Day: June 28, 2019

Be On Twitter Without Being On Twitter

June 28, 2019 by 1 Comment

Social media can connect us to a vibrant worldwide community, but it is also a huge time sink as it preys on both our need for attention and our insatiable curiosity. Kept on a leash by those constant notification sounds, we can easily look up from our phones to find half a day has gone and we’re behind with our work. [Laura Lytle] has a plan to tackle this problem, her OutBox project involves a single button press machine that posts a picture to Twitter of whatever is put in it. It’s not just another gateway to social media addiction though, she tells us it follows Design For Disuse principles in which it must be powered up and adjusted for each picture, and that it provides no feedback to satisfy the social media craving.

Under the hood of the laser-cut housing reminiscent of an older hobby 3D printer is a Raspberry Pi 3 Model A+ and a webcam, with a ring of LEDs for illumination. On top is the only interface, a small “arm” button to set things up and a big red arcade button to do the business. The software is in Python, and provides glue between resizing the photo, uploading it to a cloud service, and triggering ITTT to do the Tweeting. You can see the whole thing in the video below, and the result is a rather eye-catching device.

Of course, there are other ways to keep yourself off social media.

Continue reading “Be On Twitter Without Being On Twitter”

This Week In Security: Invalid Curve Attacks, OpenSSH Shielded, And More Details On Coinbase

June 28, 2019 by 19 Comments

AMD Epyc processors support Secure Encrypted Virtualization (SEV), a technique that prevents even a hypervisor reading memory belonging to a virtual machine. To pull this off, the encryption and decryption is handled on the fly by the Platform Security Processor (PSP), which is an ARM core that handles processor start-up and many security features of modern AMD processors. The vulnerability announced this week is related to the encryption scheme used. The full vulnerability is math heavy, and really grokking it requires a deeper understanding of elliptical curve cryptography (ECC) than your humble author currently possesses.

During the process of starting a virtual machine, the VM process goes through a key-sharing process with the PSP, using an ECC Diffie-Hellman key exchange. Rather than raising prime numbers to prime exponents, an ECC-DH process bounces around inside an elliptical curve in order to find a shared secret. One of the harder problems to solve when designing an ECC based cryptographic system, is the design of the curve itself. One solution to this problem is to use a published curve that is known to be good. AMD has taken this route in their SEV feature.

The attack is to prime the key exchange with invalid data, and observing the shared key that is generated. A suitably simple initial value will leak information about the PSP’s secret key, allowing an attacker to eventually deduce that key and decrypt the protected memory. If you’d like to bone up on invalid curve attacks, here’s the seminal paper. (PDF)

OpenSSH Shielding

[Damien Miller] of OpenSSH was apparently tired of seeing that project tied to vulnerabilities like Rambleed and Rowhammer, so added a technique he’s calling key-shielding. OpenSSH now encrypts private keys in memory using a 16 kB pre-key. While an attacker with full knowledge of the process’s memory wouldn’t be deterred, the error rate of Rambleed and similar attacks is high enough that the 16 kB of randomness is likely to thwart the attempt to recover the secret key.

Firefox and Coinbase

We mentioned Firefox vulnerabilities and updates last week, and as anticipated, more information is available. [Philip Martin] from Coinbase shared more information on Twitter. Coinbase employees, as well as other cryptocurrency companies, were targeted with fishing emails. These lured employees to a malicious page that attempted to exploit a pair of Firefox vulnerabilities. Coinbase has a security system in place that was able to prevent the exploit, and their security team was able to reverse engineer the attack.

The first vulnerability has been dissected in some detail by a Google security researcher. It’s a weakness in Firefox’s Javascript engine related to type handling. An object is created with one data type, and when that data is changed to another type, not all the data handlers are appropriately updated. Under the hood, a value is assumed to be a pointer, but is actually a double-length value, controlled by the attacker.

The second vulnerability is in the functions used to prompt for user interaction. Specifically the call to “Prompt:Open” isn’t properly validated, and can result in the un-sandboxed Firefox process loading an arbitrary web location. I suspect the sandbox escape is used to run the initial exploit a second time, but this time it’s running outside the sandbox.

Odds and Ends

[Tom] wrote a great intro into how to Impersonate The President With Consumer-Grade SDR, go check it out!

Another city, more ransomware. Riviera Beach, Florida was hit with a ransomware attack, and paid $600,000 in an attempt to get their data back. For a city of 35,000 inhabitants, that’s $17.14 in ransom per man, woman, and child. According to the linked article, though, the city was insured.

Power To The Pi 4: Some Chargers May Not Make The Grade

June 28, 2019 by 66 Comments

The Raspberry Pi 4 has been in the hands of consumers for a few days now, and while everyone seems happy with their new boards there are some reports of certain USB-C power supplies not powering them. It has been speculated that the cause may lie in the use of pulldown resistors on the configuration channel (CC) lines behind the USB-C socket on the Pi, with speculation that one may be used while two should be required. Supplies named include some Apple MacBook chargers, and there is a suggestion is that the Pi may not be the only device these chargers fail to perform for.

Is this something you should be worried about? Almost certainly not. The Pi folks have tested their product with a wide variety of chargers but it is inevitable that they would be unable to catch every possible one. If your charger is affected, try another one.

What it does illustrate is the difficulties faced by anybody in bringing a new electronic product to market, no matter how large or small they are as an organisation. It’s near-impossible to test for every possible use case, indeed it’s something that has happened to previous Pi models. You may remember that the Raspberry Pi 2 could be reset by a camera flash or if you have a very long memory, that the earliest boards had an unseemly fight between two 1.8 V lines that led to a hot USB chip, and neither of those minor quirks dented their board’s ability to get the job done.

Mistakes happen. Making the change to USB-C from the relative simplicity of micro-USB is a big step for all concerned, and it would be a surprise were it to pass entirely without incident. We’re sure that in time there will be a revised Pi 4, and we’d be interested to note what they do in this corner of it.

Yo Dawg, I Heard You Like FPGAs

June 28, 2019 by 12 Comments

When the only tool you have is a hammer, all problems look like nails. And if your goal is to emulate the behavior of an FPGA but your only tools are FPGAs, then your nail-and-hammer issue starts getting a little bit interesting. That’s at least what a group of students at Cornell recently found when learning about the Xilinx FPGA used by a researcher in the 1990s by programming its functionality into another FPGA.

Using outdated hardware to recreate a technical paper from decades ago might be possible, but an easier solution was simply to emulate the Xilinx in a more modern FPGA, the Cyclone V FPGA from Terasic. This allows much easier manipulation of I/O as well as reducing the hassle required to reprogram the device. Once all of that was set up, it was much simpler to perform the desired task originally set up in that 90s paper: using evolutionary algorithms to discriminate between different inputs.

While we will leave the investigation into the algorithms and the I/O used in this project as an academic exercise for the reader, this does serve as a good reminder that we don’t always have to have the exact hardware on hand to get the job done. Old computers can be duplicated on less expensive, more modern equipment, and of course video games from days of yore are a snap to play on other hardware now too.

Thanks to [Bruce Land] for the tip!