HardenedBSD 11-STABLE v1100056.1 Released

For those relying upon BSD in security-critical environments, a new HardenedBSD 11-STABLE update is now available for this security-enhanced fork of FreeBSD. HardenedBSD continues to be a "fork" of FreeBSD focused on shipping the maximum security potential. HardenedBSD adds in extra security technologies, exploit mitigations, and other tweaks compared to what is shipped by default in FreeBSD stable. HardenedBSD 11-STABLE v1100056.1 is available today as a minor update compared to their previous stable update from several weeks back. Also:

• Stable release: HardenedBSD-stable 11-STABLE v1100056.1

• g2k18 hackathon report: Claudio Jeker on OpenBGPD developments

Security: Data Security and Back Doors (ME) in Hardware

• Episode 106 - Data isn't oil, it's nuclear waste

  Josh and Kurt talk about Cory Doctorow's piece on Facebook data privacy. It's common to call data the new oil but it's more like nuclear waste. How we fix the data problem in the future is going to require solutions we can't yet imagine as well as new ways of thinking about the problems.

• Intel Patches New ME Flaws That Could Let Hackers Run Arbitrary Code: Check For Patches

  Talking specifically about the flaws, the first one is CVE-2018-3627. Described as a logic bug, this easily exploitable bug allows code execution. CVE-2018-3628 is the more dangerous sibling which enables comprehensive remote code execution in the AMT process; it’s also identified as a “Buffer overflow in HTTP handler.”

• Intel patches new ME vulnerabilities

  In early July, Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine. Both advisories describe vulnerabilities with which an attacker could execute arbitrary code on the Minute IA PCH microcontroller. The vulnerabilities are similar to ones previously discovered by Positive Technologies security experts last November (SA-00086). But that was not the end of the story, as Intel has now released fixes for additional vulnerabilities in ME.

• Why Intel will never let owners control the ME

  Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.

  The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.

  This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.

Android Leftovers

• Source Code for Exobot Android Banking Trojan Leaked Online

• Google secretly tried to stop the probe into Android a year before its record $5 billion fine from the EU

• Google working on Android successor

• Google is Surprisingly Working on User Privacy through Fuchsia OS

• These are all the Android Go phones available today

• BlackBerry Key 2 Review: A Serious Android Phone That Could Just be Your Type

• Flagship Android phones top iPhone X in download speed, report claims

• If Brussels wants Android forks, phone makers aren't helping

Tux Machines is proud to be hosted by