Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Researcher releases 0day for Lenovo BIOSes

BIOS4breakfast writes: Researcher Dmytro Oleksiuk recently found a vulnerability that allows for compromise of System Management Mode (SMM) on Lenovo Thinkpad laptops. As SMM is the most privileged execution mode on x86 processors, this attack also allows for bypassing SecureBoot, as well as BIOS flash protections. Which means it's possible to insert a persistent backdoor (like the one HackingTeam was previously shown to be selling) into affected systems. He also discovered that the vulnerability existed in the open source UEFI reference code, but was patched at some point. This means an unknown number of other vendors likely have this same vulnerable reference code in their BIOSes. Rather than reporting this to the UEFI Security Response Team for coordination however, he decided to just drop a 0day exploit on github, and let the situation resolve itself.

Comment EdX vs. OpenCourseware (Score 1) 55

EdX came out of MIT. MIT used to be a strong proponent of OpenCourseware. OpenCourseware classes were both open access *and* open source, so that other instructors could use the material, though admittedly many classes (at least in the computer security domain) never posted videos. EdX courses are open access, but rarely (if ever?) open source. Do you think dropping the requirement to be open source has helped EdX succeed where OpenCourseware failed?

Comment College professors vs. technical experts (Score 1) 55

Coursera and EdX primarily source their instructors from college professors. Udacity is more open to bringing in experts from technical fields. In my experience, college professors in the computing fields are often people who chose to get a PhD straight out of college (perhaps because they were mostly interested in research), and as such may not have much (if any) industry experience. Why has EdX chosen a model that focuses limits the ability for technical experts to provide classes?

Comment Everything at OpenSecurityTraining.info... (Score 2) 70

...assuming you're the kind of person who wants to know how systems work, as opposed to how to run tools.

OST doesn't cater to all topics (yet), because it's volunteer driven. Its primary volunteers thus far have come from a deep system security background. Its assembly, OS/BIOS internals, exploits, and malware curriculum tracks are the most developed, and far deeper than anything you'll (ever) find at SANS, since OST is not commercial and therefore doesn't have to pander to popularity and buzzwords and try to deal with the never-ending churn of trying to put butts in seats.

OpenSecurityTraining.info/Training.html

Comment Not every chip (Score 5, Interesting) 128

In the talk he said it was Sandy Bridge and older. Ivy Bridge/Haswell/Broadwell/Sky Lake are not affected. Ivy Bridge was apparently released in 2012 - https://en.wikipedia.org/wiki/... But 1997-2012 is still a decent window of time. In the talk he also said that it's un-patchable (it's not, the SMI handler can check whether the APIC overlaps the SMM range and change it) He also said SMM controls every instruction from the boot. It doesn't. Maybe on the crappy Acer netbooks that he said he was using for tests. But on enterprise grade systems from Dell, Lenovo, or HP, they use "protected range registers" to stop SMM from being able to write to the code in the firmware. It's a good find, but he's got a lot to learn about firmware still.

Submission + - Researchers create Mac "firmworm" that spreads via Thunderbolt Ethernet adapters

BIOS4breakfast writes: Wired reports that later this week at BlackHat and Defcon, Trammel Hudson will show the Thunderstrike 2 update to his Thunderstrike attack on Mac firmware (previously covered on Slashdot). Trammel teamed up with Xeno Kovah and Corey Kallenberg from LegbaCore, who have previously shown numerous exploits for PC firmware. They found that multiple vulnerabilities that were already publicly disclosed were still present in Mac firmware. This allows a remote attacker to break into the Mac over the network, and infect its firmware. The infected firmware can then infect Apple Thunderbolt to Ethernet adapters' PCI Option ROM. And then those adapters can infect the firmware of any Mac they are plugged into — hence creating the self-propagating Thunderstrike 2 "firmworm". Unlike worms like Stuxnet, it never exists on the filesystem, it only ever lives in firmware (which no one ever checks.) A video showing the proof of concept attack is posted here.

Comment Grab some OpenSecurityTraining.info material (Score 1) 223

Grab the Creative Commons licensed slides & videos from some OpenSecurityTraining classes. If you're interested in *fundamentals* then you're going to want to take the x86 classes, and learn to see through the abstraction layers to reality.

Introduction to Intel x86: Architecture, Assembly, Applications, and Alliteration
Introduction to Intel x86-64: Architecture, Assembly, Applications, and Alliteration
Intermediate Intel x86: Architecture, Assembly, Applications, and Alliteration
With a bonus that you can also learn about ARM assembly in the same class format, and compare and contrast them (what with x86 and ARM being the 2 major architectures which dominate the world's computing devices currently.)
Introduction to ARM

And once you learn x86, how about rather than learning to forward engineer better, how about learning to *reverse* engineer?
Introduction to Reverse Engineering
Reverse Engineering Malware

Comment reinventing the wheel (Score 4, Informative) 31

I was at VirusBulletin when this was being discussed.

A lot of the other comments are just typical ignorant FUD. Let me tell you exactly what this is: reinventing the wheel.

The speaker described how they had started working on a malware analysis environment back in 2004 and ultimately abandoned it as a failure in 2010. They then *clearly* didn't just look around and see what already existed, but instead just stubbornly decided to press on in making their own.

I was really cringing as the FBI agent described the system to a room full of malware analysis and AV companies, because the system was just so *basic*.

But he said that it received multiple awards within the government and was seen as being super awesome. Just another example of the government being insular and not realizing how far behind industry they are.

For those who think it's a honey pot, it's really not. Not quite anyway. The agent specifically said that the main value to them to make it open is that they *do* want to collect more malware samples. They're starting with LE (who may not be experienced enough to know they can just use one of many other free malware analysis environments, and thus will use the one the FBI hands to them). But then after LE it's a much smaller lift to just open it to everyone, and thus it's sort of a "why not" sort of thing.

Comment Re:Duh, what should we do? (Score 1) 94

It only takes one major manufacturer to publicly announce that "we're publishing our code so that it can be verified, unlike our competitors" for it to spread to the competitors.

OEM1 releases full source
OEM2 fires all BIOS developers and leeches off OEM1
OEM1 has the privilege of maintaining a BIOS development workforce for the benefit of their competitors

Though maybe that would work as a feint to eventually put competitors at a disadvantage ;-)

Also, believe it or not, OEMs and places like AMI, Phoenix, etc do actually try to add features down at the firmware level that their competitors don't have, to differentiate themselves and hopefully get a few more sales. E.g. recall the splashtop OSes that were being pimped as the instant-boot solution to get your browsing quickly a while back. Or I feel like I've seen the ability to check your Outlook from BIOS on HPs :-/

Comment Re:write protect (Score 1) 94

While hobbiests who use custom motherboards are familiar with write protect jumpers, they are going the way of the dodo. They've been all but phased out on OEM laptops, and are going that way on desktops too.

The important write protects are whether the BIOS configures itself as locked or not after it's booted far enough to determine there are no BIOS updates pending. You can check if your BIOS is open or closed to attackers by running Copernicus or Chipsec.

Comment Re:Least interest (Score 2) 94

Actually most BIOS (legacy or UEFI) have a network stack of some sort in order to support PXE boot. Recall that the PoC BIOS malware Rakshasa (https://media.blackhat.com/bh-us-12/Briefings/Brossard/BH_US_12_Brossard_Backdoor_Hacking_Slides.pdf) used the open source SeaBIOS and iPXE network stacks to perform networking from the BIOS. And here's a talk where some McAfee and Intel folks talked about how keylogging can be done from UEFI thanks to function pointer hooking (http://intelstudios.edgesuite.net/idf/2012/sf/aep/EFIS003/EFIS003.html I couldn't find the slides, just video) And you seem to have missed the point about spammers != state-sponsored attackers who clearly find attacking at this level plenty practical.

Submission + - Security Industry Incapable of Finding Firmware Attackers (threatpost.com)

BIOS4breakfast writes: Research presented at CanSecWest has shown that despite the fact that we know that firmware attackers, in the form of the NSA, definitely exists, there is still a wide gap between the attackers' ability to infect firmware, and the industry's ability to detect their presence. The researchers from MITRE and Intel showed attacks on UEFI SecureBoot, the BIOS itself, and BIOS forensics software. Although they also released detection systems for supporting more research and for trustworthy BIOS capture, the real question is, when is this going to stop being the domain of research and when are security companies going to get serious about protecting against attacks at this level?

Submission + - Scientists 3D Print New Solar Panels Which Work Best When Cloudy (imaginethat-3d.com)

An anonymous reader writes: Solar panels are the future of energy, at least for those living in areas of the world where the majority of days are filled with bright sunshine, like Florida, Arizona, Egypt, etc. Until recently, if you lived in Seattle, or most of Britain, and Northern Europe, than solar power is not something to get all that excited about.

This week, British scientists at the National Physical Laboratory, created special solar panels which function best when it’s gloomy outside. That’s right, they produce more energy when clouds are blocking the sun, than when the sun is out in full force. In fact, scientists have shown that the new solar panels manage only 10% efficiency when placed in direct sunlight, while that number jumps to 13% when placed in cloudy conditions.

These solar cells, called organic photovoltaic, are unlike any other. They are made up of small organic molecules which act as semi conductors when struct with solar radiation. The amazing thing is that the molecules can easily be dissolved into a solution and 3D printed into any shape, size, or color desired.

Dr Fernando Castro, principal research scientists at the National Physical Laboratory in Teddington, said: Organic photovoltaics work much better in low and diffused light conditions. Even if it’s cloudy they still work. It’s not that they are going to produce more power but they are more efficient at generating power from the light that is available. So they would work better than normal soar cells do in cloud.

Read More At Source

Slashdot Top Deals

The amount of time between slipping on the peel and landing on the pavement is precisely 1 bananosecond.

Working...