PSW #751 – Jesse Michael & Mickey Shkatov
We start off the show this week by welcoming the infamous Eclypsium security researchers Mickey and Jesse to talk about Secure Boot vulnerabilities. They walk us through the history of Secure Boot, how it works, previous research they've performed ("Boothole"), and some details on their current research presented at Defcon this year in a talk titled "One bootloader to rule them all". Then, in the Security News, key fob hacks and stealing cars, the best Black hat and defcon talks of all-time, open redirects are still open, the keys to decrypt the wizard of oz are in a strange place, why the Linux desktop sucks, why businesses should all switch to Linux desktops, SGX attacks, let me send you an Uber to take you to the bank, 27-factor authentication, start your management engines, and guess what, your DMs are not private, and you should have used Signal.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
1. Unearthed Easter Eggs, Black Hat/DEF CON Talks, Decrypting Oz, & 27 Factor Auth – PSW #751
In the Security News, key fob hacks and stealing cars, the best Black hat and defcon talks of all-time, open redirects are still open, the keys to decrypt the wizard of oz are in a strange place, why the Linux desktop sucks, why businesses should all switch to Linux desktops, SGX attacks, let me send you an Uber to take you to the bank, 27-factor authentication, start your management engines, and guess what, your DMs are not private and you should have used Signal.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. The best Black Hat and DEF CON talks of all timeDo you agree with this list?
- 2. Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor RoutersWhen there is a buffer overflow in your login CGI-script LOLz will ensue.
- 3. Businesses should dump Windows for LinuxWindows gets too much malware, just switch to Linux, agree? Okay?
- 4. Open Redirect Flaw Snags Amex, Snapchat User DataFor the love of all things please fix your open redirects! "Attackers took advantage of redirect vulnerabilities affecting American Express and Snapchat domains, the former of which eventually was patched while the latter still is not, researchers said."
- 5. Scientists hid encryption key for Wizard of Oz text in plastic molecules
- 6. Main Linux problems on the desktop, 2022 edition or why Linux sucks on the desktopIf you read this article you will never want to run Linux as your desktop OS. I read it, but I will still use Linux as my "daily driver". While Linux has issues, not gonna lie because it does, so do other operating systems, hardware, and firmware. You can't escape the technology fiasco just based on your choice of OS alone.
- 7. Intel Patches Severe Vulnerabilities in Firmware, Management SoftwareWTH does this mean: "CVEID: CVE-2022-30601 - Description: Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access." - Does it send credentials in clear-text that you can snag and then login? Again, the escalation of privilege and authentication bypass is different.
- 8. Technion Hackers Expose Dangerous Vulnerabilities in Siemens PLC FirmwareTechnion in Haifa has successfully broken into Siemens’ Simatic S7
- 9. SGX, Intel’s supposedly impregnable data fortress, has been breached yet again"“ÆPIC Leak enables attacks against SGX enclaves on Ice Lake CPUs, forcing specific data into caches and leaking targeted secrets,” the researchers wrote. “We show attacks that allow leaking data held in memory and registers. We demonstrate how ÆPIC Leak completely breaks the guarantees provided by SGX, deterministically leaking AES secret keys, RSA private keys, and extracting the SGX sealing key for remote attestation.”"
- 10. Microsoft confirms ‘DogWalk’ zero-day vulnerability has been exploited
- 11. Kali Linux 2022.3 adds 5 new tools, updates Linux kernel, and more
- 12. Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws
- 13. Microsoft Patches Zero-Day Actively Exploited in the Wild
- 14. Slack exposed hashed passwords for years
- 15. Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages
- 16. Twitter admits to being hacked
- 17. Scammers Sent Uber to Take Elderly Lady to the BankThis is a crazy scam: "They took control of her screen and said they had accidentally transferred $160,000 into her account,” Hardaway said. “The person on the phone told her he was going to lose his job over this transfer error, that he didn’t know what to do. So they sent her some information about where to wire the money, and asked her to go to the bank. But she told them, ‘I don’t drive,’ and they told her, “No problem, we’re sending an Uber to come help you to the bank.'"
- 18. DHS warns of critical flaws in Emergency Alert System devices
- 19. Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws
- 20. Universities Put Email Users at Cyber Risk
- 21. New Malware Can Access Your Gmail Inbox Without Your Password Or 2FA
- 22. Stephen Lacy on Twitter"Currently over 35k repositories are infected - So far found in projects including: crypto, golang, python, js, bash, docker, k8s - It is added to npm scripts, docker images and install docs" - And this is why we can't have nice things, or rather why we will need 27-factor authentication, signed commits, and signed code updates...
- 23. Hackers knock out 7-Eleven stores in Denmark
- 24. Firmware Security Realizations – Part 2 – Start Your Management EngineFile this in the "almost everything you ever needed or wanted to know about Intel ME/AMT" category. I spent A LOT of time pulling all of this information together on Intel ME. Full of open-source tools and examples of how to discover ME vulnerabilities on your systems and more!
- 25. Scammers Sent Uber to Take Elderly Lady to the Bank – Krebs on Security
- 1. Facebook DM’s, private? Or not?Facebook gave up a teen's DM's to police, under subpoena, to prosecute her and her mother. The crime? The teen was getting an abortion.
- 2. First Defcon?Guide for a first time defcon visitor. Not bad.
- 1. I Tried the Honda Key Fob Hack on My Own Car. It Totally Worked
- 2. The arcade world’s first Easter egg discovered after fraught journey
- 3. 28 years later, Super Punch-Out!!’s 2-player mode has been discovered
- 4. Washington Post Hacked into a Chevy Volt to Show How Much Cars Are Spying on Their Owners
- 5. Supposedly Quantum Resistant Encryption Cracked by Basic-Ass PC
- 6. Slack resets passwords after exposing hashes in invitation links
- 7. Intel Microcode DecryptorAll information is provided for educational purposes only. Follow these instructions at your own risk. Neither the authors nor their employer are responsible
2. Not-So-Secure Boot – Jesse Michael, Mickey Shkatov – PSW #751
We welcome the infamous Eclypsium security researchers Mickey and Jesse to talk about Secure Boot vulnerabilities. They walk us through the history of Secure Boot, how it works, previous research they've performed ("Boothole"), and some details on their current research presented at Defcon this year in a talk titled "One bootloader to rule them all".
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.