云基础架构之CHIPSEC固件安全基线
Posted on不论是数据中心里的服务器还是工作站,厂商的闭源实现还是自由固件社区的开源实现都必须面临这个层面的安全风险,目前我们的测试数据显示服务器方面自从Haswell开始都比较注重固件的安全基线设置,而工作站和台式机则直到Skylake依然有不少机器会遗漏安全防护…
不论是数据中心里的服务器还是工作站,厂商的闭源实现还是自由固件社区的开源实现都必须面临这个层面的安全风险,目前我们的测试数据显示服务器方面自从Haswell开始都比较注重固件的安全基线设置,而工作站和台式机则直到Skylake依然有不少机器会遗漏安全防护…
经过数年的发展,数据中心,移动端(Android)以及嵌入式系统(IoT?)已经高度依赖于自由软件/固件/硬件,过去 12 年的基础架构层面的攻防对抗来中,Attacking the Core 的那个 Core 早已从内核转移到了 Hypervisor 之后又转移到了 EFI/SMM 最后 Intel ME 成为了新的 Core。但在某种程度上讲,内核依然是一把基路伯之剑,它的一举一动依然会影响到更底层恶魔的行为…
很多的安全问题通过攻击者人为制造的恶意指针,然后处理器解释恶意指针为代码地址,然后执行恶意指针所指的代码,这里的代码恰恰就是攻击者预先准备的恶意代码。所以对于指针的合法性问题一直是安全防御的重点。针对此ARMv8.3-A引入了一指针验证指令。…
Although, according to RFC7590 "Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)", TLS was recommended for XMPP connection. But it is not mandatory. Despite the consensus to switch XMPP on mandatory encryption reached by XMPP communities on 2014, there are still some XMPP service providers support non-encrypted connection as a fallback along with TLS.…
PaX/Grsecurity no longer provides the public access to test patch in Apr 26 2017. In the FAQ of the announcement, PaX team and Spender listed a couple of reasons why they do this. As some people already know, it's not the whole story.…
Shawn:这篇spender于2011年写的文章在一定程度上帮助我们更好的了解历史,不懂历史是很难洞悉未来的,不是吗?…
GBE( no big deal?), CPU microcode( Do we really believe the vendor don't leave a backdoor there? Ok, it's unlikely to happen because the "magic" constant shit is not hard to find but...possibility is still there?), VGA BIOS( the 1st rule of OptionROM is do not talk about-_-), MRC( lacking of effort to do the reversing?), [Intel ME](https://github.com/hardenedlinux/firmware-anatomy/blob/master/hack_ME/me_info.md)( red alert....).…