controlling computers using both software agent and Intel® AMT. The server works both in a LAN environment and over the Internet in a WAN setup. Now, I just released a new version with support for server-to-server peering allowing for improved fail-over robustness and scaling. Some technical details:

* Servers connect to each-other using secure web sockets on port 443. This is just like browsers and Mesh agents, so you can setup a fully working peered server installation with only port 443 being open.
* Server peering and mesh agent connections use a secondary authentication certificate allowing the server HTTPS public certificate (presented to browser) to be changed. This allows MeshCentral2 peer servers to be setup with different HTTPS certificates. As a result, MeshCentral2 can be setup in a multi-geo configuration.
* All of the peering is real-time. As servers peer together and devices connect to the servers, users see a real-time view on the web page of what devices are available for management. No page refresh required.
* MeshCentral2 supports TLS-offload hardware for all connections including Intel® AMT CIRA even when peering. So, MeshCentral2 servers can benefit from the added scaling of TLS offload accelerators.
* Fully support server peering for Browsers, Mesh Agents and Intel® AMT connections.
* The server peering system does not use the database at all to exchange state data. This boosts the efficiency of the servers because the database is only used for long term data storage, not real time state.
* There is no limit to how many servers you can peer, however I currently only tested a two server configuration.

https://software.intel.com/en-us/blogs/2017/09/21/meshcentral2-load-balancer-peering-support

http://www.meshcommander.com/meshcentral2

https://software.intel.com/sites/default/files/managed/ce/37/MeshCentral2-DualServer.png

 

Standard