Amazon.com announces Firecracker: a Secure, Open Source microVM

November 27, 2018 ~ hucktech ~ 1 Comment

Introducing Amazon EC2 A1 Instances powered by new Arm-based AWS Graviton processors. #reInvent https://t.co/vhjHFPo9Hy pic.twitter.com/ndxzmx2Xm7

— Amazon Web Services (@awscloud) November 27, 2018

And the one more thing … Firecracker. An open source VMM for multi-tenant serverless computing https://t.co/Q8tE8NpgKy @AWSreInvent

— Deepak Singh @ re:Invent (@mndoci) November 27, 2018

https://github.com/firecracker-microvm/firecracker/blob/master/SPECIFICATION.md

https://aws.amazon.com/blogs/opensource/firecracker-open-source-secure-fast-microvm-serverless/

Amazon.com seeks Hardware Security Engineer

October 16, 2018 ~ hucktech ~ Leave a comment

[…]AWS Security is looking for an experienced Senior Security Engineer, specializing in hardware technologies[…]
— IoT network technologies (Z-Wave, Zigbee, Bluetooth/BLE, WLAN, identity/auth security)
— Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA)
— x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, secure boot)
— Local encryption and key management (LUKS, BitLocker, self-encrypting drives, etc)
— PKI and code signing architecture (X.509, EV SSL, certificate pinning, OCSP, CRL, etc)
— hardware cryptography (certificates, attestation, TPM/HSM)
— embedded/IoT solution design and security considerations

https://us-amazon.icims.com/jobs/679222/hardware-security-engineer/job

Bloomberg: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

October 4, 2018 ~ hucktech ~ 1 Comment

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

[…]There are two ways for spies to alter the guts of computer equipment.
One, known as interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden.
The other method involves seeding changes from the very beginning.[…]

Allegedly a supply chain attack on Supermicro's servers installed small CPUs disguised as passive capacitors on the mainboard that were able to take over the BMC, which could then compromise the main CPU: https://t.co/Dop9Atmg1q pic.twitter.com/OR5jSvtAma

— Trammell Hudson ⚙ (@qrs) October 4, 2018

This story is something. https://t.co/tTctvvFrrH

— Matthew Green (@matthew_d_green) October 4, 2018

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Complementary question to ask yourselves after the BMC hardware hack: who has the signing CA for the firmware upgrades of <enter your device> and how do you know there aren’t several “other” intermediate CAs?

“Dormi preoccupato”™¹
__
¹ sleep in fear, Italian conscript classic.

— Arrigo Triulzi (@cynicalsecurity) October 4, 2018

This also is another explanation for Apple dropping Supermicro servers a few years ago, the rumors at the time were due to compromised firmware updates: https://t.co/sS9FkHMPpI

— Trammell Hudson ⚙ (@qrs) October 4, 2018

All hope is lost pic.twitter.com/CoI3eIhFdf

— Update failed, host not responding (@Taiki__San) October 4, 2018