Uncategorized

modzero Security: keylogger in HP audio driver

[EN] Keylogger in Hewlett-Packard Audio Driver
Security reviews of modern Windows Active Domain infrastructures are – from our point of view – quite sobering. Therefore, we often look left and right, when, for example, examining the hardening of protection mechanisms of a workstation. Here, we often find all sorts of dangerous and ill-conceived stuff. We want to present one of these casually identified cases now, as it’s quite an interesting one: We have discovered a keylogger in an audio driver package by Hewlett-Packard. A keylogger is a piece of software for which the case of dual-use can rarely be claimed. This means there are very few situations where you would describe a keylogger that records all keystrokes as ‘well-intended’. A keylogger records when a key is pressed, when it is released, and whether any shift or special keys have been pressed. It is also recorded if, for example, a password is entered even if it is not displayed on the screen.[…]There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers – which makes the software no less harmful. If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn’t be problems with the confidentiality of the data of any user[…]

https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

Standard
Uncategorized

UEFI Plugfest slides uploaded

https://uefi.blogspot.com/2017/03/uefi-plugfest-2017-in-nanjing.html

Tim Lewis of Insyde has a blog post with an update for the UEFI plugfest. *Multiple* presentations on security!!

 State of UEFI – Mark Doran (Intel)
 Keynote: China Information Technology Ecosystem – Guangnan Ni (Chinese Academy of Engineering).
 The Role of UEFI Technologies Play in ARM Platform Architecture – Dong Wei (ARM)
 ARM Server’s Firmware Security – Zhixiong (Jonathan) Zhang, Cavium
 SMM Protection in EDK II – Jiewen Yao (Intel)
 Server RAS and UEFI CPER – Mao Lucia and Spike Yuan (Intel)
 A More Secure and Better User Experience for OS-based Firmware Update – David Liu (Phoenix)
 UEFI and IoT: Best Practices in Developing IoT Firmware Solutions – Hawk Chen (Byosoft)
 Establishing and Protecting a Chain of Trust with UEFI – David Chen (Insyde)
 Implementation of Hypervisor in UEFI Firmware – Kangkang Shen (Huawei)
 Lessons Learned from Implementing a Wi-Fi and BT Stack – Tony Lo (AMI)
  UEFI Development Anti-Patterns – Chris Stewart (HP)

http://www.uefi.org/learning_center/presentationsandvideos

Standard
Uncategorized

HP seeks firmware pentester

Application Security Engineer – Firmware
HP Cloud Solutions and Operations (CSO) Security is an engineering organization specializing in secure development practices and penetration testing. We are organized as an internal consulting business, enabling our customers to develop and launch a diverse range of customer-facing products including mobile, eCommerce, web services, and embedded. It’s our job to analyze the design, audit the source code, and attempt to break the final product before potential adversaries do. We’re hiring an application security engineer with firmware experience and penetration tester at our new Vancouver, WA office. We have openings for a full-time engineer. Ideally, you have a passion for learning new attack vectors and implementing working exploits. Given your past experience you can improve the security of the architecture, design, authorship, and testing of code. If many of the following apply, you’re probably a good fit.[…]

https://h30631.www3.hp.com/job/-/-/3544/4119219

Standard
Uncategorized

DFIR toolset links

Mark McCurdy of HP has a nice set of links for DF
https://github.com/marcurdy/dfir-toolset

It is sort of like an ‘awesome forensics’ page, so related to lists like:
https://github.com/Cugu/awesome-forensics
https://github.com/sbilly/awesome-security
https://github.com/rshipp/awesome-malware-analysis
https://github.com/apsdehal/awesome-ctf
https://github.com/onlurking/awesome-infosec
https://github.com/tylerph3/awesome-reversing
https://github.com/paragonie/awesome-appsec
https://github.com/meirwah/awesome-incident-response
etc.

Standard
Uncategorized

new HP printers to include additional firmware security

Multiple news sites have stories about new HP printer which has new firmware security features. Quoting a story by Samira Sarraf and Steven Kiernan in CRM Australia:

[…] The recently announced printers, which are expected to start shipping in April 2017, also boast beefed-up security, including run-time intrusion detection, which monitors constantly for sign of attack and sends alerts into security management. There is also a firmware whitelisting device that makes sure that only good and certified firmware have access to the devices. And Sure Start, a chip on the devices that checks for the bios integrity during boot time, shuts the device down if it detects anything wrong and reboots. […]

http://www.crn.com.au/news/hp-mounts-assault-on-australian-copier-market-436797
http://www8.hp.com/us/en/hp-news/media-kits/2016/GPC_2016.html
http://www8.hp.com/us/en/printers/a3-multifunction.html
http://www8.hp.com/us/en/hp-news/newsroom.html

Standard
Uncategorized

List of UEFI vendors who care about security

Which UEFI vendors care — or at least may care — about security? The list (alphabetically) is shorter than you might expect:

AMD
AMI
Apple
Dell
Hewlett Packard Enterprises
HP Inc.
Insyde Software
Intel Corp.
Lenovo
Microsoft
Phoenix Technologies

Nobody else. If your vendor is not listed above, ask them why you should purchase a UEFI-based system from them.

The above list is from the list of vendors who have feedback mechanisms listed on the UEFI Forum’s security contact page.

http://uefi.org/security

Standard
Uncategorized

HP Printers expose anon FTP

Exposed HP LaserJet printers offer Anonymous FTP to the public

Networked HP LaserJet printers, which have been made available to the public by the organizations hosting them, offer potential attackers a ready-made Anonymous FTP server. At present, there are thousands of these devices online. The exposed printers were the focus of a new blog post by Chris Vickery. Vickery has previously worked with Salted Hash on a number of stories – including database leaks that exposed class records at SNHU, 3.3 million Hello Kitty fans, 191 million voter records, and an additional 18 million voter records with targeted data. […]

Full article:
https://mackeeper.com/blog/post/185-spilling-the-beans
http://www.csoonline.com/article/3026184/security/exposed-hp-laserjet-printers-offer-anonymous-ftp-to-the-public.html

Standard