Uncategorized

What You Don’t Know about Firmware Might Get You ∅wn3d

Brian Richardson of Intel has an article on firmware security. It even mentions CHIPSEC and NIST 147!

http://eecatalog.com/intel/2018/04/09/what-you-dont-know-about-firmware-might-get-you-own3d/#.WtZPvUZ6xU0.twitter

 

 

 

Standard
Uncategorized

Intel Security Essentials: A Built-in Foundation with Security at the Core

Intel Threat Detection Technology (TDT) announced at RSA. Includes GPU-powered antivirus code.

https://newsroom.intel.com/editorials/securing-digital-world-intel-announces-silicon-level-security-technologies-industry-adoption-rsa-2018/

https://software.intel.com/en-us/blogs/2018/04/16/intel-security-essentials-a-built-in-foundation-with-security-at-the-core

https://www.intel.com/content/www/us/en/security/hardware/hardware-security-overview.html

https://www.engadget.com/2018/04/17/intel-malware-scanner-gpu-processor-cpu-speed/

https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/

Intel Security Essentials

 

Standard
Uncategorized

more on INTEL-sa-00087

Re: https://firmwaresecurity.com/2018/04/03/intel-sa-00087-unsafe-opcodes-exposed-in-intel-spi-based-products/

Lenovo has an advisory now:

https://support.lenovo.com/us/en/solutions/LEN-16445

Could an Intel chip flaw put your whole computer at risk?

Standard
Uncategorized

INTEL-SA-00110: BIOS SW SMI Call-Out EoP

Intel® NUC BIOS SW SMI Call-Out

Intel ID: INTEL-SA-00110
Product family: Intel® NUC Kits
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Apr 17, 2018
Last revised: Apr 17, 2018
Summary:

This update will improve the security of system firmware for the below listed Intel NUC models. Intel has identified a potential vulnerability in Intel NUC kits with insufficient input validation in system firmware that potentially allows a local attacker to elevate privileges to System Management Mode (SMM). Intel highly recommends that users update to the latest firmware version (see table above).

Intel would like to thank Embedi for reporting this issue and working with us on coordinated disclosure.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00110&languageid=en-fr

 

Standard
Uncategorized

Intel, Center for Cybersecurity Policy and Law start Coordinated Vulnerability Disclosure Practices for Hardware

WASHINGTON, April 12, 2018 /PRNewswire/ — Today, the Center for Cybersecurity Policy and Law announced a new cybersecurity effort to examine coordinated vulnerability disclosure policy and processes specific to hardware.

Coordinated disclosure is widely regarded as the best way to responsibly protect users from security exploits. Led by Ari Schwartz, the Center’s coordinator, the project will bring together business leaders, policymakers and other stakeholders from across the technology sector to identify specific disclosure needs in the hardware ecosystem, assess the current in disclosure policy and practice and describe options for collaboration and improvements. “As recent threats have shown, the need for industrywide coordination and response to new vulnerabilities has never been greater,” said Schwartz. “We are looking forward to engaging with a wide range of players to help improve resiliency in the hardware ecosystem.” […]

https://centerforcybersecuritypolicy.org/

https://blogs.intel.com/policy/2018/04/12/furthering-intels-security-first-pledge-with-cybersecurity-public-policy/

https://www.prnewswire.com/news-releases/center-for-cybersecurity-policy-and-law-to-engage-with-industry-on-coordinated-vulnerability-disclosure-practices-for-hardware-300629040.html

What about the other chip makers beyond Intel?

Standard