Uncategorized

Introducing graphene-ng: running arbitrary payloads in SGX enclaves

fig1

Jun 11, 2018 by Joanna Rutkowska

A few months ago, during my keynote at Black Hat Europe, I was discussing how we should be limiting the amount of trust when building computer systems. Recently, a new technology from Intel has been gaining popularity among both developers and researchers, a technology which promises a big step towards such trust-minimizing systems. I’m talking about Intel SGX, of course. Intel SGX caught my attention for the first time about 5 years ago, a little while before Intel has officially added information about it to the official Software Developer’s Manual. I’ve written two posts about my thoughts on this (then-upcoming) technology, which were a superposition of both positive and negative feelings. Over the last 2 years or so, together with my team at ITL, we’ve been investigating this fascinating technology a bit closer. Today I’d like to share some introductory information on this interesting project we’ve been working on together with our friends at Golem for several months now.[…]

https://blog.invisiblethings.org/2018/06/11/graphene-ng.html

 

 

Standard
Uncategorized

Joanna on trusting hardware

Joanna Rutkovska gave a talk on trust at BlackHat EU:

https://www.blackhat.com/docs/eu-17/materials/eu-17-Rutkowska-Security-Through-Distrusting.pdf

Standard
Uncategorized

OEMs: publish your platform firmware hashes [using codehash.db]

Reminder to OEMs: publish the hashes of your platform firmware. Hopefully using codehash.db.

In below twitter thread, Joanna asked Dell support for hashes for their firmware. Eventually, Rick Martinez of Dell got involved, so this is a good example of a conversation on this topic by two who understand the issues.

http://en.community.dell.com/techcenter/extras/m/white_papers/20287278

It looks like Dell needs to use HTTPS:

https://github.com/rootkovska/codehash.db

Standard
Uncategorized

Qubes and Golem

Golem is a global, open sourced, decentralized supercomputer that anyone can access. It’s made up of the combined power of user’s machines, from personal laptops to entire datacenters. Anyone will be able to use Golem to compute (almost) any program you can think of, from rendering to research to running websites, in a completely decentralized & inexpensive way. The Golem Network is a decentralized sharing economy of computing power, where anyone can make money ‘renting’ out their computing power or developing & selling software.

https://github.com/rootkovska/rootkovska.github.io/blob/master/papers/2017/Secure%20Computing%20in%20Decentralized%20World.pdf

https://golem.network/

 

Standard
Uncategorized

USB attack to Mazda cars: Bad Valet attack

“Bad Valet is the new Evil Maid” –Joanna Rutkowska

 

“A PoC that the USB port is an attack surface for a Mazda car’s infotainment system and how Mazda hacks are made.”

https://github.com/shipcod3/mazda_getInfo

 

Standard
Uncategorized

US Customs looks at QubesOS inventors computer

😦

 

Standard