There’s a new mirror of the Google Fuschsia UEFI headers:
https://github.com/no92/zircon-uefi
See-also:
https://fuchsia.googlesource.com/zircon/+/master/docs/ddk/driver-development.md
https://en.wikipedia.org/wiki/Google_Fuchsia
Category: Uncategorized
FBI: Cyber Actors Use IoT Devices as Proxies for Malicious Cyber Activities
Reboot your IoT Devices regularly!
https://www.ic3.gov/media/2018/180802.aspx
https://www.ic3.gov/media/2017/171017-1.aspx
“Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.”
https://www.us-cert.gov/ncas/tips/ST17-001
https://www.us-cert.gov/ncas/tips/ST17-001
CVE-2018-3968: Cisco using outdated U-boot in Cujo
Let’s hope Cisco Talos will let Mitre/NVD about the details soon. No info on the Talos or Cisco security sites, nor even *Twitter*!, AFAICT. 🙂
https://lists.denx.de/pipermail/u-boot/2018-August/336973.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3968
——– Forwarded Message ——–
Subject: [U-Boot] Talos Security Advisory (TALOS-2018-0633/CVE-2018-3968 )
Date: Thu, 2 Aug 2018 18:52:03 +0000
Hello,
Cisco Talos team discovered a security issue impacting Cujo product using an outdated version of U-boot. We’ve assigned a CVE for this issue (CVE-2018-3968) and have attached a copy of the security advisory provided to Cujo.
Disclose.io Legal Framework for Security Researchers
Paul again.
As far as I know, this is the first effort to tidy up and standardize the legalities around bug bounty programs. Security research is already legally fraught, particularly in the US. Bug bounty programs that pay meaningful amounts are clearly a great step, but there have already been multiple instances of security researchers attempting to do the right thing, and being thwarted by the process – more, and standardized legal protection should help.
Are there any bug bounty programs in the firmware and/or hardware domain directly?
Apple has one that covers their (low SKU) product line, but things get complicated when a shipping system has components from so many distinct providers and a manufacturer makes so many SKUs. Seems like the buck should still stop at the integrated system manufacturer – eg: Dell, Lenovo, HP, Supermicro, etc, and at the component manufacturer for components that can be replaced – HDDs, SSDs, discrete PCIe devices.
Duo Security purchased by CISCO
Paul writing again. Soon you’ll learn to check the byline, or notice that I’m a lot more wordy than Lee (Hucktech).
https://www.cnbc.com/2018/08/02/cisco-buys-security-start-up.html
Duo Security pays more attention than most to platform firmware security, and have done R&D and released open source software in the space. Previously:
Duo Labs releases: IDAPython, Coretex M Firmware and Amnesia modules
Notably, EFIgy:
https://github.com/duo-labs/EFIgy/
Blog has second poster: Paul English of PreOS Security
So far, this blog has been my daily education, writing down URLs of things I learn that day. A few people also feed me interesting URLs. Paul English, co-founder of PreOS Security[1], has been giving me more and more links, so I’ve asked him to deal with them, instead of asking me to do posts on those URLs. 🙂
This is Paul’s first post:
He’s also trying to help fix the WordPress-based site to be more usable. It looks like the font has already changed.
Back Doors for Cross-Signed Windows Drivers
https://twitter.com/geoffchappell/status/1024757182687010818
Four undocumented registry values vary the default validation of signatures on kernel-mode code such that Windows 10 may allow cross-signed drivers when it is otherwise documented as requiring Microsoft-signed drivers. This may be welcome for running your own drivers on your own computers without having to send them to Microsoft. Or it may be an unwelcome exposure to software that would install drivers by surprise, including to let malware elevate from administrative access to kernel-mode execution. Setting these values requires administrative access. Their action is subject to System Integrity policy, which provides the best defence.[…]
Meet Us At Black Hat USA 2018
Management here – we’ll be at Black Hat USA 2018.. next week. If you’ll be there, be sure and stop by our Arsenal Tools Demo Wednesday, August 8 | 2:30pm-3:50pm, Station #5.
We’ll be around before and after, attending talks and available for meetings. If you think your employer should be doing more platform firmware security, we’d love to talk! Email to set up a meeting:
QuarksLab: Attacking the ARM’s TrustZone
Reversing the Luxeed LED keyboard, a Windows USB driver
Lots of general debugging skills for Windows USB drivers covered in this blog post.
https://twitter.com/geeknik/status/1024439570019110912
http://jespersaur.com/drupal/book/export/html/21
Intel updates 2 security whitepapers
QuickESP: Minimal and discreet ESP/EFI Mounter application for macOS
https://github.com/dkoluris/quickesp
Only 4 hours old, “Fresh Meat”, as they used to say in the olde days of the Interwebs.
SMM disabling and verification techniques
3mdeb points out that there is a patent by Intel with information focused on disabling Intel SMM.
Don’t click on this link if you’re an engineer and are not allowed to view patent information.
chipsec-script: calls multiple CHIPSEC tools
[I just noticed this, it is a month old. Not many CHIPSEC-based projects on Github, and I was not searching for latest ones…]
https://github.com/yeggor/chipsec-script
This project wraps CHIPSEC and gathers the results of multiple CHIPSEC tools/tests/utils.
PreOS Security is working on fwaudit, a tool that also wraps CHIPSEC, and other tools. I’m in the middle of an update of fwaudit, for Black Hat.
System call dispatching on Windows ARM64
Microsoft recently announced that there will be Windows ARM64 devices. This article briefly documents the system call dispatching mechanism for Windows on ARM64. Readers are assumed to be familiar with ARM64 assembly and system call dispatching on Windows x86/x64.[…]
https://gracefulbits.com/2018/07/26/system-call-dispatching-for-windows-on-arm64/
Mambo: A DBI and modification tool for AArch32 and AArch64
FakeSMC_SMMSensors.kext: FakeSMC sensor plugin which uses SMM to obtain info
Installing Coreboot on Lenovo X210
[…]The other fun thing about it is that none of the firmware flashing protection is enabled, including Intel Boot Guard. This means running a custom firmware image is possible, and what would a ridiculous custom Thinkpad be without ridiculous custom firmware? A shadow of its potential, that’s what. So, I read the Coreboot[1] motherboard porting guide and set to.[…]
https://mjg59.dreamwidth.org/50924.html
Lenovo should be giving Matthew a free X210 for this effort:
Debian UEFI Secure Boot report from DebConf
DebConf, the Debian conference is happening, and there’s a EFI Secure Boot talk. Slides are listed on the debian-efi list below:
https://lists.debian.org/debian-efi/2018/07/msg00015.html
https://meetings-archive.debian.net/pub/debian-meetings/2018/DebConf18/?
Open Source Firmware Conference: CfP deadline is tommorow
Final day to submit a talk to the Open Source Firmeware Conference is July 31st!
https://easychair.org/cfp/osfc2018
Firmware Security 
You must be logged in to post a comment.