Security Weekly
Paul's Security WeeklySubscribe
Endpoint/Device Security, Vulnerability Management, Malware, Security Staff Acquisition & Development

PSW #751 – Jesse Michael & Mickey Shkatov

We start off the show this week by welcoming the infamous Eclypsium security researchers Mickey and Jesse to talk about Secure Boot vulnerabilities. They walk us through the history of Secure Boot, how it works, previous research they've performed ("Boothole"), and some details on their current research presented at Defcon this year in a talk titled "One bootloader to rule them all". Then, in the Security News, key fob hacks and stealing cars, the best Black hat and defcon talks of all-time, open redirects are still open, the keys to decrypt the wizard of oz are in a strange place, why the Linux desktop sucks, why businesses should all switch to Linux desktops, SGX attacks, let me send you an Uber to take you to the bank, 27-factor authentication, start your management engines, and guess what, your DMs are not private, and you should have used Signal.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Unearthed Easter Eggs, Black Hat/DEF CON Talks, Decrypting Oz, & 27 Factor Auth – PSW #751

In the Security News, key fob hacks and stealing cars, the best Black hat and defcon talks of all-time, open redirects are still open, the keys to decrypt the wizard of oz are in a strange place, why the Linux desktop sucks, why businesses should all switch to Linux desktops, SGX attacks, let me send you an Uber to take you to the bank, 27-factor authentication, start your management engines, and guess what, your DMs are not private and you should have used Signal.

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. The best Black Hat and DEF CON talks of all time
    Do you agree with this list?
  2. 2. Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers
    When there is a buffer overflow in your login CGI-script LOLz will ensue.
  3. 3. Businesses should dump Windows for Linux
    Windows gets too much malware, just switch to Linux, agree? Okay?
  4. 4. Open Redirect Flaw Snags Amex, Snapchat User Data
    For the love of all things please fix your open redirects! "Attackers took advantage of redirect vulnerabilities affecting American Express and Snapchat domains, the former of which eventually was patched while the latter still is not, researchers said."
  5. 5. Scientists hid encryption key for Wizard of Oz text in plastic molecules
  6. 6. Main Linux problems on the desktop, 2022 edition or why Linux sucks on the desktop
    If you read this article you will never want to run Linux as your desktop OS. I read it, but I will still use Linux as my "daily driver". While Linux has issues, not gonna lie because it does, so do other operating systems, hardware, and firmware. You can't escape the technology fiasco just based on your choice of OS alone.
  7. 7. Intel Patches Severe Vulnerabilities in Firmware, Management Software
    WTH does this mean: "CVEID: CVE-2022-30601 - Description: Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access." - Does it send credentials in clear-text that you can snag and then login? Again, the escalation of privilege and authentication bypass is different.
  8. 8. Technion Hackers Expose Dangerous Vulnerabilities in Siemens PLC Firmware
    Technion in Haifa has successfully broken into Siemens’ Simatic S7
  9. 9. SGX, Intel’s supposedly impregnable data fortress, has been breached yet again
    "“ÆPIC Leak enables attacks against SGX enclaves on Ice Lake CPUs, forcing specific data into caches and leaking targeted secrets,” the researchers wrote. “We show attacks that allow leaking data held in memory and registers. We demonstrate how ÆPIC Leak completely breaks the guarantees provided by SGX, deterministically leaking AES secret keys, RSA private keys, and extracting the SGX sealing key for remote attestation.”"
  10. 10. Microsoft confirms ‘DogWalk’ zero-day vulnerability has been exploited
  11. 11. Kali Linux 2022.3 adds 5 new tools, updates Linux kernel, and more
  12. 12. Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws
  13. 13. Microsoft Patches Zero-Day Actively Exploited in the Wild
  14. 14. Slack exposed hashed passwords for years
  15. 15. Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages
  16. 16. Twitter admits to being hacked
  17. 17. Scammers Sent Uber to Take Elderly Lady to the Bank
    This is a crazy scam: "They took control of her screen and said they had accidentally transferred $160,000 into her account,” Hardaway said. “The person on the phone told her he was going to lose his job over this transfer error, that he didn’t know what to do. So they sent her some information about where to wire the money, and asked her to go to the bank. But she told them, ‘I don’t drive,’ and they told her, “No problem, we’re sending an Uber to come help you to the bank.'"
  18. 18. DHS warns of critical flaws in Emergency Alert System devices
  19. 19. Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws
  20. 20. Universities Put Email Users at Cyber Risk
  21. 21. New Malware Can Access Your Gmail Inbox Without Your Password Or 2FA
  22. 22. Stephen Lacy on Twitter
    "Currently over 35k repositories are infected - So far found in projects including: crypto, golang, python, js, bash, docker, k8s - It is added to npm scripts, docker images and install docs" - And this is why we can't have nice things, or rather why we will need 27-factor authentication, signed commits, and signed code updates...
  23. 23. Hackers knock out 7-Eleven stores in Denmark
  24. 24. Firmware Security Realizations – Part 2 – Start Your Management Engine
    File this in the "almost everything you ever needed or wanted to know about Intel ME/AMT" category. I spent A LOT of time pulling all of this information together on Intel ME. Full of open-source tools and examples of how to discover ME vulnerabilities on your systems and more!
  25. 25. Scammers Sent Uber to Take Elderly Lady to the Bank – Krebs on Security
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
  1. 1. Facebook DM’s, private? Or not?
    Facebook gave up a teen's DM's to police, under subpoena, to prosecute her and her mother. The crime? The teen was getting an abortion.
  2. 2. First Defcon?
    Guide for a first time defcon visitor. Not bad.
Larry Pesce
Larry Pesce
Product Security Research and Analysis Director at Finite State
  1. 1. I Tried the Honda Key Fob Hack on My Own Car. It Totally Worked
  2. 2. The arcade world’s first Easter egg discovered after fraught journey
  3. 3. 28 years later, Super Punch-Out!!’s 2-player mode has been discovered
  4. 4. Washington Post Hacked into a Chevy Volt to Show How Much Cars Are Spying on Their Owners
  5. 5. Supposedly Quantum Resistant Encryption Cracked by Basic-Ass PC
  6. 6. Slack resets passwords after exposing hashes in invitation links
  7. 7. Intel Microcode Decryptor
    All information is provided for educational purposes only. Follow these instructions at your own risk. Neither the authors nor their employer are responsible
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory

2. Not-So-Secure Boot – Jesse Michael, Mickey Shkatov – PSW #751

We welcome the infamous Eclypsium security researchers Mickey and Jesse to talk about Secure Boot vulnerabilities. They walk us through the history of Secure Boot, how it works, previous research they've performed ("Boothole"), and some details on their current research presented at Defcon this year in a talk titled "One bootloader to rule them all".

Guests

Jesse Michael
Jesse Michael
Principal Researcher at Eclypsium

Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.

Mickey Shkatov
Mickey Shkatov
Security Researcher at Eclypsium

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element