Issue 598

Friday, 16th March 2018

In This Issue


CTS-Labs unloaded heaps of AMD CPU vulnerabilities

CTS-Labs have revealed a bunch of issues with the "secure processor" part of AMD's range of Ryzen & EPYC CPUs and chipsets. It's pretty damn complicated, but it's different to the Spectre and Meltdown stuff Intel's CPUs have. From what I can gather, there's a few ways for an attacker to compromise bootloaders and firmware to disable certain security features in the CPU that then lead to other attacks. Some people aren't sure if this is legit as they've never heard of CTS-Labs and they didn't follow the usual process for disclosing this sort of thing like getting a CVE number and only giving AMD 24 hours to respond before disclosing the vuln.

Foxtel to move all its cable subscribers to satellite because HFC sucks

Foxtel has decided that HFC is so ratshit that it's better off moving everyone on HFC to satellite instead. Foxtel reckons "satellite is less prone to outages than the HFC cable", which I guess makes sense. The satellite is pretty reliable, up there in the sky, beaming down a signal anyone in AU can receive, compared to rat infested water logged pits and rotting overhead wires. This just shows how much of a joke it is that NBN is bothering to rehabilitate the HFC network instead of rolling out FTTP or FTTC.

Google renames Android Wear smartwatch OS to Google Wear

Smart watches using Android Wear seem to have fallen out of favour with OEMs, with no new devices coming out for years now. In an attempt to resuscitate the market, Google has re-branded Android Wear to Wear OS by Google. Everyone thought Google stopped caring about smartwatches as there's been no new software updates in 13 months and Qualcomm hasn't developed a smartwatch SoC in over 2 years. If they've gone to the effort to re-brand Android Wear, maybe they do still care and there'll be some surprises at Google I/O in a few weeks?

USA accuses Russia of cyber attacking its power plants again

The USA has accused Russia of another cyber-attack that started in 2016, saying "malware had been found in the operating systems of several organisations and companies in the US energy, nuclear, water and critical manufacturing sector, and the malware as well as other form of cyber-attacks had been traced back to Moscow". The FBI and Homeland Security claims the hacking was designed to gain info on the US energy industry and "collected information pertaining to industrial control systems". I'm guessing Russia does this for the same reason China does - to build its own equipment and develop its own industry to sell to other countries.

Dump of interesting news that doesn't need much explaining

Not News, But Still Cool

A look into how law enforcement iPhone unlocking devices work

Have you ever wondered what one of those smartphone hacking devices the cops have looks like? Malwarebytes managed to get their hands on one called GrayKey. It's just a little box about the size of an Apple TV with two Lightning cables sticking out of it, so it can hack two phones at once. Plug it in, wait a few hours (sometimes days) and the iPhone will be unlocked, then the contents of the filesystem dumped to the GrayKey device for further analysis. I wonder if I could buy this, set up a kiosk at a shopping centre and offer to unlock people's phones for $100? Is that even legal?

Theranos excelled in bullshit, not medicine

Yesterday's news about the Theranos crooks was great, but if you didn't really know much about Theranos and what they did so wrong, BuzzFeed has a run down of all the crap they tried to pull. Theranos lied about it being able to do proper blood tests from a single drop, heavily exaggerated the extent that companies were using Theranos products (most were trials that went nowhere, not paying customers), faked demonstrations and kept telling people they don't need FDA approval (but they did). Theranos were bullshit artists to the max.

Bali plans to shut down the internet for 24 hours to keep demons away

Bali is gonna shut down mobile internet services on the island for 24 hours this weekend as part of Nyepi, the Balinese new year. Nyepi is supposed to be a time for people in Bali to "quietly reflect, and avoid work and travel" and according to their beliefs, "spirits roam the island and people must stay quiet and avoid lighting fires, or even turning on the lights, so as not to attract the attention of the demons". Turning off the internet is seen as an extension of that and a mark of respect. Can't let the demons see the internet, they'll hate that.

That's it, see ya Monday!

Grinspoon - More Than You Are