Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Intel's zero-day problem
  • Reverse-engineering the Intel Management Engine’s ROMP module

    Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work.

    First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me.

  • Intel AMT on wireless networks

    More details about Intel's AMT vulnerablity have been released - it's about the worst case scenario, in that it's a total authentication bypass that appears to exist independent of whether the AMT is being used in Small Business or Enterprise modes (more background in my previous post here). One thing I claimed was that even though this was pretty bad it probably wasn't super bad, since Shodan indicated that there were only a small number of thousand machines on the public internet and accessible via AMT. Most deployments were probably behind corporate firewalls, which meant that it was plausibly a vector for spreading within a company but probably wasn't a likely initial vector.

    [...]

    Case 2 is the scary one. If you have a laptop that supports AMT, and if AMT has been provisioned, and if AMT has had wireless support turned on, and if you're running Windows, then connecting your laptop to a public wireless network means that AMT is accessible to anyone else on that network[1]. If it hasn't received a firmware update, they'll be able to do so without needing any valid credentials.

  • Intel declared war on general purpose computing and lost, so now all our computers are broken

    It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next?

    For the past week, the IT press has been full of news about the AMT module in the Management Engine making millions of systems vulnerable to local and remote attacks, with a firmware update to disable the module as the only really comprehensive solution. But AMT is only one of the many components of ME, and every one of them could have a vulnerability as grave as this one -- and Intel is not offering any way to turn off ME altogether, meaning that there's a lot of this in our future.

    ME is a brilliant example of why declaring war on general-purpose computing is a terrible idea. There are lots of reasons to want a computer that can only run some programs (instead of every program): preventing poisoned operating systems and other malware, preventing game cheating, enforcing copyright restrictions (DRM), etc... Every one of them is presented as a use-case for ME.

  • OSS-Fuzz: Five months later, and rewarding projects
  • USN-3285-1: LightDM vulnerability
  • generic kde LPE
  • QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)
  • Europe is living under Microsoft’s digital killswitch

    All across Europe, from Finland to Portugal, Ireland to Greece, governments rely on Microsoft software. As their digital systems grow in size and importance, countries are becoming increasingly dependent on this single American corporation. But what consequences does this “lock-in” have? What risks does it pose for the security of European data? And what can governments do to counter it?

    It’s estimated that Microsoft makes around two billion euros in Europe every year, just from its business with the public sector. In 2012 the European Commission released a report that stated that 1.1 billion euros were unnecessarily lost by the European public sector due to being locked-in in business with IT system providers.

More in Tux Machines

Introducing the potential new Ubuntu Studio Council

Back in 2016, Set Hallström was elected as the new Team Lead for Ubuntu Studio, just in time for the 16.04 Xenial Long Term Support (LTS) release. It was intended that Ubuntu Studio would be able to utilise Set’s leadership skills at least up until the next LTS release in April 2018. Unfortunately, as happens occasionally in the world of volunteer work, Set’s personal circumstances changed and he is no longer able to devote as much time to Ubuntu Studio as he would like. Therefore, an IRC meeting was held between interested Ubuntu Studio contributors on 21st May 2017 to agree on how to fill the void. We decided to follow the lead of Xubuntu and create a Council to take care of Ubuntu Studio, rather than continuing to place the burden of leadership on the shoulder of one particular person. Unfortunately, although the result was an agreement to form the first Ubuntu Studio Council from the meeting participants, we all got busy and the council was never set up. Read more

today's leftovers

  • My Experience with MailSpring on Linux
    On the Linux Desktop, there are quite a few choices for email applications. Each of these has their own pros and cons which should be weighed depending on one’s needs. Some clients will have MS Exchange support. Others do not. In general, because email is reasonably close to free (and yes, we can thank Hotmail for that) it has been a difficult place to make money. Without a cash flow to encourage developers, development has trickled at best.
  • Useful FFMPEG Commands for Managing Audio and Video Files
  • Set Up A Python Django Development Environment on Debian 9 Stretch Linux
  • How To Run A Command For A Specific Time In Linux
  • Kubuntu 17.10 Guide for Newbie Part 7
  •  
  • Why Oppo and Vivo are losing steam in Chinese smartphone market
    China’s smartphone market has seen intense competition over the past few years with four local brands capturing more than 60 percent of sales in 2017. Huawei Technologies, Oppo, Vivo and Xiaomi Technology recorded strong shipment growth on a year-on-year basis. But some market experts warned that Oppo and Vivo may see the growth of their shipments slow this year as users become more discriminating.
  • iPhones Blamed for More than 1,600 Accidental 911 Calls Since October
    The new Emergency SOS feature released by Apple for the iPhone is the one to blame for no less than 1,600 false calls to 911 since October, according to dispatchers. And surprisingly, emergency teams in Elk Grove and Sacramento County in California say they receive at least 20 such 911 calls every day from what appears to be an Apple service center. While it’s not exactly clear why the iPhones that are probably brought in for repairs end up dialing 911, dispatchers told CBS that the false calls were first noticed in the fall of the last year. Apple launched new iPhones in September 2017 and they went on sale later the same month and in November, but it’s not clear if these new devices are in any way related to the increasing number of accidental calls to 911.
  • Game Studio Found To Install Malware DRM On Customers' Machines, Defends Itself, Then Apologizes
    The thin line that exists between entertainment industry DRM software and plain malware has been pointed out both recently and in the past. There are many layers to this onion, ranging from Sony's rootkit fiasco, to performance hits on machines thanks to DRM installed by video games, up to and including the insane idea that copyright holders ought to be able to use malware payloads to "hack back" against accused infringers. What is different in more recent times is the public awareness regarding DRM, computer security, and an overall fear of malware. This is a natural kind of progression, as the public becomes more connected and reliant on computer systems and the internet, they likewise become more concerned about those systems. That may likely explain the swift public backlash to a small game-modding studio seemingly installing something akin to malware in every installation of its software, whether from a legitimate purchase or piracy.

Server: Benchmarks, IBM and Red Hat

  • 36-Way Comparison Of Amazon EC2 / Google Compute Engine / Microsoft Azure Cloud Instances vs. Intel/AMD CPUs
    Earlier this week I delivered a number of benchmarks comparing Amazon EC2 instances to bare metal Intel/AMD systems. Due to interest from that, here is a larger selection of cloud instance types from the leading public clouds of Amazon Elastic Compute Cloud, Microsoft Azure, and Google Compute Engine.
  • IBM's Phil Estes on the Turbulent Waters of Container History
    Phil Estes painted a different picture of container history at Open Source 101 in Raleigh last weekend, speaking from the perspective of someone who had a front row seat. To hear him tell it, this rise and success is a story filled with intrigue, and enough drama to keep a daytime soap opera going for a season or two.
  • Red Hat CSA Mike Bursell on 'managed degradation' and open data
    As part of Red Hat's CTO office chief security architect Mike Bursell has to be informed of security threats past, present and yet to come – as many as 10 years into the future. The open source company has access to a wealth of customers in verticals including health, finance, defence, the public sector and more. So how do these insights inform the company's understanding of the future threat landscape?
  • Red Hat Offers New Decision Management Tech Platform
    Red Hat (NYSE: RHT) has released a platform that will work to support information technology applications and streamline the deployment of rules-based tools in efforts to automate processes for business decision management, ExecutiveBiz reported Thursday.

Vulkan Anniversary and Generic FBDEV Emulation Continues To Be Worked On For DRM Drivers

  • Vulkan Turns Two Years Old, What Do You Hope For Next?
    This last week marked two years since the debut of Vulkan 1.0, you can see our our original launch article. My overworked memory missed realizing it by a few days, but it's been a pretty miraculous two years for this high-performance graphics and compute API.
  • Generic FBDEV Emulation Continues To Be Worked On For DRM Drivers
    Noralf Trønnes has spent the past few months working on generic FBDEV emulation for Direct Rendering Manager (DRM) drivers and this week he volleyed his third revision of these patches, which now includes a new in-kernel API along with some clients like a bootsplash system, VT console, and fbdev implementation.