Author: hucktech

Alpine Linux Persistence and Storage Summit

~ hucktech ~ Leave a comment

Christoph Hellwig announced this event on the Linux-NVME mailing list.

We proudly announce the Alpine Linux Persistence and Storage Summit (ALPSS), which will be held from September 27-29 at the Lizumerhuette in Austria. The goal of this conference is to discuss the hot topics in Linux storage and file systems, such as persistent memory, NVMe, multi-pathing, raw or open channel flash and I/O scheduling in a cool and relaxed setting with spectacular views in the Austrian alps. We plan to have a small selection of short and to the point talks, and lots of room for discussion in small groups, as well as ample downtime to enjoy the surrounding. Attendance is free except for the accommodation and food at the lodge, but the number of seats is strictly limited. […] Note: The Lizumerhuette is an Alpine Society lodge in a high alpine environment. A hike of approximately 2 hours is required to the lodge, and no other accommodations are available within walking distance.

Full announcement:

http://lists.infradead.org/mailman/listinfo/linux-nvme
http://lists.infradead.org/pipermail/linux-nvme/2017-July/thread.html

 

 

Setting up Mac for EFI development

~ hucktech ~ Leave a comment

Setup EFI Development environment on Mac OSX Sierra (10.12.X)

Mikal Villa Mikal Villa • 07/10/2017

Oh no! a lot of text. Well, luckly half of the post is troubleshooting. EFI development setup is easy 🙂

Okay, before starting this guide you should have some tools installed already.[…]

https://0xcc.re/setup-efi-development-environment-on-mac-osx-sierra-10-12-x/

A Study of Overflow Vulnerabilities on GPUs

~ hucktech ~ Leave a comment

https://twitter.com/subTee/status/884025712029687808

A Study of Overflow Vulnerabilities on GPUs
Bang Di, Jianhua Sun, Hao Chen

GPU-accelerated computing gains rapidly-growing popularity in many areas such as scientific computing, database systems, and cloud environments. However, there are less investigations on the security implications of concurrently running GPU applications. In this paper, we explore security vulnerabilities of CUDA from multiple dimensions. In particular, we first present a study on GPU stack, and reveal that stack overflow of CUDA can affect the execution of other threads by manipulating different memory spaces. Then, we show that the heap of CUDA is organized in a way that allows threads from the same warp or different blocks or even kernels to overwrite each other’s content, which indicates a high risk of corrupting data or steering the execution flow by overwriting function pointers. Furthermore, we verify that integer overflow and function pointer overflow in struct also can be exploited on GPUs. But other attacks against format string and exception handler seems not feasible due to the design choices of CUDA runtime and programming language features. Finally, we propose potential solutions of preventing the presented vulnerabilities for CUDA.

Click to access npc16-overflow.pdf

USB Crosstalk Leakage Attacks on USB Hubs

~ hucktech ~ Leave a comment

USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs
Yang Su, Damith Ranasinghe, Daniel Genkin, Yuval Yarom

The Universal Serial Bus (USB) is the most prominent interface for connecting peripheral devices to computers. USB-connected input devices, such as keyboards, card-swipers and fingerprint readers, often send sensitive information to the computer. As such information is only sent along the communication path from the device to the computer, it was hitherto thought to be protected from potentially compromised devices outside this path. We have tested over 50 different computers and external hubs and found that over 90% of them suffer from a crosstalk leakage effect that allows malicious peripheral devices located off the communication path to capture and observe sensitive USB traffic. We also show that in many cases this crosstalk leakage can be observed on the USB power lines, thus defeating a common USB isolation countermeasure of using a charge-only USB cable which physically disconnects the USB data lines. Demonstrating the attack’s low costs and ease of concealment, we modify a novelty USB lamp to implement an off-path attack which captures and exfiltrates USB traffic when connected to a vulnerable internal or a external USB hub.

Click to access camera.pdf

ARM buys IoT security firm Simulity for £12m

~ hucktech ~ Leave a comment

By Josh Brooks 4th July 2017
ARM has bought IoT security tech business Simulity Labs in a £12m purchase from its private equity owner Foresight. Simulity provides embedded operating system software and related server systems for SIM cards and embedded SIMs (‘eSIMs’), allowing Internet of Things (IoT) devices to securely connect to networks. Foresight bought the business only last October for around £4m – meaning a massive return on its investment in percentage terms.[…]

ARM buys IoT security firm Simulity for £12m

https://www.simulity.com/

https://www.arm.com/products/iot-solutions

 

Linux OEMs/VARs: use FwUpd

~ hucktech ~ Leave a comment

If you build a Linux-based system, you should be putting your firmware updates on fwupd. Dell is the only vendor currently doing this.

What about: System76, ThinkPenguin, Purism, HP, etc??

Hmm, it looks like System76 might be working on it!

 

Petya Ransomware’s bootloader

~ hucktech ~ Leave a comment

I’ve not been paying attention to Petya, because I didn’t notice it had a bootloader impact. Whoops.

https://securingtomorrow.mcafee.com/business/petya-effective-destruction-ransomware/

[…]How do we explain Petya’s attacks against the master boot record and master file table? These render the entire system unusable. In this case why does encrypting files matter? The attack on the boot record and file table are similar to the behavior of the previous version of Petya, but there is one important difference. In research reported by Hasherezade, the new Petya destroys the Salsa20 cipher key by erasing it from the disk. In previous versions of Petya, the key is backed up in the victim’s ID before being erased—allowing for the recovery of the disk. Hasherezade also shows that the victim’s ID is generated before the random Salsa20 key is made, proving there is no relationship between the Salsa20 key and the victim’s ID. A reboot is required for this overwrite to take effect and supports the priorities we have mentioned. This difference in priorities implies the attackers are looking for pure destruction—closer in behavior to campaigns like Shamoon rather than ransomware such as Cerber, Locky, and WannaCry.[…]

https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported

https://www.us-cert.gov/ncas/alerts/TA17-181A

https://github.com/hasherezade/petya_green/blob/master/petya.cpp#L8

Siemens updates for Intel AMT

~ hucktech ~ Leave a comment

Siemens has updated their products for Intel AMT vulnerability:

Click to access siemens_security_advisory_ssa-874235.pdf

Siemens Patches Critical Intel AMT Flaw in Industrial Products


https://www.theregister.co.uk/2017/07/03/intel_amt_bug_bit_siemens_industrial_pcs/

NVIDIA seeks embedded firmware security lead

~ hucktech ~ Leave a comment

Embedded Firmware Security Lead
We are now looking for an Embedded Firmware Security Lead. […] Ways to stand out from the crowd:
* Experience with secure code quality practices and tooling to support quick engagements and rapid analysis – static analysis tools (Coverity, Checkmarx, or similar), dynamic scanning (Rapid 7, AppSider, or similar), Fuzzing (AFL, Peach, or similar) and code coverage (Bullseye, LDRA, etc)
* Experience with security incident response activities and penetration testing
* Experience with Ada/Spark language variant and formal proof verification a plus.
[…]

https://nvidia.wd5.myworkdayjobs.com/en-US/NVIDIAExternalCareerSite/job/US-CA-Santa-Clara/Embedded-Firmware-Security-Engineer_JR1905430

http://www.nvidia.com/object/careers.html

https://www.linkedin.com/jobs/view/331202558

IBM OpenPower secure and trusted boot, Part 2

~ hucktech ~ Leave a comment

OpenPOWER secure and trusted boot, Part 2
Protecting system firmware with OpenPOWER secure boot
Making your system safe against boot code cyberattacks
Dave Heller and Nageswara Sastry
Published on June 05, 2017

This content is part 2 of 2 in the series: OpenPOWER secure and trusted boot. IBM® OpenPOWER servers offer two essential security features, trusted boot and secure boot, to help ensure the integrity of your server and safeguard against a boot code cyberattack. Trusted boot works by creating secure recordings, or measurements, of executable code as the system boots. Using a process known as remote attestation, you can retrieve these measurements securely and use them to verify the integrity of your firmware or target operating system (OS). Secure boot helps ensure the integrity of your OS and firmware as well. But rather than taking measurements for later examination, secure boot performs the validation in place, during boot, and will halt the boot process if the validation fails. These two features are complementary and work together to provide comprehensive protection of platform boot code. This article explores the secure boot method, with particular focus on protection of system firmware.[…]

https://www.ibm.com/developerworks/library/l-protect-system-firmware-openpower/

Part 1 is from Feburary:

https://www.ibm.com/developerworks/linux/library/l-trusted-boot-openPOWER-trs/index.html?ca=drs-

 

UEFI-based IoT firmware updates

~ hucktech ~ Leave a comment

https://twitter.com/grjohnson10/status/880767835886301184

Simplify Secure, UEFI-Based IoT Firmware Updates
Rich Nass

In the age of the Internet of Things (IoT), where everything is becoming connected, each connection point can be viewed as a “Hack This” sign for the bad guys. To prevent this, developers need to be sure that all firmware and associated patches are kept up to date with verified and secure revision control. Any unpatched or outdated firmware can allow access to critical system functions. Unfortunately, this need to keep firmware updated often goes overlooked by the development team after a product has shipped. In many cases this is due to the resources required and complexities involved. But what if the whole process of updating and securing firmware remotely or over the air (OTA) could be standardized and encapsulated within an easy-to-use, reliable solution that works seamlessly with your underlying hardware? It turns out that such a solution is already in hand.[…]

http://www.insight.tech/industrial/simplify-secure-uefi-based-iot-firmware-updates

http://www.insight.tech/authors/rich-nass

Nikolaj on recent UEFI/ACPI spec updates

~ hucktech ~ Leave a comment

[[[UPDATE:
William’s blog post on Nikolaj’s comments are more readable than below post:
http://www.basicinputoutput.com/2017/07/uefi-27-courtesy-of-nikolaj.html
]]

Nikolaj has over a dozen tweets showcasing the interesting new features in the latest UEFI and ACPI specs. Click on the above Twitter URL to see the full set.