Thunderbolt Security Issues

Published by hirantha at 9:09 AM under Apple | Apple | Intel | Intel

Intel-ThunderboltApple released a new set of Macbook Pros few days ago, sporting the first implementation of  "Thunderbolt", a new interconnect technology based on what Intel so far called "Light Peak". It promises 10 GBit/sec duplex connectivity to everything from storage to video devices. The technology is similar to Firewire (i.Link, IEEE 1394) in some ways. Like for Firewire, multiple devices may be daisy chained. However, if a display port display is used as part of the chain, the display has to be the last device in the chain.

One speculation put forward in an article in the register is that devices connected via Thunderbolt are not authenticated and like for Firewire, have full bus access. This speculation is supported by the so far available material form Intel and Apple. Like with Firewire, this bus would provide direct access to RAM and possibly disks. As a result, a malicious device may be able to read RAM and disks without authentication.

These attacks have been shown to work for Firewire, and have been used for example in memory forensics to extract memory content from live systems. However, with the larger variety of devices expected for thunderbolt, it may be more of a threat. In particular, the scenario put forward in the article: Connecting a laptop to a projector at a conference via display port. There is no telling if inside the projector a second device sits in line waiting to extract memory from the attached laptop.


  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , , , , , , ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses


International Data Privacy day

Published by hirantha at 8:45 AM under Security | Security | Security

Today is the fourth annual Data Privacy Day. Dozens of countries have been celebrating with events throughout the week to inform and educate us all about our personal data rights and protections

Few topics worth watching/reading;

Privacy & Innovation: A Data Privacy Day Reflection by Ryan Calo

Data Privacy Day 2011

The Technology of Privacy: When Geeks Meet Wonks – Panel discussion 10AM EST

European Research Consortium to Pilot Digital Privacy Solutions at University and Secondary School

  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , , , , , , , ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses


Microsoft Attack Surface Analyzer - Beta

Published by hirantha at 2:58 PM under Microsoft | Security

Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software.
Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.

This allows:

  • Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
  • IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
  • IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
  • IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)

Download Attack Surface Analyzer - Beta

  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses


BinScope Binary Analyzer

Published by hirantha at 10:49 AM under Microsoft | Software Development | Security

BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.

BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, up-to-date build tools are in place, and the latest good ATL headers are being used. BinScope also reports on dangerous constructs that are prohibited by SDL

Download BinScope Binary Analyzer

  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses


Reference on Open Source Digital Forensics

Published by hirantha at 6:09 AM under Open Source | Security

This site initially started by Brian Carrier is now maintained by a team of volunteers, contains a large repository of open source digital forensics tools, papers, images and procedures on digital forensics. If your favorite open source tool is not listed on this site, you can submit it to get added to the list

Source : http://www2.opensourceforensics.org

  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: ,


E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses