1. OCAU Merchandise now available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion here.
    Dismiss Notice

General InfoSec discussion

Discussion in 'Business & Enterprise Computing' started by Gunna, Nov 18, 2019.

  1. Dilbery

    Dilbery Member

    Joined:
    Nov 19, 2005
    Messages:
    1,252
    Location:
    Sydney, NSW
  2. wintermute000

    wintermute000 Member

    Joined:
    Jan 23, 2011
    Messages:
    2,330
    its a storm in a teacup IMO.
    If they can disassemble your laptop they have you dead to rights anyway.
    Why have companies been issuing burner laptops/phones to China trips for years?

    /obligatory closed source bad, open source good (except in this case there is no alternative... I too wish I could have a coreboot system that wasn't an ancient platform)
     
    GumbyNoTalent likes this.
  3. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    41,392
    Location:
    Brisbane
    Even better is how every article paints the attackers as some sort of malicious Russian special forces mob, rather than a bored script kiddy.

    Or how they're "engaging federal police" - and I bet the feds are utterly bored shitless with companies that continue to not follow the "essential 8" but then come crying every time their business goes down the toilet.
     
  4. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,087
    Location:
    Brisbane
    If you're referring to the thunderbolt one, that's an exposed port - often in usb-c format on modern laptops, doesn't need to be disassembled. Nothing new DMA attack wise but their other attacks described are interesting, e.g. changing settings of the port.

    In terms of threat landscape, anybody seeing anything interesting? Are COVID phishing attacks more successful as they are a bit more heart string pull'y than other ones?

    I've been talking to a few orgs lately regarding their remote access security, been interesting seeing the variety of approaches.
     
  5. wintermute000

    wintermute000 Member

    Joined:
    Jan 23, 2011
    Messages:
    2,330

    "All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware."

    Sounds like some kind of dissembly and specialist kit involved to me. So no script kiddies, but lowers the technical bar from CIA/FSB/Mossad/Chinese Intelligence to anybody with know-how.

    Maybe storm in a teacup is under-stating it but its certainly not plug it in and ur pwned
     
  6. chip

    chip Member

    Joined:
    Dec 24, 2001
    Messages:
    3,856
    Location:
    Pooraka Maccas drivethrough
    The actual paper talks about modifying SPI flash values by connecting a flash programmer to the chip on the laptop mainboard.


    AFAICT after a brief skim, the usual DMA attack mitigations for Windows should be effective for this anyway. Hope Windows users like Bitlocker PIN on boot and no S3 sleep.
     
  7. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,087
    Location:
    Brisbane
    My mistake! I am 100% guilty of commenting without reading the article, thought it was discussions on DMA.
     
  8. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    8,737
    Location:
    Briz Vegas
    https://www.coreboot.org/Board:lenovo/w520
    Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz
    32GB Memory
    :thumbup:

    *yeah it may be "old" but very livable performance.
     
    Last edited: May 13, 2020
  9. _zak

    _zak Member

    Joined:
    Oct 12, 2009
    Messages:
    372
    I haven't been following this one particularly closely, but I'm utterly confused about this particular vulnerability. There's apparently no software mitigation, but MacOS isn't vulnerable to it and Windows is when running on the same hardware? The paper states that this is due to MacOS using IOMMU virtualisation, so doesn't that imply that Windows and Linux could enable it too if available? I'm probably missing something obvious, but hey.

    From a practical point of view, I'm keen to see people attempt a physical attack on some of the smaller SPI flash chips out there. SOP8 clips are easy and cheap to get hold of, but wafer-scale packages are becoming the norm in this area (I believe they're already used in some laptops), and soldering to those lines with portable gear would be fun to watch someone attempt. I suppose in that scenario you've got a denial-of-service attack instead :)
     
  10. monaro327

    monaro327 Member

    Joined:
    May 19, 2003
    Messages:
    125
    Location:
    Sydney
    It is confusing because Microsoft did a blog post and stated that systems that meet Microsofts secure core standard aren't vulnerable to this exploit.
     
  11. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    41,392
    Location:
    Brisbane
    Two more big names hit this week. Honda and Lion both suffering outages due to "cyberattacks".

    (Where "cyberattacks" == "we don't take standard precautions to prevent cryptolocker")
     
    Last edited: Jun 12, 2020
  12. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,087
    Location:
    Brisbane
  13. wintermute000

    wintermute000 Member

    Joined:
    Jan 23, 2011
    Messages:
    2,330
    Yep, patching, SIEM and 2FA are revolutionary defence mechanisms
     
    millsy likes this.
  14. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,087
    Location:
    Brisbane
    Though it's worth reminding people that 2FA does not mitigate the risk of social engineering, only compromise of passwords.

    You can still do MFA phishing for office, and they note in the advisory that attackers are trying to phish 0auth tokens.
     
    wintermute000 likes this.
  15. 2SHY

    2SHY Member

    Joined:
    Aug 10, 2010
    Messages:
    7,712
    Location:
    Sydney NSW Australia
  16. OP
    OP
    Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,671
    Location:
    Brisbane
    https://www.jsof-tech.com/ripple20/

     

Share This Page

Advertisement: