Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Ecos Secure Boot Stick version 5.6.5 and System Management version 5.2.68 suffers from credential disclosure and various other security vulnerabilities that can lead to information disclosure.
https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html
https://www.ecos.de/en/products/access-components/secure-boot-stick/
[[SuperMicro has a phone app to control their systems’ IPMI. Now Intel has a phone app to control Intel AMT-based systems. I hope mobile systems are secure, these would seem to make great ‘pivots’ for attackers…]]
MeshCentral2 – New Mobile Web Application
By Ylian S. (Intel), published on June 12, 2018
It’s been a while since the last announcement but I have been hard at work on MeshCentral, the web-based open source remote management software. This week we got a big new feature with release of MeshCentral v0.1.8-c on NPM, we now have a new web application for mobile devices. When you install your own MeshCentral server and access it using a mobile device (like a phone or tablet), you will see a new web page tailored for small devices. This is the first version of it, but already it offers many of the main usages that are offered on the main web site in a more compact form.[…]
https://software.intel.com/en-us/blogs/2018/06/12/meshcentral2-new-mobile-web-application
https://www.npmjs.com/package/meshcentral
http://www.meshcommander.com/meshcentral2
Here’s the source of the Intel floating point issue:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
Re: https://firmwaresecurity.com/2018/06/13/intel-floating-point-issue/
https://github.com/chipsec/chipsec/commit/45b50782c9585f79e1f01d5262ad0022f78540a5
Module name: ‘sgx_check’
Author: Sushmith Hiremath, INTEL DCG RED team
Check SGX related configuration
Reference: SGX BWG, CDI/IBP#: 565432
I’m unclear to the meaning of the numeric Reference #…
Nice job title, …and without using “Cyber”, even!
Job description is well-written, I can guess at who wrote it. 🙂
https://twitter.com/sergey_nog/status/1006582302057619456
ZeroTrace(ZT) is the first system that enabled instantiations of Oblivious-RAMs(ORAMs) on a server-device that supports Intel-SGX. ZT is also secure against known side-channel attacks against SGX.* Oblivous RAM or ORAMs have been theoretically known for a long while now [1], with the advent of secure hardware modules like Intel SGX, we notice an opportunity to make these incredible cryptographic primitives, deployable in practical scenarios.[…]
https://github.com/sshsshy/ZeroTrace
A 10-part video introduction to KiCad is now available:
Expliot (Pronounced – expl-aa-yo-tee)
Internet Of Things Exploitation Framework
Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to create new plugins. The name expliot is a pun on exploit and explains the purpose of the framework i.e. IoT exploitation. It is developed in python3[…]
https://gitlab.com/expliot_framework/expliot
According to the oss-security list, there’s an ‘Intel FP issue’, and the BSDs are doing patches against it:
https://marc.info/?l=openbsd-cvs&m=152818076013158&w=2
http://lists.dragonflybsd.org/pipermail/commits/2018-June/672324.html
https://svnweb.freebsd.org/base?view=revision&revision=335072
I don’t know more about this FP issue other than above. For the record, I prefer the old days, when kernel mode didn’t rely on floating point, so the OS didn’t have to save state for drivers. 🙂
Open-sourcing Sonar, a new extensible debugging tool
Emil Sjölander
One challenge that comes from having many engineers working collaboratively on larger apps is that typically no single person knows how every module works. This segmentation of knowledge and expertise can make it difficult to develop new features, investigate bugs, or optimize performance. To help engineers at Facebook manage this complexity, we built Sonar, an extensible cross-platform debugging tool. Sonar gives us a surface where framework experts and developers can convey important information to framework users. Now we are adding functionality and sharing Sonar as an open source project to help others accelerate the app development process. With Sonar, engineers have a highly flexible, intuitive way to inspect and understand the structure and behavior of their iOS and Android applications. We believe Sonar improves on current tools by providing a more visual and interactive experience that is extensible to fit engineers’ specific needs.[…]
https://github.com/facebook/Sonar/
NEMU is an open source hypervisor specifically built and designed to run modern cloud workloads on modern 64-bit Intel and ARM CPUs.
The latest version of Windows apparently has new protections against PCILeech and related attacks:
Jun 11, 2018 by Joanna Rutkowska
A few months ago, during my keynote at Black Hat Europe, I was discussing how we should be limiting the amount of trust when building computer systems. Recently, a new technology from Intel has been gaining popularity among both developers and researchers, a technology which promises a big step towards such trust-minimizing systems. I’m talking about Intel SGX, of course. Intel SGX caught my attention for the first time about 5 years ago, a little while before Intel has officially added information about it to the official Software Developer’s Manual. I’ve written two posts about my thoughts on this (then-upcoming) technology, which were a superposition of both positive and negative feelings. Over the last 2 years or so, together with my team at ITL, we’ve been investigating this fascinating technology a bit closer. Today I’d like to share some introductory information on this interesting project we’ve been working on together with our friends at Golem for several months now.[…]
https://blog.invisiblethings.org/2018/06/11/graphene-ng.html
An ice-cold Boot to break BitLocker
By Olle Segerdahl & Pasi Saarinen
A decade ago, academic researchers demonstrated how computer memory remanence could be used to defeat popular disk encryption systems. Not much has happened since, and most seem to believe that these attacks are too impractical for real world use. Even Microsoft have even started to play down the threat of memory remanence attacks against BitLocker, using words such as “they are not possible using published techniques”. We will publish techniques that allow recovery of BitLocker encryption keys from RAM on most, if not all, currently available devices. While BitLocker is called out in the title, the same attacks are also valid against other platforms and operating systems.
Olle is a veteran of the IT-security industry, having worked with both “breaking” and “building” security solutions for almost 20 years. During that time, he has worked on securing classified systems, critical infrastructure and cryptographic products as well as building software whitelisting solutions used by industrial robots and medical equipment. He is currently the Swedish Principal Security Consultant with F-Secure’s technical security consulting practice.
Pasi is an experienced security researcher with a background in both software and network security. In previous employment he has worked on a modern framework for white-box fuzz testing of binaries and security standardization of the 5G mobile network. While he has a very Finnish name, he plays for team Sweden in F-Secure’s technical security consulting practice.
https://twitter.com/GossiTheDog/status/1006187828366192641
“Embedi was designated pursuant to E.O. 13694, as amended. As of May 2017, Embedi was owned or controlled by Digital Security.”
https://home.treasury.gov/news/press-releases/sm0410
Embedi does firmware security research.
Date Published: June 2018
Supersedes: SP 800-125A (January 2018)
The Hypervisor platform is a collection of software modules that provides virtualization of hardware resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (made of an operating system (OS) and application programs) called Virtual Machines (VMs) to be run on a single physical host. In addition, it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. The architecture of a hypervisor can be classified in different ways. The security recommendations in this document relate to ensuring the secure execution of baseline functions of the hypervisor and are therefore agnostic to the hypervisor architecture. Further, the recommendations are in the context of a hypervisor deployed for server virtualization and not for other use cases such as embedded systems and desktops. Recommendations for secure configuration of a virtual network are dealt with in a separate NIST document (Special Publication 800-125B). [This revision includes additional technologies for device virtualization such as para-virtualization, passthrough and self-virtualizing hardware devices as well as associated security recommendations. Major content changes in this revision are in: Section 1.1, Section 2.2.2 and Section 5.]
https://csrc.nist.gov/News/2018/NIST-Publishes-SP-800-125A-Rev-1
https://csrc.nist.gov/publications/detail/sp/800-125a/rev-1/final
Double-fetch bugs are a special type of race condition, where an unprivileged execution thread is able to change a memory location between the time-of-check and time-of-use of a privileged execution thread. If an unprivileged attacker changes the value at the right time, the privileged operation becomes inconsistent, leading to a change in control flow, and thus an escalation of privileges for the attacker. More severely, such double-fetch bugs can be introduced by the compiler, entirely invisible on the source-code level. We propose novel techniques to efficiently detect, exploit, and eliminate double-fetch bugs. We demonstrate the first combination of state-of-the-art cache attacks with kernel-fuzzing techniques to allow fully automated identification of double fetches. We demonstrate the first fully automated reliable detection and exploitation of double-fetch bugs, making manual analysis as in previous work superfluous. We show that cache-based triggers outperform state-of-the-art exploitation techniques significantly, leading to an exploitation success rate of up to 97%. Our modified fuzzer automatically detects double fetches and automatically narrows down this candidate set for double-fetch bugs to the exploitable ones. We present the first generic technique based on hardware transactional memory, to eliminate double-fetch bugs in a fully automated and transparent manner. We extend defensive programming techniques by retrofitting arbitrary code with automated double-fetch prevention, both in trusted execution environments as well as in syscalls, with a performance overhead below 1%.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Discover the Desktop
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
News from coreboot world
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Just another WordPress.com site
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Firmware Security 
You must be logged in to post a comment.