Ian Pratt, Bromium Co-Founder, Why Bromium is Releasing an Upgrade [Video]

The Intel chip vulnerability triggered Spectre and Meltdown – information leakage vulnerabilities. With the advent of the Microsoft Windows patch, it’s important to upgrade Bromium first to keep your security intact. Micro-virtualization ca… Continue reading Ian Pratt, Bromium Co-Founder, Why Bromium is Releasing an Upgrade [Video]

Ian Pratt, Bromium Co-Founder, Speaks on Spectre and Meltdown [Video]

The Intel chip vulnerability triggered Spectre and Meltdown – information leakage vulnerabilities. Both let attackers that have execution in some unprivileged user space to read data belonging to other processes, even more privileged ones includi… Continue reading Ian Pratt, Bromium Co-Founder, Speaks on Spectre and Meltdown [Video]

Ian Pratt, Bromium Co-Founder, Discusses an Enterprise Response to Spectre and Meltdown [Video]

The Intel chip vulnerability triggered Spectre and Meltdown – information leakage vulnerabilities. Spectre and Meltdown require an attacker to run code on the target system. Micro-virtualization can really help mitigate the effects; even when dea… Continue reading Ian Pratt, Bromium Co-Founder, Discusses an Enterprise Response to Spectre and Meltdown [Video]

The Low Down on the CPU Vulnerabilities

As you’ve probably already noticed a few highly dangerous CPU vulnerabilities have been released that effect the CPU at a hardware level. Since this is base off the hardware itself all operating systems (Windows, Linux, Android, macOS) need to pr… Continue reading The Low Down on the CPU Vulnerabilities

Never Let Your Christmas Tree Run Dry, With Added Ultrasound

Winter in the parts of the Northern Hemisphere for which observing Christmas includes bringing half a forest into the house should really be divided into two seasons. No-spruce-needles-in-the-carpet season, and spruce-needles-doggedly-clinging-to-the-carpet season. Evergreen trees were not designed for indoor use, and for a hapless householder to stand any chance of keeping those needles on the branches there has to be a significant amount of attention paid to the level of the water keeping the tree hydrated.

[Evan] has paid that attention to the problem of Christmas tree hydration, and to address the shortcomings of earlier designs has come up with …read more

Continue reading Never Let Your Christmas Tree Run Dry, With Added Ultrasound

Intel chips riddled with deadly flaws

As we’re waiting for security researchers to detail the Intel Management Engine vulnerability that can allow attackers to run undetectable, unsigned code on machines with Intel processors, the US-based chip maker has announced the release of firm… Continue reading Intel chips riddled with deadly flaws

Estonia blocks certificates on 760,000 ID cards due to identity theft risk

On 3 November 2017 at midnight, Estonia will block the certificates of 760,000 ID cards. The decision is the result of the discovery of a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding to an RSA public key generated by this library. Estonian electronic ID cards have been manufactured by the Swiss company Trub AG and its successor Gemalto AG since 2001. The … More Continue reading Estonia blocks certificates on 760,000 ID cards due to identity theft risk

Get Down to the Die Level with this Internal Chip Repair

Usually, repairing a device entails replacing a defective IC with a new one. But if you’ve got young eyes and haven’t had caffeine in a week, you can also repair a defective chip package rather than replace it.

There’s no description of the incident that resulted in the pins of the QFP chip being ablated, but it looks like a physical insult like a tool dropped on the pins. [rasminoj]’s repair consisted of carefully grinding away the epoxy cap to expose the internal traces leading away from the die and soldering a flexible cable with the same pitch between the …read more

Continue reading Get Down to the Die Level with this Internal Chip Repair

Ed Skoudis, Counter Hack – Paul’s Security Weekly #531

Ed Skoudis is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. He has the rare ability to translate advanced technical knowledge into easy-to-master guidance. Ed rejoins us to talk about new projects, his robotic dog, and more! Full Show Notes Subscribe to YouTube Channel

The post Ed Skoudis, Counter Hack – Paul’s Security Weekly #531 appeared first on Security Weekly.

Continue reading Ed Skoudis, Counter Hack – Paul’s Security Weekly #531

CES2017: Complete Register Documentation For The C.H.I.P.

Last October, Next Thing Co., makers of the popular C.H.I.P. platform unleashed the C.H.I.P. Pro, a very capable Linux system on a tiny board. The goal of the C.H.I.P. Pro is to be the brains of a project or product, similar to the Gumstix boards from an ancient era long before the Raspberry Pi.

Introduced alongside the C.H.I.P. Pro was a fantastic little device. The GR8 module is a complete Linux system on a chip, with an ARM Cortex-A8 processor and 256 MB of RAM, all on a relatively small BGA chip. This is a drop-in part that gives any …read more

Continue reading CES2017: Complete Register Documentation For The C.H.I.P.