Computer Magazines | Magazines Computer: Security

Showing posts with label Security. Show all posts

Summer Travel with Your Computer

Let's face it. With computers becoming more and more mobile, many people are traveling with their laptops, smartphones, tablet computers, and even desktops in some cases. Vacation doesn't necessarily mean a vacation from EVERYTHING in 2010. We still check in with the office, we still check our email, and we still surf the internet or play games. But what happens if you have a problem? How do you prevent a problem from occurring? If you're planning to take you computer on the road this summer, here are a few tips for you to keep in mind:

- Remember when you are on a public network, you are vulnerable than you would be at home on your own network. Unless you have a firewall, any data that can be shared on your home network can be shared with the other people using the same network you are, whether it be in a restaurant, hotel, or other spot.

- Purchase and take along a car adapter. My personal laptop battery only lasts about two-three hours. That was a bit disappointing when I recently found myself in the backseat of my grandfather's car for a five-hour drive to Florida. I was able to get a little work done and play a few computer games, but over half of the trip was spent wishing I'd charged my iPod. So, take your car adapter along for long rides, or don't use power-hungry applications.

- If you are going to have to rely on your battery more than usual, make sure your computer is running smoothly. Get yourself a tune-up, defrag your hard drive, run a few malware removal programs and delete or disable programs you no longer use for quicker boot-up and optimum performance.

- Be aware of thieves. Sure, we worry about people stealing our data but if someone has physically stolen our computers, data stolen over unsecure networks is the least of our worries. According to LoJack for Laptops, 600,000 laptops are stolen from cars and hotel rooms each year. Fortunately, there are laptop locks you can purchase that prevent this from happening. Also, use common sense. If your computer is in your car and you need to run into a store, don't leave it in plain view. Keep it in a suitcase or in your car's trunk.

- Power down. If you're done working with your computer, turn the power off completely. Wireless connections and even Bluetooth connections can leave you vulnerable to attacks.

- Find out where you can get reliable tech support and computer service. Many hotels offer tech support but many do not. If you find yourself with a problem, you don't want to be stuck, trying to find someone who can help get you up and running again. A quick call to a company like Computer Service Now (1-877-422-1907) can take care of any of your problems, no matter where you are located.

Looking for Computer / PC Rental information? Visit the www.rentacomputer.com PC Rental page for your short term business PC needs. Or see this link for a complete line of Personal Computer Rentals.

Keeping Your Child Safe Online

Kids are getting online more than ever these days, especially those who are into social networking websites such as Facebook, Twitter, and MySpace. I've seen kids as young as six or seven years old with Facebook accounts. While these websites can be fun, they can also be dangerous if they fall into the wrong hands and as a parent, it's your duty to make sure your child know the risks and how to protect themselves from harm's way.

Kids love to get online and are often more knowledgeable than their parents and teachers. That's why it's important that parents and teachers should take steps to learn about what's happening online and what their kids are involved with. Kids left to their own devices could end up in a number of troublesome situations, from dealing with a cyber-bully or a schoolmate with ill intent, to facing child predators or even con artists.

Communication is important. Talk to your kids about what they're doing online and remind them of the danger they could face and what to be on the lookout for. But there are other things to do to keep your kids safe.

1. Take advantage of parental controls. Children don't want their parents watching every move they make but many websites offers ways for parents to monitor or control their children's online activity while respecting their privacy. Talk to your kids about exactly what you plan to monitor or control and be honest with them to gain their respect.

2. Keep your computer in an area of the house where you can be there to keep an eye out, without hovering over your child's shoulder. Insist computers stay in the kitchen or living room and not in a bedroom or office, where your child can lock themselves away to get online.

3. Don't allow your children to meet random strangers whom they've met online. In the event your child absolutely has to meet someone, make sure a parents or trusted adult accompanies them. Make sure your children know the potential risks of someone not really being who they say they are.

4. Make sure you know the "code" your kids are using online. Acronyms such as "TAW" means teachers are watching and "PA" means parent alert. There are dozens of other ways kids use code to let their online friends know there is an adult around. If you see these frequently, you may want to investigate further what your child is doing.

4. Make sure your child's teacher is monitoring their online usage. Many schools have blocked certain websites but with kids' knowledge of the web, they can find other ways to get into trouble. With computers in almost every classroom these days, teachers should constantly monitor their students' use. If a student is clicking out of a window when you walk by or a group has gathered around one computer screen, chances are, your students are not doing what they should be.

5. Let your child know that they do not have to feel uncomfortable having a conversation online, just as in real life. Whether it's a friend or stranger they're talking to, make sure they know that feeling scared, trapped, threatened, or offended is not OK and it is OK to end that conversation. Talk to them about how they can end the conversation promptly and let them know they can talk to you about how they feel.

6. If you do set up a Twitter, Facebook, MySpace, or other social networking website, make sure your child is taking advantage of the privacy settings. Make sure your kids are only adding friends who aren't safe to talk to and keep an eye out for anything suspicious.

7. Make your children aware of malicious information, such as spam or virus threats. Help them understand what it means and what they should and shouldn't open or click on.

8. Google your children's names on a regular basis. Again, you don't want your child to feel like you are spying on them, but you can do this to show them just how easy it is for ANYONE to find out anything about them. If your child has a blog, a social networking site you are not aware of, or have posted any information about themselves online, it will most likely come up in a search.

9. Again, communication is key. Make sure your kids know that not everything they see online is legitimate and talk to them about incidents in the news, so they know the risks.

Looking for Computer / PC Rental information? Visit the www.rentacomputer.com PC Rental page for your short term business PC needs. Or see this link for a complete line of Personal Computer Rentals.

Never Use These Passwords

Computer security is more important than ever these days and one of the most simple things you can do to protect yourself is come up with a password that is not easy to guess. Sure, it's tempting to come up with something easy for your own benefit; with all of passwords we have to remember these days, you probably find yourself forgetting your passwords if you don't keep careful documentation of them, but an easy password is like an invitation to anyone looking to steal your information.

According to researchers at the University of Maryland's James Clark School of Engineering in College Park, unsecured computers are hacked into over 2,000 times a day or every 39 seconds. Study leader Michel Cukier says it's a lot more common than you think, "Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities. Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections. The computers in our study were attacked, on average, 2,244 times a day."

Hackers are experts at coming up with passwords. For example, many people use their user name as their password. If you think you're being clever, guess again. 43% of the time, hackers are able to guess passwords by simply guessing that it's the user name. So what other kind of passwords are common and easily guessed? Below is a list of the ten most common passwords:

User Name
User Name with 123 at the end
123456
the word "password"
1234
12345
passwd
123
test
1

If any of these sound familiar, you probably need to change your information immediately. In addition, you might want to reconsider your user name if it's one of these top ten common user names:

root
admin
test
guest
info
adm
mysql
user
administrator
oracle

Once a hacker gains access to your computer, any number of things can happen. According to the study, the first things they do are check your software configuration, change your password, check your hardware and software configuration again, download a file, install the downloaded program and run the downloaded program.

But why are they doing this? Often, they are creating a "botnet." A botnet monitors your computer and reports back to the hacker. They can lead to fraud or identity theft, disrupt other networks or damage computer files, and lots of other criminal activity.

Looking for Computer / PC Rental information? Visit the www.rentacomputer.comPC Rental page for your short term business PC needs. Or see this link for a complete line of Personal Computer Rentals.

Never Use These Passwords

User Name
User Name with 123 at the end
123456
the word "password"
1234
12345
passwd
123
test
1

If any of these sound familiar, you probably need to change your information immediately. In addition, you might want to reconsider your user name if it's one of these top ten common user names:

root
admin
test
guest
info
adm
mysql
user
administrator
oracle

Looking for Computer / PC Rental information? Visit the www.rentacomputer.comPC Rental page for your short term business PC needs. Or see this link for a complete line of Personal Computer Rentals.

Never Use These Passwords

User Name
User Name with 123 at the end
123456
the word "password"
1234
12345
passwd
123
test
1

If any of these sound familiar, you probably need to change your information immediately. In addition, you might want to reconsider your user name if it's one of these top ten common user names:

root
admin
test
guest
info
adm
mysql
user
administrator
oracle

Looking for Computer / PC Rental information? Visit the www.rentacomputer.com PC Rental page for your short term business PC needs. Or see this link for a complete line of Personal Computer Rentals.

Great Products For Child-Proofing Your Computer

Anyone with a child knows they are fascinated with computers, starting at a very young age. Leaving your child alone with your computer is not the ideal situation, but watching them every second isn't always possible, either. Whether you want to protect your children from the many dangers of the internet or protect your important files from little hands who may not know exactly what the "delete" button means, the following programs can help make your child's PC experience more enjoyable and help you rest a little easier.

Safe Eyes 5.0 This program does everything you need and then some. It's touch - your smartest kid won't break the code of protection - and it covers up to three computers. It's compatible with both Mac and PC and retails for about $49.95.

Peanut Butter PC 3.0 Peanut Butter PC not only protects your files, but it keeps your kids entertained at the same time. It's not nearly as tough as Safe Eyes, but it does have interactive elements. However, in a review, PC Mag says they aren't very exciting. This one retails for about $24.95.

Hoopah Kidview Computer Explorer 6 This one is perhaps a bit too cutesy for older kids, but it will keep the little ones out of your important files. It offers kid-safe email and keeps web-surfing age-appropriate and it sells for about $39.95.

KidZui 5.0 KidZui allows your kids to surf the web, play games, view videos and interact socially online in a very lively environment. And it does it all for a mere $7.95.

Net Nanny 6.0 This is probably the best choice for child-proofing your PC. It does what you probably expect it would, but it also offers a number of unique features not found on any of the other programs. It has secure web-traffic filtering, ESRB-based game control, and records IM conversations if they come across as dangerous. You can monitor and manage from any location with email alerts and remote configuration. This one is $39.95.

OnlineFamily.Norton This is the only free product on the list but it's actually pretty good quality compared to a few of the others. It blocks bad websites, controls how long your child can spend on the computer, supervises chats and social network use. It works with both Macs and PCs and remote configuration and reporting is super-easy.

Looking for Computer / PC Rental information? Visit the www.rentacomputer.com PC Rental page for your short term business PC needs. Or see this link for a complete line of Personal Computer Rentals.

McAfee's Predicted Security Threats for 2010

McAfee recently released a report that predicts potential online security threats for 2010. To summarize, the anti-virus and computer security company, which is based out of Santa Clara, California, sees an increase in threats from social networking sites, banking security, and bot nets. In addition, they see increases in attacks targeting users, businesses, and applications. However, the findings weren't all negative. McAfee says they expect an increase in law enforcement and its effectiveness in fighting cybercrime.

As social networking sites, such as Facebook and Twitter, become increasingly popular, they'll most likely become a breeding ground for cyber attacks. On top of the increased number, the attacks will be more sophisticated. Facebook users are particularly vulnerable due to the number of third party applications used. Games and other applications are popular and most people will trust an invitation from their friends without using caution. But that invitation could easily be malware or something else designed to harm your computer. There's really no way to protect yourself other than avoiding the third party apps such as quizzes and games.

URL shorteners such as bit.ly and tinyurl.com are also expected to become a target of cybercrime. These tie-in to social networking because most people use them to post links to their profiles. The websites shorten a normal URL into a smaller one that will fit in almost any space and is especially popular on Twitter, where you only have 140 characters to gets your message across. One major problem with these smaller URLs is that they can't be previewed, so clicking on one at random could lead you to somewhere you don't want to be. This makes it a very easy target for crooks.

Due to the popularity of Microsoft products, cyber criminals have been taking advantage of them for years. However, as programs such as Adobe Reader and Flash become more popular, McAfee expects they will become a bigger target, taking over the top "honor" from Microsoft. In 2009, Adobe Reader saw an increase of problems due to security holes, leading the company to take a more proactive approach to patching up problems.

Email attachments have always been a problem when it comes to spreading malware and that threat is expected to continue and even get bigger. The company expects an increase in specific targets when it comes to email, and those include journalists, corporations, and individual users who could easily be convinced to download an attachment that is hiding a Trojan or other bit of malware.

Other projected problems include banking Trojans. Normally used to get your financial information, McAfee expects them to become so advanced that they will start interrupting transactions and even withdrawing money from your accounts. 2009 already saw an increase in banking cybercrime, with many Trojans making their way past strong bank security. Botnets are also expected to be a threat. McAfee calls them a "leading infrastructure for cybercriminals" and says they are "used for actions from spamming to identity theft." While they are harder to track down due to their ability to move from computer to computer without a central base of operation, there has been some recent success in shutting them down.

Despite all the many threats, McAfee does project an increase in law enforcement's ability to track down cybercriminals. Even so, there are steps you should take to protect yourself. Purchasing security software and keeping it updated is very important and something everyone should do. Keeping your PC up-to-date with Microsoft patches that protect your operating system, office suite, and browser is also important. You should also be sure that you are aware of all the latest threats and realize what's at risk. Exercise caution when opening files or downloading applications.

Looking for Computer / PC Rental information? Visit the www.rentacomputer.com PC Rental page for your short term business PC needs. Or see this link for a complete line of Personal Computer Rentals.

Teamwork Crediting

As the technology is effort more and more complex, security research, especially offensive security investigate on a grouping level, becoming more and more difficult to be finished by digit person. NX/XD, ASLR, various StackGuard-like things, VT-d, TXT, etc... - every those technologies yield inferior and inferior space for the engrossing system-level attacks. On the added hand, the widespread \"deployment\" of Web 2.0 creates a whole newborn Atlantic to explore, but that is a whole different world (plus there are still every those \"human factor\" attacks that exploit user stupidity, but again, this is a different area).

Our Xen 0wning Trilogy is a beatific example of how a aggroup of researchers can still come up with engrossing newborn system-level attacks against the very past and securely design system. Take XenBluePill as an example.

It has prototypal been months of investigate and coding finished by Alex and myself to hold nested hardware virtualization on AMD. Then there was months of Rafal's investigate most how to load code into the running Xen on the fly (\"Xen Loadable Modules\"). That required knowledge to admittance Xen's module in the prototypal locate and Rafal's artefact for doing that was to ingest the DMA attack. But then it overturned out that the Xen 3.3 uses VT-d endorsement to protect against this very category of attacks. So then I came up with the \"Q35 attack\" that exploited a problem with past Intel BIOSes on past motherboards (details are coming this week). But I supported my move on a kindred SMM move that Rafal came up with a whatever months earlier on a different chipset, when he was looking into structure to cooperation SMM handler, as we started intellection most HyperGuard project back then and Rafal was peculiar sure the SMM endorsement is. In the meantime, Alex \"converted\" our employed New Blue Pill that had flooded hold for nested virtualization but was essentially a Windows driver, into a piece of code that was completely OS-independent (own module management, etc.). Then I eventually took Rafal's XLM framework, added a whatever secondary things that were necessary to load our \"Windows-independent Windows driver\" into Xen using XLM, fixed whatever secondary stuff and... it eventually worked! But that was doable only because of the joint work by every the threesome grouping together.

So, it is simply unfair to attribute every the glory and fame for our investigate to \"Rutkowska\" or \"Rutkowska and team\", as many news portals did. Please don't forget to assign every the co-authors! If you really would same to ingest a generic term, then \"Invisible Things Lab team\" would belike help better.

Speaking of our team, I also hit an announcement that play this period our aggroup has officially been long by still added person: Rong Fan from Beijing, China.

Rong is a software engineer, focusing on Intel's hardware virtualization technology (VT). A whatever months past he wrote to me with whatever modern questions regarding the implementation of our New BluePill that we published after the last year's Black Hat. Turned out that Rong, as part of his after-hour activity, is porting Bluepill to VT-x. After he succeeded, we decided to deal our nested virtualization code for AMD with him so that he could investigate how to do it on VT-x. And most 2 months past Rong succeeded with implementing flooded nested virtualization hold for our NBP on Intel VT-x! During that time Rong has had an possibleness to find out that employed with ITL is quite fun, so he decided to depart his employ at Lenovo and joined ITL flooded time. Right now Rong is laboring adding nested VT-x hold to a normal Xen hypervisor.

So, Invisible Things Lab is every most the aggroup work. The whole idea behindhand ITL is to foregather together a clump of smart people, so that we could every work on the most elating problems together. Problems that might be likewise Byzantine or time-consuming for meet digit person to solve. But it takes more then meet money to intend grouping to be fictive and devote themselves to work. Getting recognition is digit of the additional factors often needed. That's why ITL is not fascinated in \"hiding\" its employees, but kinda in promoting their work and fairly crediting them.

The three approaches to computer security

If we looked at the machine systems and how they essay to provide security, I conceive we could categorize those attempts into three broad categories:

1) Security by Correctness

2) Security by Isolation

3) Security by Obscurity

Let's discuss those categories in more discourse below.

Security by Correctness

The assumption here is obvious: if we crapper produce cipher that doesn't hit bugs (nor whatever maliciously behaving code), then we don't hit section problems at all. The exclusive difficulty is that we don't hit whatever tools to attain trusty that a presented cipher is correct (in terms of implementation, design and right behavior). But if we look at various efforts in machine science, we module attending a lot of effort has been prefabricated to attain Security by Correctness: \"safe\" languages, cipher verifiers (although not good ones, meet heuristic based), developer's education, drill cipher audit, etc. Microsoft's notable Secure Development Life-cycle is every most Security by Correctness. The exclusive difficulty is: every those approaches sometimes impact and sometimes do not, sometimes they miss whatever fault and also there are problems that I simple don't believe crapper be addresses by semiautomatic cipher verifiers or modify innocuous languages, like e.g. logic/design bugs or determining on wheatear a presented cipher behaves maliciously or not (after every this is an right difficulty in whatever cases, not a machine science problem).

To sum it: I conceive that in whatever more or less distant forthcoming (some grouping conceive abuout a timeframe of 50 eld or so), we would intend rid of every the implementation bugs, thanks to innocuous languages and/or good cipher verifiers. But I don't believe we could assure correctness of cipher on whatever higher level of abstraction then implementation level.

Security by Isolation

Because of the problems with effectively implementing Security by Correctness approach, people, from the rattling beginning, has also taken added approach, which is supported on isolation. The idea is to split a machine grouping into smaller pieces and attain trusty that apiece warning is distributed from the another ones, so that if it gets compromised/malfunctions, then it cannot change the another entities in the system. Early UNIX's user accounts and removed impact come spaces, things that are now present in every modern OS, are examples of Security by Isolation.

Simple as it sound, in practice the separation move overturned discover to be rattling tricky to implement. One difficulty is how to partition the grouping into meaning pieces and how to set permissions for apiece piece. The another difficulty is implementation - e.g. if we verify a contemporary consumer OS, like Vista, UNIX or Mac OSX, every of them hit monolithic kernels, meaning that a simple fault in whatever of the essence components (think: hundreds of 3rd band drivers streaming there), allows to bypass of the separation mechanisms provided by the essence to the rest of the grouping (process separation, ACLs, etc).

Obviously the difficulty is because the kernels are monolithic. Why not compel Security by Isolation on a essence level then? Well, I would personally love that approach, but the industry simply took added course and decided that monolithic kernels are better then micro-kernels, because it's easier to write the cipher for them and (arguably) they offer better performance.

Many believe, including myself, that this genre crapper be denaturized by the virtualization technology. Thin bare-metal hypervisor, like e.g. Xen, crapper act like a micro essence and enforce separation between another components in the grouping - e.g. we crapper move drivers into a removed domain and separate them from the rest of the system. But again there are challenges here on both the design- as well as the implementation-level. For example, we should not put every the drivers into the same domain, as this would provide little transformation in security. Also, how to attain trusty that the hypervisor itself is not buggy?

Security by Obscurity (or Security by Randomization)

Finally we hit the Security by Obscurity move that is supported on the assumption that we cannot intend rid of every the bugs (like in Security by Isolation approach), but at small we crapper attain exploitation of those bugs rattling hard. So, it's every most making our grouping unfriendly to the attacker.

Examples of this move allow Address Space Layout Randomization (ASLR, present in every newer OSes, like Linux, Vista, OSX), StackGuard-like protections (again utilised by most contemporary OSes), indicator encryption (Windows and Linux) and belike whatever another mechanisms that I can't remember at the moment. Probably the most extremity warning of Security by Obscurity would be to use a compiler that generates heavily obfuscated binaries from the source cipher and creates a unique (on a binary level) instances of the same system. Alex did his PhD on this matter and his an expert on compilers and obfuscators.

The obvious disadvantage of this move is that it doesn't preclude the bugs from being exploited - it exclusive attain the meaning exploitation rattling hard or modify impossible. But if digit is concerned also most e.g. DoS attacks, then Security by Obscurity module not preclude them in most cases. The another difficulty with obfuscating the cipher is the performance (compiler cannot optimize the cipher for speed) and fix (if we got a crash dump on an \"obfuscated\" Windows box, we couldn't count on hold from the theoretical support). Finally there is a difficulty of proving that the whole scheme is correct and that our obfuscator (or e.g. ASLR engine) doesn't introduce bugs to the generated cipher and that we module not intend random crashes after (that we would be most probable unable to debug, as the cipher module be obfuscated).

I wonder if the above arrangement is complete and if I haven't forgotten most something. If you know an warning of a section move that doesn't fit here (besides blacklisiting), please let me know!

The Sky Is Falling?

A few reporters asked me if our recent paper on SMM attacking via CPU cache poisoning means the sky is really falling now?

Interestingly, not many people seem to have noticed that this is the 3rd attack against SMM our team has found in the last 10 months. OMG :o

But anyway, does the fact we can easily compromise the SMM today, and write SMM-based malware, does that mean the sky is falling for the average computer user?

No! The sky has actually fallen many years ago… Default users with admin privileges, monolithic kernels everywhere, most software unsigned and downloadable over plaintext HTTP — these are the main reasons we cannot trust our systems today. And those pathetic attempts to fix it, e.g. via restricting admin users on Vista, but still requiring full admin rights to install any piece of stupid software. Or selling people illusion of security via A/V programs, that cannot even protect themselves properly…

It's also funny how so many people focus on solving the security problems by "Security by Correctness" or "Security by Obscurity" approaches — patches, patches, NX and ASLR — all good, but it is not gonna work as an ultimate protection (if it could, it would worked out already).

On the other hand, there are some emerging technologies out there that could allow us to implement effective "Security by Isolation" approach. Such technologies as VT-x/AMD-V, VT-d/IOMMU or Intel TXT and TPM.

So we, at ITL, focus on analyzing those new technologies, even though almost nobody uses them today. Because those technologies could actually make the difference. Unlike A/V programs or Patch Tuesdays, those technologies can change the level of sophistication required for the attacker dramatically.

The attacks we focus on are important for those new technologies — e.g. today Intel TXT is pretty much useless without protection from SMM attacks. And currently there is no such protection, which sucks. SMM rootkits sound sexy, but, frankly, the bad guys are doing just fine using traditional kernel mode malware (due to the fact that A/V is not effective). Of course, SMM rootkits are just yet another annoyance for the traditional A/V programs, which is good, but they might not be the most important consequence of SMM attacks.

So, should the average Joe Dow care about our SMM attacks? Absolutely not!

Quest to The Core

If you think SMM rootkits or PCI backdoors is low-level, then you should certainly see our talks in Vegas — ITL is going to define what does the "low-level" adjective really mean at the end of the decade ;)

In case you haven't noticed it at the Black Hat website yet — Alex and Rafal will be giving two presentations in Vegas:

1) Introducing Ring -3 Rootkits (description)

2) Attacking Intel® BIOS (description)

Let me stress that we have been in touch with Intel for quite some time about the above attacks, and that Intel is planning to release appropriate fixes a few weeks before our presentations at Black Hat.

There is more than just this coming at this year's Black Hat — most notably we will also be debuting with our Virtualization (In)Security Training. I will write a separate post about this training (containing a detailed agenda) in the coming days, so stay tuned.

Quite exciting.

Virtualization (In)Security Training in Vegas

VM escapes, hypervisor compromises (via "classic" rootkits, as well as Bluepill-like rootkits), hypervisor protection strategies, SMM attacks, TXT bypassing, and more — these are some of the topics that will be covered by our brand new training on Virtualization (In)Security at the upcoming Black Hat USA.

The training offers quite a unique chance, I think, to absorb the results of 1+ year of the research done by our team within... just 2 days. This will be provided via detailed lectures and unique hands-on exercises.

Unlike our previous training on stealth malware (that will also be offered this year, BTW), this time we will offer attendees a bit of hope :) We will be stressing that some of the new hardware technologies (Intel TXT, VT, TPM), if used properly, have potential to dramatically increase security of our computer systems. Sure, we will be showing attacks against those technologies (e.g. TXT), but nevertheless we will be stressing that this is the proper way to go in the long run.

Interestingly, I'm not aware of any similar training of this kind, that would be covering the security issues related to virtualization systems and bare metal hypervisors. Hope we will not get into troubles with the Antitrust Commission for monopolizing this field ;)

The training brochure (something for your boss) is .

The detailed agenda spanning 2 full days can be downloaded .

The Black Hat signup page is

Black Hat 2010 Slides

The wait is over. The slides are . The press release is . Unless you're a chipset/BIOS engineer kind of person, I strongly recommend reading the press release first, before opening the slides.

So, the "Ring -3 Rootkit" presentation is about vPro/AMT chipset compromises. The "Attacking Intel BIOS" presentation is about exploiting a heap overflow in BIOS environment in order to bypass reflashing protection, that otherwise allows only Intel-signed updates to be flashed.

We will publish the code some time after get back from Vegas.

Enjoy.

ps. Let me remind my dear readers that all the files hosted on the ITL website are not digitally signed and are served over a plaintext connection (HTTP). In addition, the ITL's website is hosted on a 3rd party provider's server, on which we have totally no control (which is the reason why we don't buy an SSL certificate for the website). Never trust unsigned files that you download from the Internet. ITL cannot be liable for any damages caused by the files downloaded from our website, unless they are digitally signed.

Vegas Toys (Part I): The Ring -3 Tools

We've just published the proof of concept code for the Alex's and Rafal's "Ring -3 Rootkits" talk, presented last month at the Black Hat conference in Vegas. You can download the code from our website . It's highly recommended that one (re)reads the slides before playing with the code.

In short, the code demonstrates injection of an arbitrary ARC4 code into a vPro-compatible chipset AMT/ME memory using the chipset memory reclaiming attack. Check the README and the slides for more information.

The actual ARC4 code we distribute here is very simple: it sets a DMA write transaction to the host memory every ca. 15 seconds in order to write the "ITL" string at the predefined physical addresses (increased by 4 with every iteration). Of course one can do DMA read as well.

The ability to do DMA from the ARC4 code to/from the host memory is, in fact, all that is necessary to write a sophisticated rootkit or any sort of malware, from funny jokers to sophisticated secret sniffers. Your imagination (and good pattern searching) is the only limit here.

The OS, nor any software running on the host OS, cannot access our rootkit code, unless, of course, it used the same remapping attack we used to insert our code there :) But the rootkit might even cut off this way by locking down the remapping registers, so fixing the vulnerability on the fly, after exploiting it (of course it would be insane for any AV to use our remapping attack in order to scan ME space, but just for completeness;)

An OS might attempt to protect itself from DMA accesses from the rootkit in the chipset by carefully setting VT-d protections. Xen 3.3/3.4, for example, sets VT-d protections in such a way that our rootkit cannot access the Xen hypervisor memory. We can, however, access all the other parts of the system which includes all the domains memory (i.e. where all the interesting data are located). Still, it should be possible to modify Xen so that it set VT-d mappings in such a strict way, that the AMT code (and the AMT rootkit) could not access any useful information in any of the domains. This, in fact, would be a good idea anyway, as it would also prevent any sort of hardware-based backdoors (except for the backdoors in the CPU).

An AMT rootkit can, however, get around such a savvy OS because it can modify the OS's VT-d initialization code before it sets the VT-d protections. Alternatively, if the protections are set before the rootkit was activated, the rootkit can force the system to reboot and boot it from the AMT Virtual CDROM (In fact AMT has been designed to be able to do exactly that), which would contain rootkit agent code that would modify the OS/VMM to-be-loaded image, so that it doesn't setup VT-d properly.

Of course, the proper solution against such an attack would be to use e.g. Intel TXT to assure trusted boot of the system. In theory this should work. In practice, as you might recall, we have already shown how to bypass Intel TXT. This TXT bypass attack still works on most (all?) hardware, as there is still no STM available in the wild (all that is needed for the attack is to have a working SMM attack, and last month we showed 2 such attacks — see the slides for the BIOS talk).

Intel has released a patch a day before our presentation at Black Hat. This is a cumulative patch that is also targeting a few other, unrelated, problems, like e.g. the SMM caching attack (also reported by Loic), the SMM nvacpi attack, and the Q45 BIOS reflashing attack (for which the code will be also published shortly).

Some of you might remember that Intel has patched this very remapping bug last year, after our Xen 0wning Trilogy presentations, where we used the very same bug to get around Xen hypervisor protections. However, Intel forgot about one small detail — namely it was perfectly possible for malware to downgrade BIOS to the previous, pre-Black-Hat-2008 version, without any user consent (after all this old BIO file was also digitally signed by Intel). So, with just one additional reboot (but without a user intervention needed) malware could still use the old remapping bug, this time to get access to the AMT memory. The recent patch mentioned above solves this problem by displaying a prompt during reflash boot, if reflashing to an older version of BIOS. So now it requires user intervention (a physical presence). This "downgrade protection" works, however, only if we have administrator password enabled in BIOS.

We could get into the AMT memory on Q35, however, even if the downgrade attack was not possible. In that case we could use our BIOS reflashing exploit (the other Black Hat presentation).

However, this situation looks differently on Intel latest Q45 chipsets (that also have AMT). As explained in the presentation, we were unable to get access to the AMT memory on those chipsets, even though we can reflash the BIOS there, and consequently, even though we can get rid of all the chipset locks (e.g. the remapping locks). Still, the remapping doesn't seem to work for this one memory range, where the AMT code resides.

This suggest Intel added some additional hardware to the Q45 chipset (and other Series 4 chipsets) to prevent this very type of attacks. But we're not giving up on Q45 yet, and we will be trying other attacks, as soon as we recover from the holiday laziness ;)

Finally, the nice picture of the Q35 chipset (MCH), where our rootkit lives :) The ARC4 processor is somewhere inside...

Intel Security Summit: the slides

Last week I was invited to Hillsboro to speak at the Intel's internal conference on security. My presentation title was "A Quest To The Core: Thoughts on present and future attacks on system core technologies", and my goal was to somehow make a quick summary of the recent research our team has done over the last 12 months or so, and explain why we're so keen on hacking the low-level system components, while all the rest of the world is excited about browser and flash player bugs.

The slides (converted to PDF) can be found . As you will see, I decided to remove most of the slides from the "Future" chapter. One reason for that was that we didn't want to hint ~~Loic~~ our competition as to some of our new toys we're working on;) The other reason was that, I think, the value of presenting only thoughts about attacks, i.e. unproven thoughts, or, should I even say, feelings about future attacks, has little research value, and while I can understand such information being important to Intel, I don't see how others could benefit from them.

I must say it was nice and interesting to meet in person with various Intel architects, i.e. the people that actually design and create our basic "universe" we all operate in. You can always change the OS (or even write your own!), but still you must stick to the rules, or "laws", of the platform (unless you can break them ;)

About Apple’s Security Foundations

Every once in a while it’s healthy to reinstall your system... I know, I know, it’s almost a heresy to say that, but that’s reality in the world where our systems are totally unverifiable. In fact I don’t even attempt to verify if my Mac laptop has been compromised in any way (most system files are not signed anyway). But sometimes, you got this feeling that something might be wrong and you decide to reinstall to start your (digital) life all over again :)

So, every time I (re)install a Mac-based system, I end up cursing horribly at Apple’s architects. Why? Because in the Apple World they seem to totally ignore the concept of files integrity, to such extent that it’s virtually impossible to get any assurance that the programs I install are in any way authentic (i.e. not tampered by some 3rd party, e.g. by somebody controlling my Internet connection).

Take any Apple installer package, e.g. Thunderbird. In most cases an installer package on Mac is a .dmg file, that represents an installation disk image. Now, when you open such a file under Mac, the OS will never display any information about if this file is somehow signed (e.g. by who) or not. In fact, I’m pretty sure it’s never signed. What you end up with, is a .dmg file that you just downloaded over plaintext HTTP and you have absolutely no way of verifying if it is the original file the vendor really published. And you’re just about to grant admin privileges to the installer program that is inside this file -- after all it’s an installer, so must got root privileges, right (well, not quite maybe)? Beautiful...

Interestingly, this very same Thunderbird installer, but for Windows, is correctly signed, and Windows, correctly, displays that information (together with the ability to examine the certificate) and allows the user to make a choice of whether to allow it to run or not.

Sure, the certificate doesn’t guarantee that Mozilla didn’t put a nasty backdoor in there, nor that the file was not compromised due to Mozilla’s internal server compromise. Or that the certificate (the private key) wasn’t somehow stolen from Mozilla, or that the issuing authority didn’t make a mistake and maybe issued this certificate to some random guy, who just happened to be named Mozilla.

But the certificate provides liability. If it indeed turns out that this very Thunderbird installer was somehow malicious, I could take this signed file to the court and sue either Mozilla, or the certification authority for all the damages it might have done to me. Without the certificate I cannot do that, because I (and nobody) cannot know if the file was tampered while being downloaded (e.g. malicious ISP) or maybe because my system was already compromised.

But in case of Apple, we have no such choice -- we need to take the risk every time we download a program from the Internet. We must bet the security of our whole system, that at this very moment nobody is tampering with out (unsecured) HTTP connection, and also that nobody compromised the vendor’s Web Server, and, of course, we hope that the vendor didn’t put any malicious code into its product (as we could not sue them for it).

So that sucks. That sucks terribly! Without ability to check the integrity of programs we want to install, we cannot build any solid foundations. It’s funny how people divagate whether Apple implemented ASLR correctly in Snow Leopard, or not? Or whether NX is bypassable. It’s meaningless to dive into such advanced topics, if we cannot even assure that at the day 0 our system is clean. We need to start building our systems from the ground up, and not starting from the roof! Ability to assure the software we install is not tampered seems like a reasonable very first step. (Sure it could be compromised 5 minutes later, and to protect against this we should have other mechanisms, like e.g. mentioned above ASLR and NX).

And Apple should not blame the vendors for such a situation (“Vendors would never pay $300 for a certificate”, blah, blah), as it is just enough to have a look at the Windows versions of the same products, and that most of them do have signed installers (gee, even open-source TrueCrypt, has a signed installer for Windows!).

One should say that a few vendors, seeing this problem on Mac, do publish PGP signatures for their installation files. This includes e.g. PGP Desktop for Mac, KeePassX, TrueCrypt for Mac, and a few others. But these are just exceptions and I wonder how many users will be disciplined (and savvy) enough to correctly verify those PGP signatures (in general it requires you to download the vendor keys many months before, keep it in your ring, to minimize possibility that somebody alters both the installer files and the keys you download). Some other vendors offer pseudo-integrity by displaying MD5/SHA1 sums on their websites. That would make some sense only if the website on which the hashes are displayed was itself SSL-protected (still the file signature is a better option), as otherwise we can be sure that the attacker that is tampering with the installer file, will also take care about adjusting the hash on the website... But of course this never is the case -- have a look e.g. at the VMWare download page for the Mac Fusion (one need to register first). Very smart, VMWare! (Needles to say, the VMWare Workstation installer for Windows is properly signed).

BTW, anybody checked if the Apple updates are digitally signed somehow?

All I wrote here in this post is just trivial. It should be just obvious for every decently educated software engineer. Believe me it’s really is much more fun for me to write about things like new attacks on chipsets or virtualization. But I have this little hope that maybe somebody at Apple will read this little post and fix their OS. Because I really like Apple products for their aesthetics...

Security - The Cause and How BSoD is Occurred

Blue Screen of Death (BSoD) may occur due to several reason:

1. Virus or Spyware attacks
Virus or Spyware may cause your computer in high risk face this BSoD. It’s attacksyour computer without your conscious. This Virus or Spyware can attack BIOS, Driver Device that brings to damage the files therein.

2. Hardware failure
If hardware or computer device is can not be fully functional or damaged, Windows Stop Error will occur. Including the CPU is too hot.

3. Software Failure
Software that has a problem while installation process maybe has a problem to interact with Windows because while installation process there is having damaged files. Software which do not match with the Windows also may cause this BSoD, for example Windows Vista require a software which are only specially developed for this operating system and do not install a software that may not operate with this windows Vista.

4. Driver Device
When new hardware installed to computer and its driver in not suitable, wrong or not updated for the hardware will cause the hardware can not communicate very well with windows.

5. Startup Error
Hardware error, damaged driver, corrupt file volume, system misconfiguration and virus attack can cause windows can not operate while boot process. All error will display before windows is presented. While boot process, Windows can not communicate with the related file perfect.

6. Registry Error
Damaged in the Registry may happen not be presumed, This Windows Registry contains a complete system configuration including hardware configuration and driver device. If there have an erratum on Registry system, its easily cause system fail to work and cause to BSoB.

Widescreen Video Eyewear

Vuzix Launches Stylish Wrap™ 310 Widescreen Video Eyewear

Newly updated, sunglass-style form factor improves comfort and style while delivering true 16 x 9 widescreen video

Experience the technology first hand at the 2009 ShowStoppers for the Digital Holidays September 16th in New York and the 2009 Tokyo Games Show September 24th – 27th

Rochester, NY – September 15, 2009 – Vuzix Corporation, the leader in video eyewear for the consumer, defense and low vision markets, is thrilled to launch the Wrap 310. The game-changing Wrap 310 challenges the status quo of traditional video viewing devices by looking and feeling like normal sunglasses. The Wrap 310 will feature twin high-resolution video displays, project a 55-inch screen and include removable noise isolating earphones. Powered for up to 6 hours on just 2 AA batteries, the Wrap 310 will accept video from almost any video player, including the iPod and iPhone.

Whether you are an executive business traveler or want an immersive console gaming experience, the Wrap 310 will get the job done in style. With composite video input and optional VGA and component compatibility adapters, the Wrap 310 is the most versatile pair of video eyewear on the market. Additionally, as the first video eyewear designed for upgradeability, the Wrap 310 will feature an expansion port designed to provide the product with near limitless compatibility. In addition to the soon to be available VGA and Component adapters, Vuzix has plans for exciting accessories designed to keep the Wrap 310 on the cutting edge.

Please see a complete list of compatible devices below.

“The Wrap 310 is the first device to merge the look of video eyewear and traditional sunglasses into one,” said Vuzix CEO, Paul Travers. “We are excited to be a part of the mobile video revolution and are thrilled to be globally unveiling the Wrap 310 at Showstoppers for the Digital Holidays and the Tokyo Game Show,” added Travers.

The Wrap 310 also features an improved on-screen user interface, included independent focus adjustments for users with corrective lenses and still features compatibility with all major 3D video formats. Users now have the option to select various lens colors to personalize their Wrap 310.

Compatible Devices Include:

• All iPod/iPhone models
• Portable DVD players
• Mobile phones with video output
• PCs and laptops*
• Televisions
• DVD/Blu-Ray players
• Portable media players

*Requires VGA output

Handy Backup - Automatic Data Backup, Recovery and Synchronization

Handy Backup - Automatic Data Backup, Recovery and Synchronization

Hardware and software errors, viruses and malware, simple human mistakes – these are just a few reasons why it is important to care about data loss prevention and protect the associated operational processes. While insuring hardware assets seems to be manageable by most people, the question of insuring the most valuable asset, information and information’s integrity is of the same, if not higher, importance?

Handy Backup by Novosoft (downloaded at www.handybackup.net) is award-winning automatic data backup and disaster recovery software. It is very flexible and can perfectly meet any individual requirements:

* Handy Backup has a comprehensible task-based architecture with three types of tasks available: backup, restore and synchronization.

* In addition to “common” file and folder backup, there is a number of presets that facilitate backups of critical data, such as My Documents, Microsoft Outlook, Windows registry, etc.

* Such inevitable for up-to-date backup software features as backup scheduling, backup data compression and encryption are fully supported by Handy Backup.

Unlike most other backup software out there, Handy Backup doesn’t treat your data like faceless chunks of memory. It features a complete, extensible plug-in-based system and a variety of plug-ins designed to back up settings, playlists, tweaks and preferences of your favorite applications that you’ve tweaked to perfection. Users of the utility can also create new plug-ins of their own, which is relatively easy and requires only some basic XML knowledge.

IT-experts can take advantage of extended feature set including disk image backup and database backup. Database backup-related functions are what makes Handy Backup so powerful and unique. There are several advanced plug-ins that can handle backup and restore of most popular DBMS including Microsoft SQL Server, Oracle database, IBM DB2 Data Server, Lotus Domino/Notes environment, and a common Database Backup plug-in that can be used for any ODBC-compatible databases. Also, there is a professional plug-in for backing up Microsoft Exchange Server stores.

Handy Backup Server is a centralized automatic data backup solution for corporate local networks. It enables administrator to install workstation agents on networked workstations and manage the entire network’s backup from a single control point.

Handy Backup is one of the most stable, effective and easy-to-use applications for automatic data backup, recovery and synchronization. Enthusiasts translated Handy Backup for more than 20 languages. With this program, Novosoft LLC has partnered with such companies as Microsoft, IBM and Oracle.

Handy Backup Website: www.handybackup.net

You can download a full-featured 30-days trial by clicking the following link:

Download Handy Backup.

Clean Up Windows XP File Prefetch

Clean up the Prefetch file while Shutdown with Automation Program.

Prefetch file which is on the Windows XP is a file that operates to speed loading process to programs which are frequently run on windows and also functioned to speed the booting process of Windows XP. However, if its folder is overloaded then this matter can cause the decrease performance of Windows XP. Besides of that, to maintain the computer performance, we always clean up the files which are located on the C:\Windows\Prefetch\.

Actually, the task is simple but sometimes we are lazy or forgotten then eventually the task is not done and then causes the computer performance slow.

Of course you don’t want this problem occur…. So that we can make a automatic program that run a deleting the files of prefetch automatically each time computer have been shutdown.

If you’re interested, just follow the steps below:

Firstly, Open your Notepad

Secondly, type this command: del C:\Windows\Prefetch\*.* /q

Third, save with using extension name *.bat (prefetch.bat) on the directory which we need.

Fourth, open group policy editor (gpedit.msc) using Click Start >> Run >> Type in “gpedit.msc” and then press ENTER or OK until group policy editor dialog box appeared.

Fifth, Click Computer Configuration\Windows Settings\Scripts (Startup/Shutdown)

Sixth, on the column on the right side choose (Click double) on Shutdown until the windows come up like below:

Seveth, Click Add and then a windows will come up like the picture below:

Eighth, on the Script Name click browse then move to the folder or directory place that we save the file which has been made of us recently.

Ninth, if found the file, click Open then OK ("Scripts" Parameters just nil).

Tenth, click Apply and/or OK.

Done….. Now try to restart your computer and then check it out on the directory C:\Windows\Prefetch\ and make sure all the files has been clean up.

Computer Magazines | Magazines Computer

Summer Travel with Your Computer

Keeping Your Child Safe Online

Never Use These Passwords

Never Use These Passwords

Never Use These Passwords

Great Products For Child-Proofing Your Computer

McAfee's Predicted Security Threats for 2010

Teamwork Crediting

The three approaches to computer security

The Sky Is Falling?

Quest to The Core

Virtualization (In)Security Training in Vegas

Black Hat 2010 Slides

Vegas Toys (Part I): The Ring -3 Tools

Intel Security Summit: the slides

About Apple’s Security Foundations

Security - The Cause and How BSoD is Occurred

Widescreen Video Eyewear

Handy Backup - Automatic Data Backup, Recovery and Synchronization

Clean Up Windows XP File Prefetch

Categories

Latest News