recent bookmarks

Twitter
Want to know why Repubs and some Dems are pathetically trying to make me the scapegoat for the Kavanaugh nomination…
from twitter_favs
10 days ago by girma
Twitter
RT : Melania's trip to Egypt seems to be going will
from twitter
10 days ago by GShaw
Twitter
Because if you are JUST NOW reduced to tears & shock & despair,…
from twitter_favs
10 days ago by Qriator
Twitter
개 글케 싫어하면서 쇼하느라 애썼다
from twitter_favs
10 days ago by JINHONG
Twitter
I made a Twitter list of cute animal accounts and nature because it's so necessary these days. Feel free to bookmar…
from twitter_favs
10 days ago by amymabli
Twitter
I made a Twitter list of cute animal accounts and nature because it's so necessary these days. Feel free to bookmar…
from twitter_favs
10 days ago by mgifford
Twitter
thanks for the follow, tweetwords & have a great Sunday!
If You have slow page - simple ask me...
You c…
from twitter
10 days ago by architektura
Twitter
RT : I am reading American Nations by and it is proving to be one of the most important historical account…
from twitter
10 days ago by mshook
Twitter
4 HOURS TILL WE SEE OUR TIMELORD
from twitter_favs
10 days ago by neillyneil
丑闻 - 项二
Bucky不喜欢这种众星捧月,聚光灯都打在一个人身上的感觉,就像被扒光衣服。
“最受欢迎男演员,Bucky Barnes!”
果然是讨厌的感觉,奢华的大厅里数十支的聚光灯都聚焦在裁剪考究的暗灰色西装上,滚烫的仿佛下一秒火星就会从肩头燃烧。
!连载  -盾冬  01-03章  au:现代  au:娱乐圈  cp:双CP  cp:锤基  cp:铁虫  cp:绿寡  id:演员冬  year:18.09  -18年 
10 days ago by stuckybookmarks
Making sense of the SuperMicro motherboard attack • Light Blue Touchpaper
Theo Markettos, who is on the security team at Cambridge University's Computer Lab, considers whether what's described in the attack is feasible:
<p>there’s another trick a bad BMC can do — it can simply read and write main memory once the machine is booted. The BMC is well-placed to do this, sitting on the PCI Express interconnect since it implements a basic graphics card. This means it potentially has access to large parts of system memory, and so all the data that might be stored on the server. Since the BMC also has access to the network, it’s feasible to exfiltrate that data over the Internet.

So this raises a critical question: how well is the BMC firmware defended? The BMC firmware download contains raw ARM code, and is exactly 32MiB in size. 32MiB is a common size of an SPI flash chip, and suggests this firmware image is written directly to the SPI flash at manufacture without further processing. Additionally, there’s the OpenBMC open source project which supports the AST2400. From what I can find, installing OpenBMC on the AST2400 does not require any code signing or validation process, and so modifying the firmware (for good or ill) looks quite feasible.

Where does this leave us? There are few facts, and much supposition. However, the following scenario does seem to make sense. Let’s assume an implant was added to the motherboard at manufacture time. This needed modification of both the board design, and the robotic component installation process. It intercepts the SPI lines between the flash and the BMC controller. Unless the implant was designed with a very high technology, it may be enough to simply divert the boot process to fetch firmware over the network (either the Internet or a compromised server in the organisation), and all the complex attacks build from there — possibly using PCI Express and/or the BMC for exfiltration.

If the implant is less sophisticated than others have assumed, it may be feasible to block it by firewalling traffic from the BMC — but I can’t see many current owners of such a board wanting to take that risk.

So, finally, what do we learn? In essence, this story seems to pass the sniff test.</p>

A change in the code (even later reversed) would show up in the repository, surely? Notable, though, that technical people think this attack entirely feasible.
Supermicro 
10 days ago by charlesarthur
Twitter
Thanks, Dave! That means the world. I can't wait to open the doors in 2019 🙌 I'll add you to the invit…
from twitter_favs
10 days ago by extraface
Twitter
Uhm...now that it looks like maybe we didn't sneak a really cool hardware implant in those motherboards I for one a…
from twitter_favs
10 days ago by joshd
Twitter
Precisely: Trump tells the same lies over and over, and almost all have been fact checked by WaPo, me, AP, PolitiFa…
from twitter_favs
10 days ago by miaeaton
猜影子 - 埃理炀舒·亚里雅图
军官盾x人格分裂研究生巴基
“是什么时候开始有不连贯的记忆的,Bucky Buchanan Barnes?”
“事实上,最早在军队的时候就有过了。那时候我应该是16岁。”
!连载  -盾冬  01-03章  au:现代  cp:冬水仙  id:军官盾  trope:多重人格冬  year:18.09  -18年 
10 days ago by stuckybookmarks
Twitter
Favorite tweet:

That last bit is pure Trump. https://t.co/arFor3h0z9

— Maggie Haberman (@maggieNYT) October 7, 2018
IFTTT  Twitter 
10 days ago by chetan
GOP Operative Secretly Raised at Least $100,000 in Search for Clinton Emails - WSJ
Favorite tweet:

“One email showed the anti-Clin­ton funds ref­er­enced as do­na­tions that were to be sent to a Wash­ing­ton, D.C.-based schol­ar­ship fund for Russ­ian stu­dents.”🤔 https://t.co/aaO0Ph2fCI

— Aki Peritz (@AkiPeritz) October 7, 2018
IFTTT  Twitter 
10 days ago by chetan
Twitter
Christian right is the Christian wrong.
from twitter_favs
10 days ago by dwf
Twitter
RT : If you live in these states, register to vote by October 9

Alaska
Arkansas
Florida
Georgia
Indiana
Kentucky
Lo…
from twitter
10 days ago by madamjujujive
Twitter
Why is it so hard for neutral observers to say the following:

"There is probably nothing that would have gotten tw…
from twitter_favs
10 days ago by joshd
Twitter
Why is it so hard for neutral observers to say the following:

"There is probably nothing that would have gotten tw…
from twitter_favs
10 days ago by andriak
Twitter
RT : Would like to host a few women to talk about their experiences with sharing of stories of in Bangalore. Is t…
from twitter
10 days ago by rasagy
Twitter
🏆 Learn the smart, efficient way to test any JavaScript application. Coming 🔜

Retweet 🔀 and subscribe 💌 to get updates and a special discount!

🏆🏆🏆🏆🏆🏆🏆🏆🏆🏆

👉 https://t.co/IgypurIarh 👈

🏆🏆🏆🏆🏆🏆🏆🏆🏆🏆

I can't wait for you to see this. It's huge. pic.twitter.com/L5Ev6uEW9Z

— Kent C. Dodds (@kentcdodds) October 5, 2018
IFTTT  Twitter 
10 days ago by nickbaldwin
Twitter
That is why red states make it nearly impossible for college students to vote. Having to r…
from twitter_favs
10 days ago by mikeschinkel
Twitter
Although Pete Davidson in his neon orange sweatsuit, huh my psychiatrist doesn’t ever look that casual, has no idea…
from twitter_favs
10 days ago by hecavanagh
Twitter
RT : Banksy's self-shredding painting still allows wealth to possess, gatekeep, and define culture, still bottlenecks ac…
from twitter
10 days ago by Kevmoss
U.S. unemployment drops to 49-year low - Reuters TV
U.S. unemployment drops to 49-year low: via ⁦⁩. It looks like President Obama’s l…
from twitter
10 days ago by tleckels
Twitter
Pode ir votar com a camisa do partido? Acho que pode... ☺️
from twitter_favs
10 days ago by goajunior
Twitter
Senator Hatch Office (@senorrinhatch)
RT @senorrinhatch: “To Republicans, McConnell is now a 21st century political hero, a leader who refused to surrender to political correctn…
US  Senators  Twitter 
10 days ago by AlexanderERyzhov
Twitter
RT : What will the updated rules bring?

- Strengthen the protection of minors
- Reinforce battle against…
AVMSD  from twitter_favs
10 days ago by verwinv
Twitter
This image is what I stand against both politically and morally
from twitter_favs
10 days ago by brittanyforks
Twitter
stop trying to punish the rich. from
from twitter_favs
10 days ago by exlibris
The Lie Generator: Inside The Black Mirror World of Polygraph Job Screenings
Christopher Talbot thought he would make a great police officer. He was 29 years old, fit, and had a clean background record. Talbot had military experience,…
from instapaper
10 days ago by artlung
Supply chain security is the whole enchilada, but who’s willing to pay for it? • Krebs On Security
Brian Krebs:
<p>Most of what I have to share here is based on conversations with some clueful people over the years who would probably find themselves confined to a tiny, windowless room for an extended period if their names or quotes ever showed up in a story like this, so I will tread carefully around this subject.

The U.S. Government isn’t eager to admit it, but there has long been an unofficial inventory of tech components and vendors that are forbidden to buy from if you’re in charge of procuring products or services on behalf of the U.S. Government. Call it the “brown list, “black list,” “entity list” or what have you, but it’s basically an indelible index of companies that are on the permanent Shit List of Uncle Sam for having been caught pulling some kind of supply chain shenanigans.

More than a decade ago when I was a reporter with The Washington Post, I heard from an extremely well-placed source that one Chinese tech company had made it onto Uncle Sam’s entity list because they sold a custom hardware component for many Internet-enabled printers that secretly made a copy of every document or image sent to the printer and forwarded that to a server allegedly controlled by hackers aligned with the Chinese government.

That example gives a whole new meaning to the term “supply chain,” doesn’t it? If Bloomberg’s reporting is accurate, that’s more or less what we’re dealing with here in Supermicro as well.

But here’s the thing: Even if you identify which technology vendors are guilty of supply-chain hacks, it can be difficult to enforce their banishment from the procurement chain. One reason is that it is often tough to tell from the brand name of a given gizmo who actually makes all the multifarious components that go into any one electronic device sold today.</p>
Krebs  supermicro 
10 days ago by charlesarthur
Twitter
RT : in loving memory of my baby Lan SiZhui (A-Yuan). He's not dead i just love remembering him.
#魔道祖师
from twitter
10 days ago by kiyala
Twitter
RT : the shit landlords do: post a fake notice pretending to be the tenants union currently organizing the building with…
from twitter
10 days ago by jasonpjason
Twitter
RT : ember-cli 3.5.0-beta.2 is out! Migrates to Broccoli 2.0.0 and leverages your systems default temp folders. Finally…
from twitter
10 days ago by trek
(429) https://twitter.com/ericlaw/status/1048931008295395333/photo/1
For extra excitement and uncertainty, the Rust installer isn't digitally-signed.
from twitter_favs
10 days ago by hyperfekt
Twitter
Thread: Why we shouldn't allow corporations to create the offense of "Felony Contempt of Business Model"
from twitter_favs
10 days ago by douglevin
Twitter
Spolu se Starosty pro Liberecký kraj jsme získali přes 4️⃣️0️⃣️0️⃣️0️⃣️ mandátů❗To je o 36 % více než před 4 lety 📈…
from twitter_favs
10 days ago by mblk
Twitter
1) Homeopathy is really good science

2) Piers Morgan is not a pointless twat

3) People irritating the bejeesus ou…
from twitter_favs
10 days ago by toph
« earlier      later »

Copy this bookmark:



description:


tags:



Copy this bookmark:



description:


tags: