Archive for Alan

“God Mode” Backdoor

Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9).

The command — “.byte 0x0f, 0x3f” in Linux — “isn’t supposed to exist, doesn’t have a name, and gives you root right away,” Domas said, adding that he calls it “God Mode.”

The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces (“userland”) run in ring 3, furthest from the kernel and with the least privileges. To put it simply, Domas’ God Mode takes you from the outermost to the innermost ring in four bytes.

“We have direct ring 3 to ring 0 hardware privilege escalation,” Domas said. “This has never been done.”

That’s because of the hidden RISC chip, which lives so far down on the bare metal that Domas half-joked that it ought to be thought of as a new, deeper ring of privilege, following the theory that hypervisors and chip-management systems can be considered ring -1 or ring -2.

“This is really ring -4,” he said. “It’s a secret, co-located core buried alongside the x86 chip. It has unrestricted access to the x86.”

The good news is that, as far as Domas knows, this backdoor exists only on VIA C3 Nehemiah chips made in 2003 and used in embedded systems and thin clients. The bad news is that it’s entirely possible that such hidden backdoors exist on many other chipsets.

Full read here.

https://github.com/xoreaxeaxeax/rosenbridge

More fuzzing:

https://github.com/xoreaxeaxeax/sandsifter

Breaking the x86 ISA

Fuzzing on Edison

Notes on Intel microcode

Drones, drones, drones. Our new overlords?

NASA is pursuing a program that integrates unmanned aircraft systems (UAS) into the National Airspace System, or UAS-NAS. This involves identifying, developing, and testing the technologies and procedures that will make it possible for UAS to have routine access to airspace occupied by human-piloted aircraft.

Four NASA centers support the UAS-NAS project: NASA’s Ames Research Center and Armstrong Flight Research Center in California, Langley Research Center in Virginia, and Glenn Research Center in Ohio.

The UAS-NAS project is within the Integrated Aviation Systems Research Program, managed by NASA’s Aeronautics Research Mission Directorate at NASA Headquarters in Washington, D.C.

The project uses modeling, simulations, and flight tests to develop and test technologies that provide safe, effective, secure capabilities including detect and avoid (DAA) and command and control (C2).

Read further here.

ADELPHI, Md. – U.S. Army unmanned weapons experts are negotiating with Lockheed Martin Corp. to develop high-power microwave (HPM) weapons payloads to enable new generations of unmanned aerial vehicles (UAVs) to destroy or disable enemy drones.

Officials of the Adelphi contracting division of the Army Contracting Command at Aberdeen Proving Ground, Md., announced plans Friday to negotiate sole-source with the Lockheed Martin Missiles and Fire Control division in Grand Prairie, Texas, on an HPM UAV weapons project.

Lockheed Martin engineers will develop high-powered-microwave airborne counter unmanned aircraft systems (CUAS), including the necessary development, integration, and support necessary to field HPM weapons-equipped UAVs.

Specifically, Army leaders want Lockheed Martin to develop HPM weapons and other kinds of UAV payloads able to disable or destroy adversary UAVs. Weapons payloads for UAVs that are under consideration include explosives, nets, entanglers, streamers, and high-powered-microwave systems.

High-power microwaves represent a class of non-lethal weapons designed to destroy or disable enemy electronic systems with jolts of powerful electrical energy. It can fry electronics in much the same way as the electromagnetic pulse (EMP) from a nuclear detonation can disrupt electronics.

Full article here.

WASHINGTON – Some of the most iconic weapons of the past 17 years of war are quickly becoming a relic of the past, top Air Force officials say. Breaking Defense reports. Continue reading original article

The Military & Aerospace Electronics take:

6 Aug. 2018 — The Air Force is rushing toward a mix of almost-ready and yet-to-be-developed technologies, including artificial intelligence (AI), cloud computing, hypersonics, drone swarms, and clouds of tiny cubesats capable of sucking up data and beaming it back down to operators the ground in real time.

After running red team exercises looking at what some of the biggest future challenges might be for the Air Force, leaders concluded that the Predator and Global Hawk unmanned aerial vehicles (UAVs) of today are not far away from becoming mere museum pieces.

Not only does the Air Force want to get its people away from staring at computer screens to recognize, interpret, and identify what they’re seeing, but also seeks to develop processing and exploitation at the sensor. [from M&AE]

Caves, drugs, and art

 

pattern

An abstract pattern engraved in a piece of ochre found at Blombos Cave in South Africa. Image: Chris S. Henshilwood.

 

Abstract art goes back a long way. The earliest examples are around 73,000 old and consist of abstract patterns engraved into pieces of ochre by natives of what is now South Africa. During the last ice age, around 40,000 year ago, European artists also left abstract designs, this time on the walls of caves.

What is striking about these early manifestations of abstract expression is that the patterns drawn were the same across cultures and locations: there are dots, cross-hatchings, circles, wavy lines and, in particular, spirals. These geometric patterns resemble what people report seeing when they are in altered states of consciousness, causing researchers to suggest that much of early abstract art was inspired by drugs.

Apart from scandalising the Daily Mail this idea also poses a question: why would people across continents and ages all favour patterns seen during drug induced hallucinations over the many others they could have chosen to paint? What makes drug induced visions so compelling? A recent paper by computer scientists from Japan suggests that the answer might hinge on an interesting interplay between the mathematics of pattern formation and a mechanism that generates a sense of value and meaning.

The geometric patterns seen in visual hallucinations were first studied scientifically in the 1920s by the German-American psychologist Heinrich Klüver. Klüver experimented with peyote, a cactus whose psychoactive ingredient mescaline played an important role in the shamanistic rituals of many central American tribes. Popping peyote buttons in the lab Klüver noticed the repeating geometric shapes and classified them into four types, which he called form constants: tunnels and funnels, spirals, lattices including honeycombs and triangles, and cobwebs.

vis-hallu

Computer generated representations of Klüver’s form constants. The top two images represent a funnel and a spiral as seen after taking LSD, the bottom left image is a honeycomb generated by marijuana, and the bottom right image is a cobweb. Image from What Geometric Visual Hallucinations Tell Us about the Visual Cortex by Paul C. Bressloff.

When it comes to understanding pattern formation in nature scientists often look to the work of Alan Turing, better known as WWII code-breaker and father of modern computer science. To explain the formation of the stripes and spots we see on animal coats Turing considered a system of two chemical agents (loosely speaking, one for each colour in a two-coloured animal coat) which diffuse through a medium (the cells making up an animal embryo) but also interact with each other in a specific way. Writing down the equations describing this process Turing found that once the system is nudged out of equilibrium it polarises. Rather than forming a uniform mixture the agents arrange themselves in a variety of possible patterns (see How the leopard got its spots for more detail).

 

Read further: https://plus.maths.org/content/caves-drugs-and-art

The illusion of time

According to theoretical physicist Carlo Rovelli, time is an illusion: our naive perception of its flow doesn’t correspond to physical reality. Indeed, as Rovelli argues in The Order of Time, much more is illusory, including Isaac Newton’s picture of a universally ticking clock. Even Albert Einstein’s relativistic space-time — an elastic manifold that contorts so that local times differ depending on one’s relative speed or proximity to a mass — is just an effective simplification.

So what does Rovelli think is really going on? He posits that reality is just a complex network of events onto which we project sequences of past, present and future. The whole Universe obeys the laws of quantum mechanics and thermodynamics, out of which time emerges.

Rovelli is one of the creators and champions of loop quantum gravity theory, one of several ongoing attempts to marry quantum mechanics with general relativity. In contrast to the better-known string theory, loop quantum gravity does not attempt to be a ‘theory of everything’ out of which we can generate all of particle physics and gravitation. Nevertheless, its agenda of joining up these two fundamentally differing laws is incredibly ambitious.

Alongside and inspired by his work in quantum gravity, Rovelli puts forward the idea of ‘physics without time’. This stems from the fact that some equations of quantum gravity (such as the Wheeler–DeWitt equation, which assigns quantum states to the Universe) can be written without any reference to time at all.

Continue reading: https://www.nature.com/articles/d41586-018-04558-7

Nice night for a walk…

I was walking along the usual path in Bludwood Forest, on a cool misty night… the shadows were dancing along the hedgebane.

I heard what sounded like a twig snap off to one side, rustling of bushes, a black blur. I turn to try and spot what it was when I feel a chill on the back of my neck. I whip back around and see Dark Pestilence looking me in the eye…

*WHOOSH*

I fly backward after feeling a tug in the back of my body, swallowed up by the cool, grey mists.

The fog fades. I find myself in a castle hallway, feels familiar. A large, secure door is down at one end. It’s the hall that leads to the pyramid chamber, in the Castle of Myriad Shades.

Sprawling Maya network discovered under Guatemala jungle

Researchers have found more than 60,000 hidden Maya ruins in Guatemala in a major archaeological breakthrough.

Laser technology was used to survey digitally beneath the forest canopy, revealing houses, palaces, elevated highways, and defensive fortifications.

The landscape, near already-known Maya cities, is thought to have been home to millions more people than other research had previously suggested.

The researchers mapped over 810 square miles (2,100 sq km) in northern Peten.

Archaeologists believe the cutting-edge technology will change the way the world will see the Maya civilisation.

“I think this is one of the greatest advances in over 150 years of Maya archaeology,” said Stephen Houston, Professor of Archaeology and Anthropology at Brown University.

Mr Houston told the BBC that after decades of work in the archaeological field, he found the magnitude of the recent survey “breathtaking”. He added, “I know it sounds hyperbolic but when I saw the [Lidar] imagery, it did bring tears to my eyes.”

Full article: http://www.bbc.com/news/world-latin-america-42916261

Divers Found The World’s Largest Underwater Cave, And It’s Full of Maya Secrets

After 10 months of intensive exploration, scientists in Mexico have discovered the world’s largest flooded cave system – and it’s truly an underwater wonderland.

Spanning an incredible 347 kilometres (216 miles) of subterranean caverns, this branching, sunken labyrinth isn’t just a natural spectacle – it’s also an important archaeological find that could reveal lost secrets of the ancient Maya civilisation.

“This immense cave represents the most important submerged archaeological site in the world,” says underwater archaeologist Guillermo de Anda from Mexico’s National Institute of Anthropology and History.

“It has more than a hundred archaeological contexts, among which are evidence of the first settlers of America, as well as extinct fauna and, of course, the Maya culture.”

De Anda heads up the Great Maya Aquifer Project (GAM), a research effort which for decades has explored underwater caves in the Mexican state of Quintana Roo, located on the Caribbean coastline of the Yucatán Peninsula.

The region hosts a stunning 358 submerged cave systems, representing some 1,400 kilometres (870 miles) of flooded freshwater tunnels hidden under the surface.

read here: http://www.sciencealert.com/world-s-largest-flooded-cave-discovered-under-mexico-yucatan-sac-actun

How a 22-Year-Old Discovered the Worst Chip Flaws in History

In 2013, a teenager named Jann Horn attended a reception in Berlin hosted by Chancellor Angela Merkel. He and 64 other young Germans had done well in a government-run competition designed to encourage students to pursue scientific research.

In Horn’s case, it worked. Last summer, as a 22-year-old Google cybersecurity researcher, he was first to report the biggest chip vulnerabilities ever discovered. The industry is still reeling from his findings, and processors will be designed differently from now on. That’s made him a reluctant celebrity, evidenced by the rousing reception and eager questions he received at an industry conference in Zurich last week.

Interviews with Horn and people who know him show how a combination of dogged determination and a powerful mind helped him stumble upon features and flaws that have been around for over a decade but had gone undetected, leaving most personal computers, internet servers and smartphones exposed to potential hacking.

Other researchers who found the same security holes months after Horn are amazed he worked alone. “We were several teams, and we had clues where to start. He was working from scratch,” said Daniel Gruss, part of a team at Graz University of Technology in Austria that later uncovered what are now known as Meltdown and Spectre.

Horn wasn’t looking to discover a major vulnerability in the world’s computer chips when, in late April, he began reading Intel Corp. processor manuals that are thousands of pages long. He said he simply wanted to make sure the computer hardware could handle a particularly intensive bit of number-crunching code he’d created.

But Zurich-based Horn works at Project Zero, an elite unit of Alphabet Inc.’s Google, made up of cybersleuths who hunt for “zero day” vulnerabilities, unintended design flaws that can be exploited by hackers to break into computer systems.

So he started looking closely at how chips handle speculative execution — a speed-enhancing technique where the processor tries to guess what part of code it will be required to execute next and starts performing those steps ahead of time — and fetching the required data. Horn said the manuals stated that if the processor guessed wrong, the data from those misguided forays would still be stored in the chip’s memory. Horn realized that, once there, the information might be exposed by a clever hacker.

“At this point, I realized that the code pattern we were working on might potentially leak secret data,” Horn said in emailed responses to Bloomberg questions. “I then realized that this could — at least in theory — affect more than just the code snippet we were working on.”

That started what he called a “gradual process” of further investigation that led to the vulnerabilities. Horn said he was aware of other research, including from Gruss and the team at Graz, on how tiny differences in the time it takes a processor to retrieve information could let attackers learn where information is stored.

Horn discussed this with another young researcher at Google in Zurich, Felix Wilhelm, who pointed Horn to similar research he and others had done. This led Horn to what he called “a big aha moment.” The techniques Wilhelm and others were testing could be “inverted” to force the processor to run new speculative executions that it wouldn’t ordinarily try. This would trick the chip into retrieving specific data that could be accessed by hackers.

read full-article: https://www.bloomberg.com/news/articles/2018-01-17/how-a-22-year-old-discovered-the-worst-chip-flaws-in-history

7 Modern BBSes Worth Calling Today

Way back in the 1980s and early 1990s, before the internet reigned supreme, many PC owners dialed up Bulletin Board Systems (BBSes), which were other PCs running special software that allowed users to connect and share messages, play games, or download files.

While few BBSes remain today compared to their height in the early-mid 1990s, one can still connect to a BBS using the internet. Thanks to the antique text-only protocol called telnet, you can use a terminal emulator program to start BBSing just like the glory days.

read more: https://www.pcmag.com/feature/358037/7-modern-bbses-worth-calling-today

Mysterious Void Discovered in Egypt’s Great Pyramid

Egypt’s Great Pyramid of Giza—one of the wonders of the ancient world, and a dazzling feat of architectural genius—contains a hidden void at least a hundred feet long, scientists announced on Thursday.

The space’s dimensions resemble those of the pyramid’s Grand Gallery, the 153-foot-long, 26-foot-tall corridor that leads to the burial chamber of Khufu, the pharaoh for whom the pyramid was built.

However, it remains unclear what lies within the space, what purpose it served, or if it’s one or multiple spaces.

The void is the first large inner structure discovered within the 4,500-year-old pyramid since the 1800s—a find made possible by recent advances in high-energy particle physics. The results were published in the journal Nature.

“This is definitely the discovery of the century,” says archaeologist and Egyptologist Yukinori Kawae, a National Geographic Emerging Explorer. “There have been many hypotheses about the pyramid, but no one even imagined that such a big void is located above the Grand Gallery.”

Source: https://news.nationalgeographic.com/2017/11/great-pyramid-giza-void-discovered-khufu-archaeology-science/

Charting Hacker Hangouts From BBS To Slack

Where have all the grey hat hacker forums gone?

Grey hats were always a valuable part of the hacker community. They may sometimes cross ethical lines, but unlike black hats they’re in it to learn, not to make money. A black hat might intend to steal credit cards and resell them online. A grey hat is just interested in smart new ways to gain network access.

Back in the day, before you could buy Hacking for Dummies at your local Indigo store, even basic hacking knowledge was a valuable commodity. There were places online, where grey hats would hang out and trade it. They were forums dedicated to the pursuit of knowledge, where the more advanced would mentor newcomers in the finer arts of system manipulation. They were places like The Works BBS.

The Works was a bulletin board system that started purely as an exchange board for text files, but which eventually allowed tech enthusiasts to talk to each other. It was here that Chris Wysopal, SecTor speaker and co-founder of l0pht, met his crew.

“I met the soon to be l0pht people there and cDC [Cult of the Dead Cow] folks there. It was a real community.  It morphed into the 2600 meetup community where we would meet up once a month in Cambridge, then later Boston,” he says.

Early hacker BBSs had their faults. They only had so many connections, meaning that participants might find themselves dialing a telephone number several times as they competed for time on a host machine. Despite that, the BBS movement had its cultural advantages.

“The early hacking BBSs were more of a tight-knit community because they were area code-based,” says Wysopal. “It cost money to make long-distance calls, but most people had unlimited plans for local numbers. “Phreakers could call long distance for free, but they still would hang out at a local BBS with their community. People used to call their neck of hackerdom by the area code.  I was a 617er.  NYC folks were 212s.  A famous early band of hackers was the 414s.”

Brian Bourne, co-founder of SecTor, spent a lot of time on BBSs in the early days. They were often invitation-only, and were therefore a haven for grey hats eager to exchange ideas, he says. Then, there was Internet Relay Chat (IRC).

“Law enforcement had no idea what a BBS was, never mind IRC!  So even though IRC channels were a bit harder to police membership and keep unknown folks out, we would share ideas with impunity,” he says.

Full article at source: https://sector.ca/charting-hacker-hangouts-from-bbs-to-slack/

‘The nail in the coffin’: Russia’s top cyber-firm may have made a ‘catastrophic’ mistake

Investigators believe that software from Russia’s top cybersecurity firm, Kaspersky Lab, was involved in a theft of top secret National Security Agency intelligence outlining how the US hacks its adversaries, The Wall Street Journal reported Thursday.

And depending on what was stolen, the breach could spell catastrophe for the company.

According to the Journal, an NSA contractor stole and downloaded onto his personal computer highly classified details about how the US penetrates foreign computer networks and defends itself against cyberattacks. (The Washington Post reported the person was not a contractor, but an employee working for the NSA’s elite hacking division known as Tailored Access Operations.)

Russian hackers then stole that intelligence by exploiting the Kaspersky antivirus software the contractor had been running on his computer.

The breach wasn’t discovered until spring 2016, according to the Journal and The Washington Post — nearly one year after the hackers are believed to have gained access to the intelligence.

Kaspersky has denied any involvement in the theft, and it is unclear whether the hackers stole code or documents from the contractor. The latter would prove far more damning for Kaspersky, experts say, especially as it stands accused by the US government of being a tool of the Kremlin.

“Ultimately, this will come down to what was stolen from the computer,” said David Kennedy, a former NSA intelligence analyst who founded the cybersecurity firm TrustedSec.

Source: http://www.msn.com/en-us/money/companies/the-nail-in-the-coffin-russias-top-cyber-firm-may-have-made-a-catastrophic-mistake/ar-AAsZZZY

Mathematical secrets of ancient tablet unlocked after nearly a century of study

The tablet could have been used in surveying, and in calculating how to construct temples, palaces and pyramids.

At least 1,000 years before the Greek mathematician Pythagoras looked at a right angled triangle and worked out that the square of the longest side is always equal to the sum of the squares of the other two, an unknown Babylonian genius took a clay tablet and a reed pen and marked out not just the same theorem, but a series of trigonometry tables which scientists claim are more accurate than any available today.

The 3,700-year-old broken clay tablet survives in the collections of Columbia University, and scientists now believe they have cracked its secrets.

The team from the University of New South Wales in Sydney believe that the four columns and 15 rows of cuneiform – wedge shaped indentations made in the wet clay – represent the world’s oldest and most accurate working trigonometric table, a working tool which could have been used in surveying, and in calculating how to construct temples, palaces and pyramids.

The fabled sophistication of Babylonian architecture and engineering is borne out by excavation. The Hanging Gardens of Babylon, believed by some archaeologists to have been a planted step pyramid with a complex artificial watering system, was written of by Greek historians as one of the seven wonders of the ancient world.

Daniel Mansfield, of the university’s school of mathematics and statistics, described the tablet which may unlock some of their methods as “a fascinating mathematical work that demonstrates undoubted genius” – with potential modern application because the base 60 used in calculations by the Babylonians permitted many more accurate fractions than the contemporary base 10.

Read more: Mathematical secrets of ancient tablet unlocked after nearly a century of study