Subject: Editorial | July 20, 2011 - 06:10 PM | Jeremy Hellstrom
Tagged: vpro, TPM, speculation, security, mcafee, intel txt, Intel, infineon, amt
Not too long ago the tech world was buzzing with the news that Intel had aquired McAfee for $7.68 billion. This gave them the knowledge base to start thinking about putting antivirus technology directly onto their chips, which seemed far more likely than an Intel branded software antivirus product. When Intel CTO Justin Rattner started talking about technology that resembled the failed attempts at digital rights management, such as Microsoft's Palladium, or the Trusted Platform Module, aka TPM, a different idea was promoted with its own acronyms; Intel Active Management Technology (AMT) and Intel Trusted Execution Technology (Intel TXT). This theory was lent credence by the mention of Intel's vPro and a desire by Intel to move security to the top of their list of priorities. By integrating security software directly into vPro architecture, it might not even be necessary to place antivirus code directly on their hardware. Adding optimization to product architecture that Intel trusts absolutely, as they made it themselves, and the overall level of security on an Intel based virtual machine would be greatly increased.
Then Intel went and muddied the water with the $1.9 billion purchase of Infineon Technologies AG’s wireless business, which doesn't own manufacturing facilities but does own the intellectual property and patents for chips providing wireless communication. Suddenly some discarded theories about the purchase of McAfee seemed valid again. One possibility that was bandied about was the idea of Intel moving into ARM territory in the cell phone business. With Intel's new focus on low power chips, with Atom being the starting point, the idea of Intel moving into providing secure CPUs appropriate for cell phones and tablets became much more believable. With the current rise of viruses targeted at those mobile platforms and the vulnerabilities present in Android and Windows based phones having hardware based antivirus, or at least optimized hardware, makes a lot of sense.
It also differentiates them from ARM, who has more market experience making ultra low power chips but certainly does not own an antivirus vendor. The security concerns with cell phones and tablets will continue to increase at the same pace as the capabilities of the devices increase. Where once bluejacking was the biggest concern of a cell phone user, a smart phone user can browse the world wild web and expose themselves to all sorts of nastiness, including more than just the nastiness they intended to browse for. A hardware solution would leave more processing power for the user; running Norton 360 on a cell phone or tablet would chew up a lot of cycles.
Today those muddied waters were stirred up even more as Intel announced it is planning to buy Fulcrum Microsystems, maker of high end 10Gbps and 40Gbps ethernet switches. This purchase would support the theory decided before the purchase of Infineon's wireless group; that Intel is taking a serious look at a total TPM ecosystem. In order to truly trust your platform you need to do more than secure your endpoints. If your server is running AMT or Intel TXT, then you can be assured that any virtual machine running on it can be trusted. As well, if both the server and client are running processors capable of Intel's TPM (sounds so much better that DRM, eh?) again both machines can be considered trusted platforms.
That does not help with trusting data which has been transferred over a WAN, or in some cases even a LAN. Data transfer allows an attacker a means of entry, or at least a way of denying data transfer. With a trusted platform, any data which does not match what is expected by the receiving machine will be prevented from running, so a successful man in the middle attack might not allow remote code execution or privilege escalation but would certainly act as a DoS attack as the TPM client refuses to accept the incoming data. Once the routers and switches involved in the data transfer are secured with the exact same TPM specifications, the entire route is protected and can all be considered part of the same Trusted Platform. The network devices would reject any code injection attempted on the data during transfer, allowing data to flow freely inside a LAN as well as customized WANs.
Returning to the secure cell phone theory, we can now consider the possibility of a TPM compliant cell phone thanks to the theoretical integration of Intel processors into your phone and tablet. Now you would be able to include your mobile communications into your TPM ecosystem. Properly implemented that security and not only will you challenge ARM 's market share by out-securing them, you could topple RIM's share of the business market as a BlackBerry may be handy to the sales team but they are a nightmare for the IT/IS security team. Nothing is perfect but that would be a huge step towards defeating the current attack vectors that effect business systems. So far Intel is not saying much, so all we can do is speculate ... which is fun.
Subject: General Tech | June 13, 2011 - 11:47 AM | Jeremy Hellstrom
Tagged: microsoft, patch tuesday, security, windows, internet explorer, silverlight
Tomorrow will see the arrival of 9 critical security patches and 7 recommended ones, covering Windows, IE, Silverlight and Office. The critical patches all resolve remote code execution vulnerabilities, the recommended vary from the same type as well as privledge escalation and denial of service vulnerabilities. WinXP through Win7 as well as server OSes will all be affected so be warned that your Tuesday and Wednesday might not be very fun. Follow the link from The Register to see Microsoft's pre-release document for yourself.
Adobe, obviously not wanting to seem lazy, is also pushing out a patch for both Reader and Acrobat.
"Microsoft is preparing a bumper Patch Tuesday for next week, with 16 security bulletins that collectively address 34 vulnerabilities.
Nine of the bulletins earn the dread rating of critical, while the other seven grapple with flaws rated as important. All supported versions of Windows will need patching on 14 June along with various server-side software packages and applications, including the .NET framework and SQL Server. Internet Explorer, which is affected by two bulletins, will also need some fiddling under the bonnet."
Here is some more Tech News from around the web:
- Why Microsoft has made developers horrified about coding for Windows 8 @ Ars Technica
- PC Mark 7 Performance Review @ OCC
- PathScale Open-Sources The EKOPath 4 Compiler Suite @ Phoronix
- Samsung Galaxy Tab sneak peak at Dubai @ t-break
- HIS Solar LED Flashlight @ Benchmark Reviews
- Sumo Lounge Titan @ Phoronix
- Final Benchmarks Of Project Dirndl @ Phoronix
- Tablet Wars Single Stage Phase and Computex @ NinjaLane
- Win a HIS HD 5670 IceQ 1GB Graphics Card @ eTeknix
Subject: General Tech | May 25, 2011 - 11:48 AM | Jeremy Hellstrom
Tagged: fud, security
The Blackhole exploit kit, which until now required you to have a pocketful of money and enough hacker cred to get onto the sites where was available for sale, is now freely available to any and all. The exploit kit is a tool that allows misanthropes to commit a type of drive by attack, where clicking on a 'tainted' iframe will allow remote code execution to install a payload on your system. It was part of the famous US Postal Service attack that occurred recently as well as other incidents The Register mentions. Even better, the source code for ZeuS was also jsut made available. Patch early, patch often.
"A free version of the Blackhole exploit kit has appeared online in a development that radically reduces the entry-level costs of getting into cybercrime.
The Blackhole exploit kit, which up until now would cost around $1,500 for an annual licence, creates a handy way to plant malicious scripts on compromised websites. Surfers visiting legitimate sites can be redirected using these scripts to scareware portals on sites designed to exploit browser vulnerabilities in order to distribute banking Trojans, such as those created from the ZeuS toolkit."
Here is some more Tech News from around the web:
Subject: General Tech | May 17, 2011 - 01:23 PM | Jeremy Hellstrom
Tagged: Android, security, clientlogin, impersonation, fud
Researchers at Germany's University of Ulm have discovered a vulnerabliity in Android's authentication protocol, known as ClientLogin which should protect your login credentials to apps like your contact list and your calendar. It seems that while your request is encrypted, the response which includes your credentials is sent back in plain text, and those credentials remain valid for 2 weeks. The new versions of Android have fixed this flaw but according to the story at The Register connections to Picassa still return in plain text.
"The vast majority of devices running Google's Android operating system are vulnerable to attacks that allow adversaries to steal the digital credentials used to access calendars, contacts, and other sensitive data stored on the search giant's servers, university researchers have warned."
Here is some more Tech News from around the web:
Subject: General Tech | May 15, 2011 - 04:29 PM | Scott Michaud
Tagged: security, PSN
Some of you may have heard of a recent computer break-in to Sony Computer Entertainment involving some total theft of personal information and uniformly increased grades of University final exams. Approximately three weeks and a few missed deadlines later: portions of the PSN are finally back online and awaiting the eager college students who are finished with their finals to scratch the itch on all the games they missed in the outage. Just kidding, they are going to play Call of Duty again.
- Sign in for PSN and Qriocity
- Online gameplay for PS3 and PSP
- Music Unlimited (if you are a current subscriber) for PS3 and PC
- Access to Netflix, Hulu, Vudu, and MLB from PS3
- Friends list, chat, trophy comparison, and PlayStation Home
Subject: General Tech | May 5, 2011 - 06:05 PM | Scott Michaud
Tagged: security, lastpass
One of the most important parts of security is authentication. A lot of our methods of authentication online revolve around passwords. There is an expectation these days that you are required to remember large passwords composed of completely random characters including numbers and symbols each unique from each other in the event that one source compromises the password you provide it. This necessity confronts our human nature of having terrible memory. Many programs have made attempts at solutions by storing and generating secure passwords for you.