Posts

Showing posts from May, 2017

GroundRod 1 & 2 Idaho, June 1-4 Update

Image
The GroundRod Primer course for CDA, Idaho is completely full and we have 2 seats left for GroundRod 2.

If you did not make it into this class we have some upcoming dates in the Northwest:

- June 15-18    Eugene, OR

- July 6-9         Prosser, WA

- July 14-17     Buffalo, WY

***

Outside the NW:

- July 29-30        LasVegas, NV  (after Blackhat 2017)

- August 10-13   Scranton, PA




Reserve your spot before they fill up.


Update on Intel AMT Exploit

Image
As many of you are aware, a rather onerous firmware exploit was discovered in February that affects most modern Intel processors. The exploit has been dubbed "Silent Bob Is Silent" and can grant an adversary remote access to your computer beneath the OS level. This not only affect Windows machines but Mac and Linux as well.

“The exploit is trivial, max five lines of Python, could be doable in one-line shell command. It gives full control of affected machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware), and read and modify any data. For security servers, it may allow disabling security features, creating fake credentials, or obtaining root keys. …  IT folks, KEEP WORKING THROUGH THE WEEKEND, DISABLE AMT NOW or block access to it. This can get ugly.”

Read the full pieceHERE

The linked post will cover some methods for determining if your system is vulnerable. It should be noted that the Intel vPro mod…

Be Careful What You Click

Image
Those leaked NSA TAO tools have been in the wild for a few weeks now.....and now we have this.

"According to CrowdStrike's vice president of intelligence Adam Meyers, the initial spread of WannaCry is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked that initiates the WannaCry infection.

But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. "This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire," he told Forbes. "It's going through financials, energy companies, healthcare. It's widespread."

Given the malware is scanning the entire internet for vulnerable machines, and as many as 150,000 were deemed open to the Windows vulnerability as of earlier this month, WannaCry ransomware explosion is only expected to get worse over the weekend…

BlackHat 2017 Convention & GroundRod

Image
Blackhat 2017 Info

I will be attending the 2017 Blackhat convention in Vegas July 22-27. If there is interest I can schedule a GroundRod course in Las Vegas to run right after the conference.

Any interested parties email me and we will see if we can make it happen.



More Shenanigans from the No Such Agency folks

Image
"A very important question remains: What exactly could WindsorBlue, and then WindsorGreen, crack? Are modern privacy mainstays like PGP, used to encrypt email, or the ciphers behind encrypted chat apps like Signal under threat? The experts who spoke to The Intercept don’t think there’s any reason to assume the worst.

“As long as you use long keys and recent-generation hashes, you should be OK,” said Huang. “Even if [WindsorGreen] gave a 100x advantage in cracking strength, it’s a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256.”

Translation: Older encryption methods based on shorter strings of numbers, which are easier to factor, would be more vulnerable, but anyone using the strongest contemporary encryption software (which uses much longer numbers) should still be safe and confident in their privacy."

***

Read the full article here Intercept Article and make sure you grok the implications.


-…

GroundRod in Central Oregon and Central Florida

There will be a GroundRod Primer in the Bend, OR area on May 13-14.  There will also be a GroundRod Primer in the Fort Meyers, FL area May 27-28.

Contact me if you wish to register for either course.