As a result of our work on Spectre, we now know that information leaks may affect all processors that perform speculation…. Since the initial disclosure of three classes of speculative vulnerabilities, all major [CPU] vendors have reported affected products…. This class of flaws are deeper and more widely distributed than perhaps any security flaw in history, affecting billions of CPUs in production across all device classes.
The problem, explains Eclypsium, is that a miscreant could rent a bare-metal server instance from a provider, then exploit a firmware-level vulnerability, such as one in UEFI or BMC code, to gain persistence on the machine, and the ability to covertly monitor every subsequent use of that server. In other words, injecting spyware into the server’s motherboard software, which runs below and out of sight of the host operating system and antivirus, so that future renters of the box will be secretly snooped on.
Indeed, the researchers found they could acquire, in the Softlayer cloud, a bare-metal server, modify the underlying BMC firmware, release the box for someone else to use, and then, by tracking the hardware serial number, wait to re-provision server to see if their firmware change was still intact. And it was. BMC is the Baseband Management Controller, the remote-controllable janitor of a server that has full access to the system.
The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host.
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
From the Kata Containers website. The project is intended to be “compatible with the OCI specification for Docker containers and CRI for Kubernetes” while running those containers in a VM instead of a namespace.
The future of Kubernetes is Virtual Machines, not Containers.
After a review of bids and testing the capabilities of some of the exploits offered, the team decided to build its own malware. “This is the only inexpensive way to get to the iPhone, except for the [Israeli] solution for 7 million and that’s only for WhatsApp,” explained one team member in a message. “We still need Viber, Skype, Gmail, and so on.” The same was true of the Android and Windows malware and the back-end tools used to manage the campaign. Rather than using zero-day exploits, the organization relied on a combination of physical access, spear-phishing, and other techniques to inject its espionage tools onto the targeted devices.
Matt Blaze computer and information science at University of Pennsylvania and blogs about security at Exhaustive Search. His recent post on mistakes in spying techniques, protocols, and hardware caught my interest: Indeed, the recent history of electronic surveillance is a veritable catalog of cautionary tales of technological errors, risks and unintended consequences. Sometime mishaps lead […] » about 400 words
Most of my work is available publicly, but some development is hosted on a private SVN that’s hidden behind a firewall. Unfortunately, my primary development server is on the wrong side of that particular firewall, so I use the following command to bridge the gap: ssh -R 1980:svn_host:80 username@dev_server.com That creates a reverse tunnel through […] » about 200 words
A quick Google search of klaomta.com reveals more than a few people wondering why it’s iframed on their websites. The answer is that the site has been compromised.
Unfortunately for the fellow who asked me the question at WordCamp, solving the problem can be a bit of a chore. Keeping your WordPress installation up to date is important, as there are some known security flaws in older versions, but most of the attacks that crackers use are targeted elsewhere. Your passwords, all your server apps, the PHP config, your hosting control panel, and other users all must go under the microscope when trying to find security holes.
Stefan Savage, speaking in a segment on March 13’s On The Media, asked: The question I like to ask people is, what are you going to do to the highway system to reduce crime. And when you put it that way, it sounds absolutely ridiculous, because while criminals do use the highway, no rational person […] » about 400 words
This is an old one, but because I’m in the air again today it’s worth digging up this up. Defense Tech long ago pointed out The Identity Project‘s position on showing ID for air travel:
If a 19 year-old college student can get a fake ID to drink, why couldn’t a bad person get one, too? And no matter how sophisticated the security embedded into the ID, wouldn’t a well-financed terrorist be able to falsify that, too? The answer to both questions is obviously ‘yes’.
Honest people, on the other hand, go to Pro-Life rallies. Honest people go to Pro-Choice rallies, too. Honest people attend gun shows. Honest people protest the actions of the President of the United States. Honest people fly to political conventions. What if those with the power to put people on a ‘no fly’ list decided that they didn’t like the reason for which you wanted to travel? The honest people wouldn’t be going anywhere.
WordPress 2.7 requires that plugins explicitly white list their options using a couple new functions. WordPress MU has required this security measure for a while, and it’s nice to see an evolved form of it brought to the core code. [Migrating Plugins and Themes to 2.7][1] article in the codex offers some guidance, but here’s how it works:
First, register each option for your plugin during the admin_init action:
```
function myplugin_admin_init(){
register_setting('my-options-group','my-option-name-1','absint');
register_setting('my-options-group','my-option-name-2','wp_filter_nohtml_kses');}
add_action('admin_init','myplugin_admin_init');
```
In the example above, the value for my-option-name-1 will be filtered by absint before being saved to the options table. my-option-name-2 will be stripped of any HTML by wp_filter_nohtml_kses.
Then build a form like this prototype:
```
</td>
</tr>
</table>
</div>
Easy.
[1]: http://codex.wordpress.org/Migrating_Plugins_and_Themes_to_2.7#Plugins "Migrating Plugins and Themes to 2.7 « WordPress Codex"
Presidential Limos are armored, yes, but Gregg Merksamer reveals that George W. Bush’s limos sport five-inch thick glass, more than twice as thick as in Clinton’s limo. Merksamer should know, he wrote the book on so-called “professional cars”. He says half an inch is enough to stop a .44 magnum at point blank range, and […] » about 100 words
GreenSQL promises to protect SQL databases against SQL injections. GreenSQL works as a reverse proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). » about 100 words
Amanda Mooney posted a note about being told she needed corporate permission to take a picture in a store. Mooney’s interest was in telling others how much she likes the products and the brand — exactly the sort of word of mouth advertising most brands are anxious for, but imagine some more pedestrian uses: what […] » about 200 words
I’ve been pretty aware of the risks of SQL injection and am militant about keeping my database interactions clean. Mark Jaquith today reminded me about the need to make sure my browser output is filtered through clean_url(), sanitize_url(), and attribute_escape(). Furthermore, we all need to remember current_user_can(), check_admin_referer(), and nonces. » about 100 words
The Mercury News’ QA on carry-on restrictions answered a big question I had: Q Can I still carry my laptop, cell phone and iPod on board? A Those items are still OK as long as you’re not traveling to or through the United Kingdom. But a Reuters story posted at C|Net suggests the restriction on […] » about 200 words
If I didn’t like flying, or at least if I couldn’t tolerate it, I wouldn’t making my third distant trip in as many months. And though I know many others spend a whole lot more time in planes than I do, I still think Vasken has a bit of a point in the following: I […] » about 200 words
The Mozilla docs on JavaScript security give a hint of hope that signed scripts will work around the cross-domain script exclusions that all good browsers enforce. But an item at DevArticles.com throws water on the idea: Signed scripts are primarily useful in an intranet environment; they’re not so useful on the Web in general. To […] » about 300 words
Gary Wolf wrote in the June issue of Wired about how smart mobs in New York’s World Trade Center outbrained the “authorities” and enjoyed higher survival rates because of it. Wolf is talking about the NIST report on Occupant Behavior, Egress, and Emergency Communications (warning: PDFs). There’s also this executive summary and this looks like […] » about 300 words