Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Submission + - Seven IPMI Firmware Zero Days Disclosed (threatpost.com)

Submitted by msm1267
msm1267 writes: HD Moore today disclosed seven zero-day vulnerabilities in IPMI firmware from vendor Super Micro. The security issues were reported to the vendor in August, however the vendor, beyond acknowledging receipt of the vulnerabilities never communicated with Metasploit regarding a fix.

A Super Micro representative told Threatpost that this was an “old story” and that the issue had been resolved. A request for further comment from a Super Micro project manager was not returned in time for publication and the availability of patches could not be confirmed.

IPMI, or intelligent platform management interface, are tiny computers that sit on a motherboard that are used by IT administrators in large data centers for remote management of servers or remote BIOS maintenance. They’re mostly present in rack-mount servers, and are cumbersome to update because they often require physical access to the hardware, and in a service provider environment, for example, there could be hundreds of these embedded devices present.

Beardsley said that a Project Sonar scan for the IPMI firmware in question, version SMT_X9_226, found 35,000 of them online. He estimates that number likely represents less than 10 percent of the total devices in use.

Comment Re:who thinks about their smoke detector? (Score 1) 177

by What'sInAName (#45084377) Attached to: Nest Protect: Trojan Horse For 'The Internet of Things'?

Many apartments are like this. Here in the Boston area there are quite a few apartment buildings with central heat that individual units have no control over. It's especially bad with those damn steam radiators. Depending on what kind of insulation you have, part of a room will be boiling hot and the other part will be freezing. If you stand in between the two extremes and rotate, you can kind of keep yourself at a comfortable temperature, but that's a bit... awkward to do.

Comment I'm going for an S3 (Score 2, Interesting) 470

by What'sInAName (#41357025) Attached to: iPhone 5 GeekBench Results

(Grrr, thought I was logged in.)

I've decided that my next phone (soon, I hope) is going to be the S3. I'd been holding out with my iPhone 4 for a while, waiting (like many others, I suspect) to see what Apple would wow us with for the iPhone 5. Needless to say, I wasn't that impressed, though to be honest, part of me really didn't expect to be, given that there are only so many innovations they could have come up with. What could they have done? An even bigger screen? NFC? A phone you could roll up? The first two would hardly have been groundbreaking and the latter is tech that doesn't really exist yet.

Still, at the end of the day, I'm sure I could be happy with the 5, but I'm ready to play with a new toy. I've never had an Android device before, but got a chance to play with a tablet and some phones over my vacation, and I liked what I saw.

Captcha: revenues

Comment Re:Key AND Password (Score 2) 167

I use Mobile OTP (http://motp.sourceforge.net/) for two-factor auth at work. Once I figured out the PAM side of things, it was quite straight-forward. I installed it on my server at home as well, but I'm a little more relaxed about it -- I allow ssh from a few "trusted" boxes via ssh-keys, otherwise it requires password+OTP token authentication. Now, I just have to worry about keeping those "trusted" boxes safe. (I do have a password on the ssh keys, but wonder if I have a long-running login session with the keys installed into ssh-agent, I might be boned anyway if someone were to break in.)

Comment Re:Pah! Antisocial network (Score 1) 396

by What'sInAName (#39476357) Attached to: Senators Ask Feds To Probe Facebook Log-in Requests

What happens when they decide that people they can't find on social networks must either be lying, or must have something to hide?

Honestly, I am so fucking tired of all these facebook "hipster" posts that basically say, "I'm too cool to be on social media!" If you don't have Facebook, this doesn't affect you, so stop telling everyone you don't have Facebook. No one thinks you're cool because of it.

Please! I wasn't on FB before it was cool to not be on FB. Instead, I'm on a different social networking site. You probably haven't heard of it.

Comment Re:Come back... (Score 1) 311

by What'sInAName (#39036333) Attached to: Followup: Ultraviolet Vision After Cataract Surgery

Yup, that's an excellent description of what it's like -- I think I actually described it that way ("feeling" it rather than hearing it) once actually. I only found it mildly annoying though. I always thought it was a cool (if somewhat useless) "superpower."

Nice to see I'm not the only one. I worked in a computer lab in college for a bit and would always be the one to walk around and turn off the CRT monitors that had been left on at the end of the day (though with a room full of them, it still takes a bit of time -- the sound isn't particularly directional). Never found anyone else around who knew what the hell I was talking about until now.

Comment CTRL+F in meatspace (Score 1) 567

by What'sInAName (#37152486) Attached to: Most People Have Never Heard of CTRL+F

I have the opposite problem. I try to use Ctrl+F (well, grep actually) in the real world. Don't tell me you haven't. I can't recall the number of times I've been reading a book, deciding I want to search for something, and caught myself thinking "I'll just grep for.... oh shit."

It happens less and less now, since I've started using the iPad as a book reader. Now the only really annoying thing is getting a non-searchable PDF, which is fortunately pretty rare.

Slashdot Top Deals

An authority is a person who can tell you more about something than you really care to know.

Close