Security: Intel ME Back Door, Updates, Back Doors in Cars, Pacemaker, FCC, Hotel and GitHub Flukes
-
A Workaround To Disable Intel Management Engine 11
Positive Technologies is now reporting on a discovery by one of their researches to be able to disable Intel Management Engine 11 (Skylake era) after discovering an undocumented mode.
The security researchers discovered "an undocumented PCH strap that can be used to switch on a special mode disabling the main Intel ME functionality at an early stage." Those wanting to learn more can read this blog post.
-
Security updates for Thursday
-
Quebec man fights back after dealer remotely disables car over $200 fee
A car dealership in Sherbrooke, Que., may have broken the law when it used a GPS device to disable the car of a client who was refusing to pay an extra $200 fee, say consumer advocates consulted by CBC News.
[...]
"To turn off somebody's vehicle after he had already paid off the loan is clearly illegal … it's not your car anymore," Iny said.
-
465k patients told to visit doctor to patch critical pacemaker vulnerability
Talk about painful software updates. An estimated 465,000 people in the US are getting notices that they should update the firmware that runs their life-sustaining pacemakers or risk falling victim to potentially fatal hacks.
Cardiac pacemakers are small devices that are implanted in a patient's upper chest to correct abnormal or irregular heart rhythms. Pacemakers are generally outfitted with small radio-frequency equipment so the devices can be maintained remotely. That way, new surgeries aren't required after they're implanted. Like many wireless devices, pacemakers from Abbott Laboratories contain critical flaws that allow hijackers within radio range to seize control while the pacemakers are running.
-
FDA alerts on pacemaker recall for cyber flaw
The FDA issued an alert Aug. 29 regarding manufacturer Abbott's recall notice affecting six pacemaker devices. The recall is for firmware updates that will "reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities," the FDA wrote in its alert.
-
FCC “apology” shows anything can be posted to agency site using insecure API
The Federal Communications Commission's website already gets a lot of traffic—sometimes more than it can handle. But thanks to a weakness in the interface that the FCC published for citizens to file comments on proposed rule changes, there's a lot more interesting—and potentially malicious—content now flowing onto one FCC domain. The system allows just about any file to be hosted on the FCC's site—potentially including malware.
-
Inside an Epic Hotel Room Hacking {sic} Spree
Even after my article on Brocious’ lock hacking and his high-profile Las Vegas reveal, Onity didn’t patch the security flaw in its millions of vulnerable locks. In fact, no software patch could fix it. Like so many other hardware companies that increasingly fill every corner of modern society with tiny computers, Onity was selling a digital product without much of a plan to secure its future from hackers. It had no update mechanism for its locks. Every one of the electronic boards inside of them would need to be replaced. And long after Brocious’ revelation, Onity announced that it wouldn’t pay for those replacements, putting the onus on its hotel customers instead. Many of those customers refused to shell out for the fix—$25 or more per lock depending on the cost of labor—or seemed to remain blissfully unaware of the problem.
[...]
and demanded Cashatt’s entire communication history from Facebook.
-
How I lost 17,000 GitHub Auth Tokens in One Night
Turns out that there was a bug in my logic but not necessarily my code. After all, it did run flawlessly for a few years. So if my code was fine, where was the bug?
Looking at the update time of some of the records, I was able to place them roughly around the time of another event: A GitHub outage.
-
7 Things to Know About Today's DDoS Attacks
Distributed denial-of-service (DDoS) attacks continue to be a weapon of choice among threat actors seeking to extort money from victims, disrupt operations, conceal data-exfiltration activities, further hacktivist causes, or even to carry out cyberwar.
What was once a threat mostly to ISPs and organizations in the financial services, e-commerce, and gaming industry, has become a problem for businesses of all sizes. A small company is just as likely these days to become a target of a DDoS attack, as a big one — and for pretty much the same reasons.
-
Security ROI isn't impossible, we suck at measuring
As of late I've been seeing a lot of grumbling that security return on investment (ROI) is impossible. This is of course nonsense. Understanding your ROI is one of the most important things you can do as a business leader. You have to understand if what you're doing makes sense. By the very nature of business, some of the things we do have more value than other things. Some things even have negative value. If we don't know which things are the most important, we're just doing voodoo security.
- Login or register to post comments
- Printer-friendly version
- 3118 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago