OEMs: please note!
Carl-Daniel Hailfinger posted an announcement to the upcoming European coreboot conference 2017 to the coreboot-announce list:
We are currently planning to host a coreboot conference in Germany with 2 days of talks and an additional 2 days of hacking. The date will probably either be October 19-22 or October 26-29, i.e. directly before or after Embedded Linux Conference Europe and LinuxCon Europe. Ticket prices haven’t been decided yet and depend on the location and venue availability. The location will be either in Bonn or Bochum. Both Bochum and Bonn offer a variety of interesting activities for conference participants. Bochum is reachable by public transport from Frankfurt Airport within 120 minutes, from Dusseldorf Airport within 40 minutes and from Cologne Airport within 80 minutes. Bonn is reachable by public transport from Frankfurt Airport within 70 minutes, from Dusseldorf Airport within 70 minutes and from Cologne Airport within 30 minutes.
YOUR ACTION NEEDED!
Please fill out the application and subscribe to the newsletter if you are planning to join us!
European Coreboot Conference 2017
We are currently planning to host a coreboot conference with 2 days of talks and an additional 2 days of hacking. Sometime in October 2017 in Bonn or Bochum, Germany.
The dates will probably either be October 19-22 or October 26-29, i.e. directly before or after Embedded Linux Conference Europe and LinuxCon Europe.
Ticket prices haven’t been decided yet and depend on the location and venue availability. Add your email address to be sent an invite to the conference when it is announced.
The 33rd Chaos Communication Congress (CCC) takes place in December in Germany. There are MANY great presentations, and CCC is great at making video archives available. Here’s a sample of a few of the presentations, starting with Trammell’s lecture on Heads:
Bootstraping a slightly more secure laptop
What could possibly go wrong with <insert x86 instruction here>?: Side effects include side-channel attacks and bypassing kernel ASLR
Clémentine Maurice and Moritz Lipp
Untrusting the CPU: A proposal for secure computing in an age where we cannot trust our CPUs anymore
Virtual Secure Boot: Secure Boot support in qemu, kvm and ovmf
coreboot will be at 33C3, the 33rd Chaos Communications Congress, happening in December in Germany.
STUXXNET is old news, apparently. As reported by SANS, a year ago a nuclear power plant, probably in Germany, was attacked by malware.
The director of the United Nation’s (UN’s) International Atomic Energy Agency (IAEA) said that an unnamed nuclear power plant suffered a cyberattack within the last three years. Yukiya Amano said that the targeted plant was not forced to shut down operations, and that “This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously.” Amano said that IAEA is helping nuclear facilities around the word improve cyber and physical security.
The director of IAEA is most likely referring to the incident involving a Korea Hydro & Nuclear Power (KHNP) plant, but recent discoveries in Germany of aged malware infections on plant process control equipment is also troubling. The nuclear industry has been well positioned to defend against Internet-borne, non-targeted, threats based because they adopted secure network architectures early, but they are now struggling to address human-enabled (e.g. infected USBs) and highly targeted cyber threats. The next step for the industry will be to transform its cyberdefense strategies from prevention-focused to a more active defense. Active defense is based on the assumption that intrusions will occur, and effective defense focuses on rapid detection of failures along with rapid collapse of free-time available to attackers.
I wonder what malware was used, was it firmware-centric? Is ‘critical infrastructure’ really secured any better than COTS consumer devices? Do they use Intel x64 systems with UEFI-based blogs than can be tested with CHIPSEC?