Month: August 2018

Another Day, Another Exploit Discovered in Intel Processors

The last couple of years have not been kind to processor manufacturers. Ever since the Meltdown and Specter attacks were discovered, the speculative execution feature that is present on most modern processors has opened the door to a world of new exploits. However, Intel has been hit especially hard. The latest attack, given the fancy name Foreshadow, exploits the speculative execution feature on Intel processors to bypass security features meant to keep sensitive data out of the hands of unauthorized processes:

Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.

It should be noted that, as the site says, this exploit is not known to work against ARM or AMD processors. However, it would be wise to keep an eye on this site. The researchers are still performing research on other processors and it may turn out that this attack works on processors not made by Intel as well.

As annoying as these hardware attacks are, I’m glad that the security industry is focusing more heavily on hardware. Software exploits can be devastating but if you can’t trust the hardware that the software is running on, no amount of effort to secure the software matters.

Dream Job

I never thought that I’d say this but I may be moving to Venezuela. It turns out that the socialist government there has brought back my dream profession:

Political and economic crises are exploding from Venezuela to Nicaragua to Haiti, sparking anarchy and criminality. As the rule of law breaks down, certain spots in the Caribbean, experts say, are becoming more dangerous than they’ve been in years.

Often, observers say, the acts of villainy appear to be happening with the complicity or direct involvement of corrupt officials — particularly in the waters off collapsing Venezuela.

“It’s criminal chaos, a free-for-all, along the Venezuelan coast,” said Jeremy McDermott, co-director of Insight Crime, a nonprofit organization that studies organized crime in Latin America and the Caribbean.

While I’m sure these pirates are being condemned by the Venezuelan government, the two groups are actually doing the exact same thing except the former doesn’t have as much pomp or as many rituals.

The Body Camera Didn’t Record the Summary Execution Because It Was Hacked

The aftermath of DEF CON when the high profile exploits discussed at the event hit the headlines is always fun. Most of the headlines have focused on the complete lack of security that exists on electronic voting machines. I haven’t touch on that because it’s an exercise in beating a dead horse at this point. A story that I found far more interesting due to its likely consequences is the news about the exploits found in popular law enforcer body cameras:

At Def Con this weekend, Josh Mitchell, a cybersecurity consultant with Nuix, showed how various models of body cameras can be hacked, tracked and manipulated. Mitchell looked at devices produced by five companies — Vievu, Patrol Eyes, Fire Cam, Digital Ally and CeeSc — and found that they all had major security flaws, Wired reports. In four of the models, the flaws could allow an attacker to download footage, edit it and upload it again without evidence of any of those changes having occurred.

I assume that these exploits are a feature, not a bug.

Law enforcers already have a problem with “malfunctioning” body cameras. There are numerous instances where multiple law enforcers involved in a shooting with highly questionable circumstances all claimed that their body cameras malfunctioned simultaneously. What has been missing up until this point is a justification for those malfunctions. I won’t be surprised if we start seeing law enforcers claim that their body cameras were hacked in the aftermath of these kinds of shootings. Moreover, the ability of unauthorized individuals to download, edit, and upload footage is another great feature because footage that reflects poorly on law enforcers can be edited and if the edit is discovered, officials can claim that it must have been edited by evil hackers.

Minneapolis’ Very Own Tent Town

Minneapolis has achieved another milestone in its march towards progress, it now has its very own Hooverville:

Yanez lives at the heart of a sprawling homeless settlement that has formed and grown quickly this summer in the shadows of the Little Earth housing project near the intersection of Hiawatha and Cedar avenues in south Minneapolis.

Their numbers have multiplied in recent weeks, reaching about 60 men, women and children this week, turning this narrow stretch of grass into one of the largest and most visible homeless camps ever seen in Minnesota.

This shouldn’t come as a surprise to anybody. Every large city has a homeless population living within it. People who share hardships often come together and form a community. However, by forming a community these individuals have also made their existence undeniable, which will likely cause them more hardship in the near future.

City officials do not like homeless individuals. When city officials learn about the existence of a group of homeless individuals, they tend to sic their dogs on them. The angle of this story is that this Hooverville is a public health crisis. That will likely be the justification city officials use when they send their law enforcers to confiscate these individuals’ tents and tell them that they have to go be homeless somewhere else (that is, after all, how city officials always “help” the homeless).

Being Treated Like a Criminal

I didn’t make it to DEF CON this year but I’m beginning to think that it was for the best. If there’s one thing I hate it’s being falsely accused of a crime, which is what many hotel staffs are now in the practice of doing in Las Vegas:

Caesars began rolling out a new security policy in February that mandated room searches when staff had not had access to rooms for over 24 hours. Caesars has been mostly tolerant of the idiosyncratic behavior of the DEF CON community, but it’s not clear that the company prepared security staff for dealing with the sorts of things they would find in the rooms of DEF CON attendees. Soldering irons and other gear were seized, and some attendees reported being intimidated by security staff.

[…]

And since the searches came without any warning other than a knock, they led, in some cases, to frightening encounters for attendees who were in those rooms. Katie Moussouris—a bug bounty and vulnerability disclosure program pioneer at Microsoft, an advocate for security researchers, and now the founder and CEO of Luta Security—was confronted by two male members of hotel security as she returned to her room. When she went into the room to call the desk to verify who they were, they banged on the door and screamed at her to immediately open it.

Caesars wasn’t the only hotel reported to be doing this by DEF CON attendees. Hotels owned by MGM Resorts International were also searching rooms without cause.

I don’t do business with people who assume ill of me so I sure as the hell am not going to do business with Caesars or any hotel owned by MGM Resorts International unless this practice is stopped. Unfortunately, I don’t foresee this practice ceasing. Instead I see this practice becoming the norm for hotels. If we look at the recent history of the United States, this kind of behavior will, at most, cause a very minor and very temporary dip in business. After their initial outrage though, if even that much of a reaction occurs, the American people will roll over and accept this incursion into their private life just as they have accepted every other incursion. If you accuse an American of being a criminal without cause, they tend to get upset… unless you tell them that the reason you’re accusing them is because somebody else committed a crime, then they’ll totally understand that it’s for the “greater good” and roll over like the good dogs that they are.

Nothing But the Best

What’s the worst that could happen if the programmer for your pacemaker accepts software updates that aren’t digitally signed or delivered via a security connection? It could accept a malicious software update that when pushed to your pacemaker could literally kill you. With stakes so high you might expect the manufacturer of such a device to have a vested interest in fixing it. After all, people keeling over dead because you didn’t implement basic security features on your product isn’t going to make for good headlines. But it turns out that that isn’t the case:

At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they’re implanted in patients.

Because updates for the programmer aren’t delivered over an encrypted HTTPS connection and firmware isn’t digitally signed, the researchers were able to force it to run malicious firmware that would be hard for most doctors to detect. From there, the researchers said, the compromised machine could cause implanted pacemakers to make life-threatening changes in therapies, such as increasing the number of shocks delivered to patients.

Killing people through computer hacks has been a mainstay of Hollywood for a long time. When Hollywood first used that plot point, it was unlikely. Today software is integrated into so many critical systems that that plot point is feasible. Security needs to be taken far more seriously, especially by manufacturers to develop such critical products.

Democracy Sure Is Fragile

I’m sure Alex Jones is enjoying all of the free advertising that he has received from being banned from Facebook, Apple, and YouTube. Normally a marketing campaign with so much outreach would cost a small fortune. However, the real entertainment value in all of this is the pro-censorship crowd’s rhetoric. For example, take Senator Chris Murphy’s comment:

Sen. Chris Murphy, D-Conn., is calling on other tech companies to ban more sites like InfoWars, and says the survival of American democracy depends on it.

“Infowars is the tip of a giant iceberg of hate and lies that uses sites like Facebook and YouTube to tear our nation apart. These companies must do more than take down one website. The survival of our democracy depends on it,” Murphy tweeted Monday.

The survival of our democracy depends on censorship! If Jones is allowed to express himself, democracy will fall!

Democracy must be very fragile indeed if a single man’s speech can take it down. But the festering pustule that is mob rule has survived for hundreds of years even though many countries under the system have traditionally been in favor of free speech. That being the case, I’m inclined to believe that democracy is, unfortunately, more resilient than Murphy says.

The most amusing thing about democracy to me is the fact that its most vocal advocates generally hate it. While their mouths are talking about the greatness of democracy their hands are working to stop anybody who votes the wrong way. When somebody says they love democracy, what they generally mean is that they love the idea of a system where only those who agrees with them are allowed to vote.

Rules Are for Thee, Not for Me

Remember those denial of service attacks that the Fascist Communications Club (FCC) reported were targeting it? It turns out that they never happened. That’s right, the FCC lied to congress. So wrathful retribution must be at hand, right? Congress will make an example of the FCC to ensure no other government agency lies to it in the future, right? Not so much. The reason the FCC had the guts to lie is the same reason every government agency has no fear of lying, the government isn’t in the habit of prosecuting its own:

Despite lies to Congress, US attorney declined to prosecute any FCC employees.

As the classic line usually said in regards to law enforcement goes, we investigated ourselves and found that we did nothing wrong.

The biggest weakness in the theory that checks and balances existing within the government is that the system as described is a huge conflict of interest. Congress relies on the FCC to enforce its laws governing communications. Going against the FCC may cause those laws, many of which are very lucrative for the federal government, to go unenforced. Disciplining the FCC might also upset other law enforcement agencies, which may cause them to stop enforcing or only poorly enforce Congress’ laws. Congress has no interest in possibly upsetting its major revenue generators.

There are no checks or balances in government. Government is a circlejerk.

The Psychological Impact of the Atomic Bomb

August 6th was the anniversary of the atomic bombing of Nagasaki. Many people posted about it. Many people pointed out that it was a heinous act because an estimated 39,000 to 80,000 people, most of whom were civilians, were killed.

Meanwhile the firebombing campaign against Tokyo, which resulted in the death of approximately 100,000 civilians, is seldom mentioned.

My point here isn’t to judge people for mentioning one without mentioning the other. It’s to illustrate that the psychological impact of the atomic bomb was so great that we still feel compelled to discuss the matter today even when we don’t have the same compulsion towards other acts that lead to even great losses of life.