Re: https://firmwaresecurity.com/2018/08/10/eclypsium-remotely-attacking-system-firmware/
Category Archives: Uncategorized
more on Intel-SA-00161
and https://firmwaresecurity.com/2018/08/15/more-on-intel-sa-00161/ :
Update from Intel:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html
https://www.amd.com/en/corporate/security-updates
https://www.tenable.com/plugins/nessus/111703
more on Intel-SA-00161
https://en.wikipedia.org/wiki/Foreshadow_(security_vulnerability)
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3620.html
https://support.microsoft.com/en-us/help/4343909/windows-10-update-kb4343909
https://xenbits.xen.org/xsa/advisory-273.html
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
https://blogs.oracle.com/oraclesecurity/intel-l1tf
https://cloud.google.com/blog/products/gcp/protecting-against-the-new-l1tf-speculative-vulnerabilities
https://kb.vmware.com/s/article/55636
https://blogs.vmware.com/security/2018/08/new-vmware-security-advisory-vmsa-2018-0022-and-updated-security-advisory-vmsa-2018-0019-1.html
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03874en_us
https://blog.rapid7.com/2018/08/14/patch-tuesday-august-2018/
https://lkml.org/lkml/2018/8/14/885
https://www.suse.com/support/kb/doc/?id=7023077
https://marc.info/?l=openbsd-tech&m=153431475429367&w=2
Intel-SA-00161: L1 Terminal Fault (L1TF) speculative execution side-channel attack (Foreshadow)
Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices.[…]
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
https://access.redhat.com/security/vulnerabilities/L1TF
https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know
https://blogs.technet.microsoft.com/virtualization/2018/08/14/hyper-v-hyperclear/
https://www.us-cert.gov/ncas/current-activity/2018/08/14/Intel-Side-Channel-Vulnerability
Linux UEFI firmware updates via LVFS at Linaro Connect
System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules
Firmware is responsible for low-level platform initialization, establishing root-of-trust, and loading the operating system (OS). Signed UEFI Capsules define an OS-agnostic process for verified firmware updates, utilizing the root-of-trust established by firmware. The open source FmpDevicePkg in TianoCore provides a simple method to update system firmware images and device firmware images using UEFI Capsules and the Firmware Management Protocol (FMP). This session describes the EFI Development Kit II (EDK II) capsule implementation, implementing FMP using FmpDevicePkg, creating Signed UEFI Capsules using open source tools, and an update workflow based on the Linux Vendor Firmware Service (fwupd.org).
https://yvr18.pathable.com/meetings/740447
mOSL: Bash script to audit and fix macOS High Sierra (10.13.x) security settings
Settings that can be audited/ fixed:
enable automatic updates
enable gatekeeper
enable firewall
enable admin password preferences
enable terminal secure entry
disable firewall builin software
disable firewall downloaded signed
disable ipv6
disable mail remote content
disable remote apple events
disable remote login
set airdrop contacts only
set appstore update check daily
check SIP
check kext loading consent
check EFI integrity
check filevault
check firmware password set
https://github.com/0xmachos/mOSL
