Uncategorized

HP seeks firmware pentester

Application Security Engineer – Firmware
HP Cloud Solutions and Operations (CSO) Security is an engineering organization specializing in secure development practices and penetration testing. We are organized as an internal consulting business, enabling our customers to develop and launch a diverse range of customer-facing products including mobile, eCommerce, web services, and embedded. It’s our job to analyze the design, audit the source code, and attempt to break the final product before potential adversaries do. We’re hiring an application security engineer with firmware experience and penetration tester at our new Vancouver, WA office. We have openings for a full-time engineer. Ideally, you have a passion for learning new attack vectors and implementing working exploits. Given your past experience you can improve the security of the architecture, design, authorship, and testing of code. If many of the following apply, you’re probably a good fit.[…]

https://h30631.www3.hp.com/job/-/-/3544/4119219

Standard
Uncategorized

DFIR toolset links

Mark McCurdy of HP has a nice set of links for DF
https://github.com/marcurdy/dfir-toolset

It is sort of like an ‘awesome forensics’ page, so related to lists like:
https://github.com/Cugu/awesome-forensics
https://github.com/sbilly/awesome-security
https://github.com/rshipp/awesome-malware-analysis
https://github.com/apsdehal/awesome-ctf
https://github.com/onlurking/awesome-infosec
https://github.com/tylerph3/awesome-reversing
https://github.com/paragonie/awesome-appsec
https://github.com/meirwah/awesome-incident-response
etc.

Standard
Uncategorized

new HP printers to include additional firmware security

Multiple news sites have stories about new HP printer which has new firmware security features. Quoting a story by Samira Sarraf and Steven Kiernan in CRM Australia:

[…] The recently announced printers, which are expected to start shipping in April 2017, also boast beefed-up security, including run-time intrusion detection, which monitors constantly for sign of attack and sends alerts into security management. There is also a firmware whitelisting device that makes sure that only good and certified firmware have access to the devices. And Sure Start, a chip on the devices that checks for the bios integrity during boot time, shuts the device down if it detects anything wrong and reboots. […]

http://www.crn.com.au/news/hp-mounts-assault-on-australian-copier-market-436797
http://www8.hp.com/us/en/hp-news/media-kits/2016/GPC_2016.html
http://www8.hp.com/us/en/printers/a3-multifunction.html
http://www8.hp.com/us/en/hp-news/newsroom.html

Standard
Uncategorized

List of UEFI vendors who care about security

Which UEFI vendors care — or at least may care — about security? The list (alphabetically) is shorter than you might expect:

AMD
AMI
Apple
Dell
Hewlett Packard Enterprises
HP Inc.
Insyde Software
Intel Corp.
Lenovo
Microsoft
Phoenix Technologies

Nobody else. If your vendor is not listed above, ask them why you should purchase a UEFI-based system from them.

The above list is from the list of vendors who have feedback mechanisms listed on the UEFI Forum’s security contact page.

http://uefi.org/security

Standard
Uncategorized

HP Printers expose anon FTP

Exposed HP LaserJet printers offer Anonymous FTP to the public

Networked HP LaserJet printers, which have been made available to the public by the organizations hosting them, offer potential attackers a ready-made Anonymous FTP server. At present, there are thousands of these devices online. The exposed printers were the focus of a new blog post by Chris Vickery. Vickery has previously worked with Salted Hash on a number of stories – including database leaks that exposed class records at SNHU, 3.3 million Hello Kitty fans, 191 million voter records, and an additional 18 million voter records with targeted data. […]

Full article:
https://mackeeper.com/blog/post/185-spilling-the-beans
http://www.csoonline.com/article/3026184/security/exposed-hp-laserjet-printers-offer-anonymous-ftp-to-the-public.html

Standard
Uncategorized

RISC-V/LowRISC update

The recent RISC-V workshop is over, presentations are online, videos are not yet online:

http://riscv.org/workshop-jan2016.html
http://riscv.org/

RISC-V and coreboot:
http://riscv.org/workshop-jan2016/Tues1345%20riscvcoreboot.pdf

RISC-V and UEFI:
http://riscv.org/workshop-jan2016/Tues1415%20RISC-V%20and%20UEFI.pdf

There is some post-workshop coverage here:
https://blog.riscv.org/2016/01/3rd-risc-v-workshop-presentations-breakouts/
http://www.lowrisc.org/blog/2016/01/third-risc-v-workshop-day-one/
http://www.lowrisc.org/blog/2016/01/third-risc-v-workshop-day-two/
http://www.adapteva.com/andreas-blog/why-i-will-be-using-the-risc-v-in-my-next-chip/
http://www.eetimes.com/document.asp?doc_id=1328620&

LowRISC, a related project to RISC-V is also making progress. From the below EE Times article:

“The LowRISC project at the University of Cambridge is attracting interest as the likely first source of real development hardware. The team which includes members of the Raspberry Pi project hopes to have first silicon this year and plans to make development boards available in 2017, likely for $50-100.”

http://www.lowrisc.org/

http://www.eetimes.com/document.asp?doc_id=1328620&

I missed this news, it is interesting to see Google, HP, and Oracle getting involved with RISC-V.

http://www.eetimes.com/document.asp?doc_id=1328561&

 

Standard
Uncategorized

new Linux kernel NVDIMM IOCTL pass thru patch

Jerry Hoemann of HP (now HPE) posted a message to the linux-nvdimm@lists.01.org, linux-acpi, and linux-kernel lists with new patch to the Linux 4.3 kernel with a new ioctl inteface for NVDIMM DSMs:

nvdimm: Add an IOCTL pass thru for DSM calls

The NVDIMM code in the kernel supports an IOCTL interface to user space based upon the Intel Example DSM:
http://pmem.io/documents/NVDIMM_DSM_Interface_Example.pdf

This interface cannot be used by other NVDIMM DSMs that support incompatible functions. This patch set adds a generic “passthru” IOCTL interface which is not tied to a particular DSM. A new IOCTL type “P” is added for the pass thru call. The new data structure ndn_pkg serves as a wrapper for the passthru calls.  This wrapper supplies the data that the kernel needs to make the _DSM call. Unlike the definitions of the _DSM functions themselves, the ndn_pkg provides the calling information (input/output sizes) in an uniform manner making the kernel marshaling of the arguments straight forward. This shifts the marshaling burden from the kernel to the user space application while still permitting the kernel to internally calling _DSM functions. To make the resultant kernel code easier to understand the existing functions acpi_nfit_ctl and __nd_ioctl were renamed to .*_intel to denote calling mechanism as in 4.2 tailored to the Intel Example DSM. New functions acpi_nfit_ctl_passthru and __nd_ioctl_passthru were created to supply the pass thru interface.

 drivers/acpi/nfit.c        |  91 ++++++++++++++++++++++++++++++++–
 drivers/nvdimm/bus.c       | 118 +++++++++++++++++++++++++++++++++++++++++—-
 drivers/nvdimm/dimm_devs.c |   6 +–
 include/linux/libnvdimm.h  |   3 +-
 include/uapi/linux/ndctl.h |  20 +++++++-
 5 files changed, 220 insertions(+), 18 deletions(-)

For more information, see the posting on the linux-nvdimm@lists.01.org mailing list archives.

http://pmem.io/documents/

Standard