Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Intel's zero-day problem
  • Reverse-engineering the Intel Management Engine’s ROMP module

    Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work.

    First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me.

  • Intel AMT on wireless networks

    More details about Intel's AMT vulnerablity have been released - it's about the worst case scenario, in that it's a total authentication bypass that appears to exist independent of whether the AMT is being used in Small Business or Enterprise modes (more background in my previous post here). One thing I claimed was that even though this was pretty bad it probably wasn't super bad, since Shodan indicated that there were only a small number of thousand machines on the public internet and accessible via AMT. Most deployments were probably behind corporate firewalls, which meant that it was plausibly a vector for spreading within a company but probably wasn't a likely initial vector.

    [...]

    Case 2 is the scary one. If you have a laptop that supports AMT, and if AMT has been provisioned, and if AMT has had wireless support turned on, and if you're running Windows, then connecting your laptop to a public wireless network means that AMT is accessible to anyone else on that network[1]. If it hasn't received a firmware update, they'll be able to do so without needing any valid credentials.

  • Intel declared war on general purpose computing and lost, so now all our computers are broken

    It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next?

    For the past week, the IT press has been full of news about the AMT module in the Management Engine making millions of systems vulnerable to local and remote attacks, with a firmware update to disable the module as the only really comprehensive solution. But AMT is only one of the many components of ME, and every one of them could have a vulnerability as grave as this one -- and Intel is not offering any way to turn off ME altogether, meaning that there's a lot of this in our future.

    ME is a brilliant example of why declaring war on general-purpose computing is a terrible idea. There are lots of reasons to want a computer that can only run some programs (instead of every program): preventing poisoned operating systems and other malware, preventing game cheating, enforcing copyright restrictions (DRM), etc... Every one of them is presented as a use-case for ME.

  • OSS-Fuzz: Five months later, and rewarding projects
  • USN-3285-1: LightDM vulnerability
  • generic kde LPE
  • QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)
  • Europe is living under Microsoft’s digital killswitch

    All across Europe, from Finland to Portugal, Ireland to Greece, governments rely on Microsoft software. As their digital systems grow in size and importance, countries are becoming increasingly dependent on this single American corporation. But what consequences does this “lock-in” have? What risks does it pose for the security of European data? And what can governments do to counter it?

    It’s estimated that Microsoft makes around two billion euros in Europe every year, just from its business with the public sector. In 2012 the European Commission released a report that stated that 1.1 billion euros were unnecessarily lost by the European public sector due to being locked-in in business with IT system providers.

More in Tux Machines

How To Encrypt DNS Traffic In Linux Using DNSCrypt

​Dnscrypt is a protocol that is used to improve DNS security by authenticating communications between a DNS client and a DNS resolver. DNSCrypt prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. DNSCrypt is available for multi-platforms including Windows, MacOS, Unix, Android, iOS, Linux and even routers. Read
more

Debian-Based Untangle 13.0 Linux Firewall Tackles Bufferbloat, Adds New Features

Untangle NG Firewall, the open-source and powerful Debian-based network security platform featuring pluggable modules for network apps, has been updated to version 13.0, a major release adding new features and numerous improvements. The biggest improvement brought by the Untangle NG Firewall 13.0 release is to the poor latency generated by excess buffering in networking equipment, called bufferbloat, by supporting a queueing algorithm designed to optimize QoS and bandwidth to enforce a controlled delay. Read more

Kernel Space: HMM, Cloud Native, Linux 4.12, TFS, Linux 4.11.2, and 4.10 EoL

  • Faster machine learning is coming to the Linux kernel
    Heterogenous memory management (HMM) allows a device’s driver to mirror the address space for a process under its own memory management. As Red Hat developer Jérôme Glisse explains, this makes it easier for hardware devices like GPUs to directly access the memory of a process without the extra overhead of copying anything. It also doesn't violate the memory protection features afforded by modern OSes.
  • Product Development in the Age of Cloud Native
    Ever since the mass adoption of Agile development techniques and devops philosophies that attempt to eradication organizational silos, there’s been a welcome discussion on how to optimize development for continuous delivery on a massive scale. Some of the better known adages that have taken root as a result of this shift include “deploy in production after checking in code” (feasible due to the rigorous upfront testing required in this model), “infrastructure as code”, and a host of others that, taken out of context, would lead one down the path of chaos and mayhem. Indeed, the shift towards devops and agile methodologies and away from “waterfall” has led to a much needed evaluation of all processes around product and service delivery that were taken as a given in the very recent past.
  • Running Intel Kabylake Graphics On Linux 4.12
  • TFS File-System Still Aiming To Compete With ZFS, Written In Rust
    The developers behind the Rust-based Redox operating system continue working on the "TFS" file-system that they hope will compete with the long-standing ZFS file-system, but TFS isn't being tied to just Redox OS.
  • Linux Kernel 4.10 Reached End of Life, Users Urged to Move to Linux 4.11 Series
    Greg Kroah-Hartman informed the Linux community about the release and immediate availability of the seventeenth maintenance update to the Linux 4.10 kernel series, which also marked the end of life.
  • Linux Kernel 4.11.2 Has Many F2FS and CIFS Improvements, Lots of Updated Drivers

ROSA Fresh R9

ROSA is a desktop distribution that was originally forked from Mandriva Linux, but now is independently developed. While the company which produces ROSA is based in Russia, the distribution includes complete translations for multiple languages. The ROSA desktop distribution is designed to be easy to use and includes a range of popular applications and multimedia support. ROSA R9 is available in two editions, one featuring the KDE 4 desktop and the second featuring the KDE Plasma 5 desktop. These editions are scheduled to receive four years of support and security updates. I decided to download the Plasma edition of ROSA R9 and found the installation media to be approximately 2GB in size. Booting from the ROSA disc brings up a menu asking if we would like to load the distribution's live desktop environment or begin the installation process. Taking the live option brings up a graphical wizard that asks us a few questions. We are asked to select our preferred language from a list and accept the project's warranty and license. We are then asked to select our time zone and keyboard layout from lists. With these steps completed, the wizard disappears and the Plasma 5.9 desktop loads. Read more