From The Video Description: FAX machines, although being a reminiscent of a not-so-far past, are still present in lots of office spaces and can be frequently used for business and legal communications. Most of its technology was developed decades ago and, quite probably, remained mostly unchanged over the years. Legacy boxes, accessible via a phone call through the phone line and, frequently, connected to local networks via Ethernet. It sounds like a good plan for summertime research! - via ZeroNights 2018 Eric Sesterhenn's, Luis Merino's, Markus Vervier's video 'Zero Fax Given'
From the Video Description: USB is one of the most common interfaces supported on modern computers. Modern OSes offer tons of USB drivers to support frequently used USB device classes. For other 3rd party USB devices, Microsoft provides automatic driver downloading and installation via Windows AutoUpdate Service. In this talk, we consider this as a novel attacking surface exposed by Windows. via ZeroNights 2018 and HC Ma's 'Massive Scale USB Device Driver Fuzz WITHOUT Device'
From The Video Description: "Unmonitored and unpatched BMC (remote administration hardware feature for servers) are an almost certain source of chaos. They have the potential to completely undermined the security of complex network infrastructures and data centers. Our on-going effort to analyze HPE iLO systems (4 and 5) resulted in the discovery of many vulnerabilities, the last one having the capacity to fully compromise the iLO chip from the host system itself. This talk will show how a combination of these vulnerabilities can turn an iLO BMC into a revolving door between an administration network and the production network." - via Alexandre Gazet's, Fabien (0xf4b) Perigaud's & Joffrey (@_Sn0rkY) Czarny - 'Turning Your BMC Into A Revolving Door'
Apple Inc. (Nasdaq: AAPL) has quite forcefully denied the (via Reuters, reportedly written by George Stathakopoulos - Apple’s Vice President for Information Security) existence of surreptitious-command-and-control-chip-insertions on system boards within devices manufactured by Super Micro Computer Inc. (NASDAQ: SMCI) under contract with and deployed/implemented by Apple Inc. within the latter's data centers. Interestingly, there is some evidence of security-related issues two years ago betwixt Apple, Inc. and Super Micro Computer Inc.... And then there's The Grugq, whose typically clear and exacting opinions are trusted hereabouts - his view appears here (you'd do well to listen to his take). Regardless of what path you walk in discerning the truth of this particularly murky debacle, one thing is clear - human nature given what it is, there is certainly an abundance of vile perniciousness floating about this scenario that has yet to be revealed.
via Sean Gallagher, writing at Ars Technica, comes this particularly unfortunate news for Apple Inc. (Nasdaq: AAPL) MDM (Mobile Device Management) bits - especially considering there will be a flood of new devices into many orgs. On the plus side, the flaw has been discovered, and now it's Apple's turn-at-bat to clean up their dusty-bits, as it were. Read all about it at everyones' beloved Ars Technica!.
Friend of the Blog Trey Blalock of Firewall Consultants sent a link in yesterday which amgically trasnprted us to Ramtin Amin's Web Blog yesterday (in actuality, a Hardware Security blog of considerable reknown)(gracias Trey!). Ramtin's work is indicative of a curious intellect, and tremendous hardware investigatory chops - (plus, keen eye-hand coordination!). If you are at all fascinated by hardware security (coupled with mobile telephony, femto-cells, cabling/dongles and the like) his blog will come as a refreshing changement de rythme of to-the-point discussions of same. Don't Doddle, Chop-Chop, Enjoy!
Meanwhile, in Spectre (PDF) news, comes word from Ars Technica's Peter Bright, of a newly discovered attack vector (PDF) (dubbed NetSpectre) using the pernicious speculative-execution in-built microcode from the Minds of Intel Corporation. Now - and this is truly lovely - the vectors' not local, but external and free from the constraints of local environs (perhaps endpoint security, etc) and is consequently a more pernicious network-resident information operation. Thanks Intel You're Swell!
"That impact is now a little larger. Researchers from Graz University of Technology, including one of the original Meltdown discoverers, Daniel Gruss, have described NetSpectre: a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory of a victim system without running any code on that system." - via Peter Bright,, whilst writing at Ars Technica
Bad mojo written up at Ars Technica and The Wall Street Journal, in the GPS realm. It's high time for the manufacturers to step up remediation efforts targeting these pernicious position system flaws. Until the appropos remediations and mitigations are firmly ensconced within the hardware and software under scruitny, no human should trust autonomous-navigating conveyances, unless - of course - you are actively testing those systems.
"“Our study demonstrated the initial feasibility of manipulating the road navigation system through targeted GPS spoofing,” the researchers, from Virginia Tech, China’s University of Electronic Sciences and Technology, and Microsoft Research, wrote in an 18-page paper (emphasis added). “The threat becomes more realistic as car makers are adding autopilot features so that human drivers can be less involved (or completely disengaged).”" - via Ars Technica Security Editor Extraordinaire Dan Goodin
Oleg Afonin, writing on Elcomsoft's blog, confirms Apple Inc.'s (NasdaqGS: AAPL) iOS USB Restricted Mode on the latest version release of iOS is configured by default to disallow connectivity through the device's USB port after the device is locked for one hour (as depicted in the screen shot above, the USB toggle is off). This may be troublesome for law enforcement's capability to garner data and ostensibly creates a 'golden hour' of data seizure capabilities by LE; Apple has published a support page with details of the process.
via Chris Williams, Editor in Chief of The Register, comes this surprising/yet not surprising fourth security flaw that now joins the Spectre/Meltdown Speculative Execution flaw in modern CPUs. Bad news for all.
"Variant 4 is referred to as a speculative store bypass. It is yet another "wait, why didn't I think of that?" design oversight in modern out-of-order-execution engineering. And it was found by Google Project Zero's Jann Horn, who helped uncover the earlier Spectre and Meltdown bugs, and Ken Johnson of Microsoft." - via Chris Williams, Editor in Chief of The Register targeting the fourth known Spectre/Meltdown flaw.