Introduction to Intel x86: Architecture, Assembly, Applications, and Alliteration
Introduction to Intel x86-64: Architecture, Assembly, Applications, and Alliteration
Intermediate Intel x86: Architecture, Assembly, Applications, and Alliteration
With a bonus that you can also learn about ARM assembly in the same class format, and compare and contrast them (what with x86 and ARM being the 2 major architectures which dominate the world's computing devices currently.)
Introduction to ARM
I was at VirusBulletin when this was being discussed.
A lot of the other comments are just typical ignorant FUD. Let me tell you exactly what this is: reinventing the wheel.
The speaker described how they had started working on a malware analysis environment back in 2004 and ultimately abandoned it as a failure in 2010. They then *clearly* didn't just look around and see what already existed, but instead just stubbornly decided to press on in making their own.
I was really cringing as the FBI agent described the system to a room full of malware analysis and AV companies, because the system was just so *basic*.
But he said that it received multiple awards within the government and was seen as being super awesome. Just another example of the government being insular and not realizing how far behind industry they are.
For those who think it's a honey pot, it's really not. Not quite anyway. The agent specifically said that the main value to them to make it open is that they *do* want to collect more malware samples. They're starting with LE (who may not be experienced enough to know they can just use one of many other free malware analysis environments, and thus will use the one the FBI hands to them). But then after LE it's a much smaller lift to just open it to everyone, and thus it's sort of a "why not" sort of thing.
It only takes one major manufacturer to publicly announce that "we're publishing our code so that it can be verified, unlike our competitors" for it to spread to the competitors.
OEM1 releases full source
OEM2 fires all BIOS developers and leeches off OEM1
OEM1 has the privilege of maintaining a BIOS development workforce for the benefit of their competitors
Though maybe that would work as a feint to eventually put competitors at a disadvantage
Also, believe it or not, OEMs and places like AMI, Phoenix, etc do actually try to add features down at the firmware level that their competitors don't have, to differentiate themselves and hopefully get a few more sales. E.g. recall the splashtop OSes that were being pimped as the instant-boot solution to get your browsing quickly a while back. Or I feel like I've seen the ability to check your Outlook from BIOS on HPs
The important write protects are whether the BIOS configures itself as locked or not after it's booted far enough to determine there are no BIOS updates pending. You can check if your BIOS is open or closed to attackers by running Copernicus or Chipsec.
Link to Original Source
This week, British scientists at the National Physical Laboratory, created special solar panels which function best when it’s gloomy outside. That’s right, they produce more energy when clouds are blocking the sun, than when the sun is out in full force. In fact, scientists have shown that the new solar panels manage only 10% efficiency when placed in direct sunlight, while that number jumps to 13% when placed in cloudy conditions.
These solar cells, called organic photovoltaic, are unlike any other. They are made up of small organic molecules which act as semi conductors when struct with solar radiation. The amazing thing is that the molecules can easily be dissolved into a solution and 3D printed into any shape, size, or color desired.
Dr Fernando Castro, principal research scientists at the National Physical Laboratory in Teddington, said: Organic photovoltaics work much better in low and diffused light conditions. Even if it’s cloudy they still work. It’s not that they are going to produce more power but they are more efficient at generating power from the light that is available. So they would work better than normal soar cells do in cloud.
Read More At Source
Link to Original Source
Link to Original Source
Researchers from MITRE presented a proof of concept system management mode man in the middle (SMMMitM) attack, "Smite'em the Stealthy" that could hide an attacker in the BIOS/SMM from MITRE's own Copernicus, the open source Flashrom, and any other software-based BIOS capture or measurement systems. MITRE countered Smite'em with Copernicus 2, which is able to perform more trustworthy BIOS captures by building on the CMU open source Flicker project which uses Intel Trusted Execution Technology. In a separate talk, Intel researchers released a new open source tool Chipsec, which while still vulnerable by Smite'em, is focused instead at helping security researchers find new problems and helping OEMs check that their BIOSes are locked down before shipping. In the final talk Intel and MITRE researchers jointly spoke about problems they have disclosed to vendors that allow bypassing UEFI SecureBoot. They discussed a number of issues discovered by Intel, and one co-discovered by the MITRE team.
Link to Original Source
I've studied the entire TPM technical specification. I understand it in minute detail.
I don't doubt you've looked at it. But clearly you've looked at it from the perspective of how you think it impinges on your liberty rather than from the perspective of a security engineer trying to achieve simple properties such as executing code that isn't manipulated by an attacker. That's fine, that's the perspective I expect most slashdotters to be coming at it from. But I'm pretty encouraged by how many people in this thread have pushed back against the normal FUD I expect to see here.
The TPM technical specification is quite explicit that the owner of the computer is FORBIDDEN to ever get his keys
Forbidden from getting them out of the TPM, not forbidden from using them in ways that allow for guaranteeing security properties.If you can just export the key from the TPM onto your normal OS, how would you ever know you were talking to a TPM instead of malware pretending to be a TPM? If you could just ask the TPM to sign something for you with the protected keys, why could the attacker not arbitrarily ask for forged data to be signed?
The owner is forbidden to have his Private Endorsement Key because this key is used to secure the Remote Attestation process against the owner. Remote Attestation is where the chip securely (secure against the owner) securely tracks your hardware and the software you run, and sends that spy-report out to other computers over the internet. If the owner had his Private Endorsement key, these Attestation spy-reports wouldn't be secure against the owner.
An amazingly hyperbolic statement for someone who claims to have read the specs.
1) "The chip" tracks your hardware does it? You understand that the TPM is a completely passive chip waiting for people to come along and send it data, don't you?
2) Same point, again. If you export the EK into the OS, any malware anywhere can forge the attestation state, saying that the system is in a state it is not in. That could mean it's infected when it's not, so it gets reimaged by corporate IT, it can say it's not infected when it is, so the attacker has the run of the network.
3) Only a few large companies are actually using TPMs and remote attestation for things like trusted network connect (just NAC with a TPM-signed configuration), but in reality your FUD-drenched picture of the "spy-reports" (really? wow) being sent out gives the trusted computing folks too much credit. Since no one's using it at the OS level, most all attestation report data is just the BIOS collecting data about itself. And as people showed at BlackHat recently, vendors like Dell don't actually do a very good job of collecting relevant information, collecting just the bare minimum to make bitlocker work - https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf
TPM is just a secure hardware keystore.
It's more than that, but an important part of it is that it's a "secure hardware keystore". Specifically, it is designed to be SECURE AGAINST THE OWNER. The Trusted Platform Module Technical Specification explicitly refers to the owner of the chip as an attack-threat which the chip MUST be secure against.
The "Master Keys" are held by the Trusted Computing Group. The crucial individual keys are locked inside the Trusted Computing chips, secured against the owners.
It's great that you've read the specs and all, and somehow latched on to the imaginary phrase "secure against the owners", but clearly you don't realize that specs != reality, and in reality, 3/4 of the TPMs I've looked at (broadcom, STMicro, infinion) ship *without* endorsement keys, and you just provision it yourself. So I guess given that TPMs predominantly allow you to control the keys, you don't have any problem with TPMs. I look forward to education having changed your opinion. Or not. Probably not.