Friday, March 06, 2020

What I'm Reading 3/6/2020 - Intel has screwed us all

Books -

Network Forensics Tracking Hackers Through Cyberspace

The Ten-Day MBA 4th Ed.: A Step-By-Step Guide To Mastering The Skills Taught In America's Top Business Schools

Wired for War: The Robotics Revolution and Conflict in the 21st Century
Blogs / News

CNN - Tulsi Gabbard is still running for president -
Gabbard's campaign continues even as several of her rivals have ended their own presidential bids in recent days. This week, candidates who were once in the top tier of contenders dropped out, including former South Bend, Indiana, Mayor Pete Buttigieg and Sens. Amy Klobuchar of Minnesota and Elizabeth Warren of Massachusetts. 
Reddit - Univ of Cincinnati CompSci/Engineering Department just made their graduate level Malware Analysis class public -
Class Website 
 The Hacker News - Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers -
The vulnerability, tracked as CVE-2020-8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them.
For this, all an attacker needs to do is to send an unsolicited malformed EAP packet to a vulnerable ppp client or a server.
ZDNet - Intel CSME bug is worse than previously thought -
(I)n new research published today, Ermolov says the bug can be exploited to recover the Chipset Key, which is the root cryptographic key that can grant an attacker access to everything on a device.
Furthermore, Ermolov says that this bug can also be exploited via "local access" -- by malware on a device, and not necessarily by having physical access to a system. The malware will need to have OS-level (root privileges) or BIOS-level code execution access, but this type of malware has been seen before and is likely not a hurdle for determined and skilled attackers that are smart enough to know to target the CSME.
CSO - Intel CSME flaw is unpatchable, researchers warn -
(T)he flaw itself cannot be patched because it's located in the boot ROM of CSME, which is programmed during the manufacturing process and cannot be changed. The CSME firmware itself that resides in SPI flash can be updated, but the early-stage boot code where the bug is located and whose purpose is to load the firmware is burned into the chip and is permanent.
According to Mark Ermolov, lead specialist of OS and hardware security at Positive Technologies, because of its location, the flaw is similar to the Checkm8 boot ROM exploit for iOS devices that was revealed in September and is considered a permanent jailbreak -- the holy grail of iPhone jailbreak developers.
GeekWire -  Microsoft will continue to pay all vendor hourly service providers, independent of whether their full services are needed

Yay, Microsoft!

Belmont Club - Connected Cows -
In a 2015 video Microsoft's Joseph Sirosh described the advantages of wiring up a herd of cows to the cloud application via a motion sensor. One of the farmer's problems is determining when a cow is in estrus so it can be artificially inseminated during the short period it is fertile. Motion sensors can pick up the abnormal restlessness of cows in heat with 95% accuracy leading to immense benefits for the Japanese farmers who implemented the system of connected cows.
The Chinese Communist Party used the same system to inform and guide its quarantine during the recent Covid-19 outbreak.
A lot of people might look at this and say, "Oh Wow, look at how clever and efficient the Chinese are.  No wonder they could respond so well to the Coronavirus outbreak", but what's really being pointed out is how pervasive their surveillance state is.  In this case it had a positive use (maybe) but this same technology can be used to crack down on political dissidents or other disfavored parties.

DUO - The Beer Drinkers Guide to SAML -
There’s often a knowledge gap in IT organizations when it comes to understanding how exactly SAML works. Many administrators and engineers are familiar with traditional network-based authentication protocols like RADIUS, LDAP and SSH, but reliance on SAML will increase as organizations continue to transition to cloud-based vendors and services.
This blog post is intended to remove the mystery from SAML, explain the mechanics behind some of the most common SAML use cases, and draw parallels to the unfortunately-fictional BaaS – Beer as a Service, that is.



No comments: