Home Tags Flavors

Tag: Flavors

DSC Sport’s clever algorithms transform the Porsche Cayman GT4

DSC Sport’s controller is like a PhD for a car’s suspension.

BMW’s all-new 2017 5 series stirs up a technology tsunami

In four flavors at first, with 248hp all the way to 456hp and a plug-in hybrid model.

Azure Security Center Now Guards Windows Server 2016 VMs

Microsoft has added Windows Server 2016, its latest server operating system, to the roster of virtual machines supported by its Azure Monitoring Agent cloud-based threat protection offering. With the holidays out of the way, Microsoft has returned to r...

Los Angeles: Warm weather, movie stars — and 100 million monthly...

Los Angeles is famous for its warm weather and movie stars.

But what may not be as well known is that it’s also one of the largest targets for cyber attacks in the world. The city’s infrastructure in highways, water and power — and all the data behind it — supports 4 million residents in the nation’s second largest city.

The city also collects data about Los Angeles International Airport as well as about the largest shipping port in the western hemisphere, where 43 percent of imported goods enter the U.S.

The city government is even responsible for data related to elections, including yesterday’s national election. It’s not difficult to see the enormity of the city’s security challenge, which includes protecting the personal data of city workers and residents. City of Los Angeles Ted Ross, CIO for the city of Los Angeles, heads the city’s Information Technology Agency, managing its $90 million annual budget and 450 IT workers. “We receive a massive amount of automated cyber attacks every month, about 100 million,” said L.A.

CIO Ted Ross in an interview.

Even so, “we’ve made tremendous improvements in cyber security in the last two years under Mayor Eric Garcetti’s directive.” Ross heads up the Information Technology Agency, one of 38 city departments.

The agency has a $90 million annual budget and employs 450 IT workers. The most obvious security-related improvement was construction of a $1.8 million Integrated Security Operations Center, which opened in late 2015 in a location Ross wouldn’t disclose.

The ISOC consolidates threat intelligence from what previously was carried out in four different locations. From that single ISOC location, working around-the-clock, eight cyber threat analysts on each shift monitor 240 million security-related daily logs from sensors and other endpoints located inside critical infrastructure.

The ISOC consolidation has helped speed up threat response and coordination, according to IT executives. “We get situational awareness from one single pane of glass,” said Timothy Lee, chief information security officer for L.A.

The system uses artificial intelligence to recognize attacks and which critical system is under attack. “We identify the source, how critical it is and how to restore the system.” City of Los Angeles Timothy Lee is chief information security officer for the city of Los Angeles. Lee and Ross didn’t want to divulge all the cyber security tools the city uses, but Lee said L.A. does rely on Amazon Web Services’ GovCloud to share approaches with other governments and does business with FireEye, a company offering a wide array of cyber security products and services. Last February, analysts at ISOC were able to identify 16 ransomware attacks in five city departments. “We identified the attacks across the departments, segmented them off, didn’t lose any data and didn’t pay any ransom,” Lee said.

The city determined the ransomware attacks were zero-day events, Lee explained. “There is constant coordination and information sharing performed by ISOC across the city departments and with the broader network of federal and other local governments,” Ross added. “This is only possible with ISOC and didn’t exist before.
ISOC was directly involved in identifying the ransomware in February.” L.A. shares its findings about attacks with the FBI, Homeland Security and the Secret Service.
In all, that sharing reaches up to 2 million cyber professionals, Lee said. “We’re not only trying to up our game around cyber defenses,” Ross said. “We’re in a position now where we’re truly unified with other governments in a cyber watch and cyber defense effort.” Even though there are new flavors of cyber attacks every week, Ross said his biggest worry these days is still ransomware. “Ransomware is just so ubiquitous and the delivery system is so innocuous.
Someone can attack a personal machine or shared drive. With 48,000 city employees we have a lot of ports, so we need to be that much better than the attackers.” To combat ransomware, the agency bangs out the common drumbeat: “If you don’t know where you got a link or an email or a download, don’t click on it,” Ross said. “The average person doesn’t realize they could launch something very powerful by opening that email. Human beings are often the weakest link in the chain.” Ross and Lee said they feel confident about the security behind their internet of things infrastructure, which is protected by frequent password updates and patches on endpoints.
In a recent Distributed Denial of Service attack on DNS provider Dyn that made major websites inaccessible, the Mirai botnet was deployed, perhaps by amateurs, to insecure IoT devices, including consumer devices like internet cameras. “DDoS attacks are certainly a big concern,” Ross said. However, Lee said Los Angeles does deploy vulnerability management software and endpoint protection, including antivirus software — using both behavior-based and signature-based techniques. “At least with a DDoS attack, it takes a [relatively] long time to develop and gives us some time to react,” Lee said.

The city also relies on frequent penetration testing to check for vulnerabilities. “Even though government gets a rap for being old fashioned and paper-driven, certainly large cities like L.A. have been very progressive,” Ross said. “We see how dramatically fast the cyber landscape is changing. We see how cities are stewards of assets that nobody else has. “Government may have been able to get away with slow processes in the past, but the stakes are very high in these areas and, generally speaking, government has come around to taking things seriously,” Ross added.” The cyber security problem is an immense one, but security is like insurance.
If an attack happens, you are a genius for preparing, but if you did nothing, you’d be responsible. We do not have a false sense of security.” This story, "Los Angeles: Warm weather, movie stars -- and 100 million monthly cyber attacks" was originally published by Computerworld.

Physical RAM attack can root Android and possibly other devices

Researchers have devised a new way to compromise Android devices without exploiting any software vulnerabilities and instead taking advantage of a physical design weakness in RAM chips.

The attack technique could also affect other ARM and x86-based devices and computers. The attack stems from the push over the past decade to pack more DRAM (dynamic random-access memory) capacity onto increasingly smaller chips, which can lead to memory cells on adjacent rows leaking electric charges to one another under certain conditions. For example, repeated and rapid accessing of physical memory locations -- an action now dubbed "hammering" -- can cause the bit values from adjacent locations to flip from 0 to 1 or the other way around. While such electrical interference has been known for a while and has been studied by vendors from a reliability standpoint -- because memory corruption can lead to system crashes -- researchers have shown that it can also have serious security implications when triggered in a controlled manner. In March 2015, researchers from Google's Project Zero presented two privilege escalation exploits based on this memory "row hammer" effect on the x86-64 CPU architecture. One of the exploits allowed code to escape the Google Chrome sandbox and be executed directly on the OS and the other gained kernel-level privileges on a Linux machine. Since then, other researchers have further investigated the problem and have shown that it could be exploited from websites through JavaScript or could affect virtualized servers running in cloud environments. However, there have been doubts about whether the technique would also work on the significantly different ARM architecture used in smartphones and other mobile devices. But now, a team of researchers from the VUSec Group at Vrije Universiteit Amsterdam in the Netherlands, the Graz University of Technology in Austria, and the University of California in Santa Barbara has demonstrated not only are Rowhammer attacks possible on ARM, but they're even easier to pull off than on x86. The researchers dubbed their new attack Drammer, which stands for deterministic Rowhammer, and plan to present it Wednesday at the 23rd ACM Conference on Computer and Communications Security in Vienna.

The attack builds upon previous Rowhammer techniques devised and demonstrated in the past. The VUSec researchers have created a malicious Android application that doesn't require any permissions and gains root privileges when it is executed by using undetectable memory bit flipping. The researchers tested 27 Android devices from different manufacturers, 21 using ARMv7 (32-bit) and six using ARMv8 (64-bit) architectures.

They managed to flip bits on 17 of the ARMv7 devices and one of the ARMv8 devices, indicating they are vulnerable to the attack. Furthermore, Drammer can be combined with other Android vulnerabilities such as Stagefright or BAndroid to build remote attacks that don't require users to manually download the malicious app. Google is aware of this type of attack. "After researchers reported this issue to our Vulnerability Rewards Program, we worked closely with them to deeply understand it in order to better secure our users," a Google representative said in an emailed statement. "We’ve developed a mitigation which we will include in our upcoming November security bulletin.” Google's mitigation complicates the attack, but it doesn't fix the underlying problem, according to the VUSec researchers. In fact, fixing what is essentially a hardware issue in software is impossible. Hardware vendors are investigating the problem and may be able to fix it in future memory chips, but chips present in existing devices will likely remain vulnerable. Even worse, it's hard to say which devices are affected because there are many factors that come into play and haven't yet been fully investigated, the researchers said. For example, a memory controller might behave differently when the device battery level is under a certain threshold, so a device that doesn't appear to be vulnerable under a full charge might be vulnerable when its battery is low, the researchers explained. Also, there's an adage in cybersecurity: Attacks always get better, they never get worse. Rowhammer attacks have grown from theoretical to practical but probabilistic and now to practical and deterministic.

This means that a device that does not appear to be affected today could be proven vulnerable to an improved Rowhammer technique tomorrow. Drammer was demonstrated on Android because the researchers wanted to investigate the impact on ARM-based devices, but the underlying technique likely applies to all architectures and operating systems.

The new attack is also a vast improvement over past techniques that required either luck or special features that are present only on certain platforms and easily disabled. Drammer relies on DMA (direct memory access) buffers used by many hardware subsystems, including graphics, network, and sound. While Drammer is implemented using Android's ION memory allocator, APIs and methods to allocate DMA buffers are present in all operating systems, and this warning is one of the paper's major contributions. "For the very first time, we show that we can do targeted, fully reliable and deterministic Rowhammer without any special feature," said Cristiano Giuffrida, one of the VUSec researchers. "The memory massaging part is not even Android specific.
It will work on any Linux platform -- and we suspect also on other operating systems -- because it exploits the inherent properties of the memory management inside the OS kernel." "I expect that we're going to see many other flavors of this attack on different platforms," added Herbert Bos, a professor at Vrije Universiteit Amsterdam and leader of the VUSec Systems Security research group. Along with their paper, the researchers have released an Android app that can test if an Android device is vulnerable to Rowhammer -- at least to the currently known techniques.

The app is not yet available on Google Play but can be downloaded from the VUSec Drammer website to be installed manually.

An open-source Rowhammer simulator that can help other researchers investigate this issue further is also available.

Dirty COW explained: Get a moooo-ve on and patch Linux root...

Widespread flaw can be easily exploited to hijack PCs, servers, gizmos, phones Code dive Patch your Linux-powered systems, phones and gadgets as soon as possible, if you can, to kill off a kernel-level flaw affecting nearly every distro of the open-source operating system. Dubbed Dirty COW, the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device. The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory. The changes are then committed to storage, allowing a non-privileged user to alter root-owned files and setuid executables – and at this point, it's game over. While the flaw is not by itself a gravely serious or uncommon condition – Microsoft fixes priv-esc bugs in Windows practically every month – this vulnerability could prove particularly troublesome: it has been present in the Linux kernel since version 2.6.22 in 2007, and it is very easy to reliably exploit. We're told it is also present in Android, which is powered by the Linux kernel. Crucially, exploit code to gain administrative control of devices is being used in the wild against internet-facing systems. And a version is now available to infosec professionals. A non-complete proof-of-concept version can be found here that tampers with a file that only root should be able to edit. Earlier this week, Linux kernel boss Linus Torvalds admitted he had tried to fix the issue, unsuccessfully, 11 years ago, and then left it alone because at the time it was hard to trigger. Since then, the bug has become far more exploitable due to changes in the kernel's design. According to a website dedicated to Dirty COW, a patch for the Linux kernel has been developed, and major vendors including Red Hat, Debian and Ubuntu have already released fixes for their respective Linux flavors. Running the usual software update mechanisms, such as Debian's apt-get, will fetch and install the patches. Don't forget to reboot after to pick up the new kernel. If you use a distro that does not make /proc/self/mem writable, such as Red Hat Enterprise Linux 5 and 6, then the exploit code fails. Unfortunately, builds of the vulnerable kernel at the heart of countless millions of routers, Internet-of-Things gadgets and other embedded devices remain vulnerable – and many will be difficult to patch. Most people won't even know they've got a security risk sitting next to them at home. "Even though the actual code fix may appear trivial, the Linux team is the expert in fixing it properly, so the fixed version or newer should be used," the site says, meaning you should only apply the patch yourself if you know what you're doing – otherwise, leave it to the experts. "If this is not possible, software developers can recompile Linux with the fix applied." The vulnerability, designated CVE-2016-5195, was discovered by security researcher Phil Oester. At least one exploit targeting the flaw has been found in the wild. Dirty COW's disclosure continues the tradition of branding high-profile security flaws, something that was not lost on the group. "It would have been fantastic to eschew this ridiculousness, because we all make fun of branded vulnerabilities too, but this was not the right time to make that stand," they muse. "So we created a website, an online shop, a Twitter account, and used a logo that a professional designer created." How did it all go wrong? Copy-on-write is used to streamline the memory management in an operating system. Among other things, it allows running programs to share common data in memory until one of them wants to privately alter that data. At that point the kernel copies the data to another page in memory so just that one process can affect it – hence the name, copy-on-write (CoW). The exploit works by racing Linux's CoW mechanism. First, you have to open a root-owned executable as read-only and mmap() it to memory as a private mapping. The executable is now mapped into your process space. The executable has to be readable by the process's user to do this. Meanwhile, you repeatedly call madvise() on that mapping with MADV_DONTNEED set, which tells the kernel you don't actually intend to use the memory. Then in another thread within the same process, you open /proc/self/mem with read-write access. This is a special file that allows a process to access its own virtual memory as if it was a file. Using normal seek and write operations, you then repeatedly overwrite part of your own memory that's mapped to the root-owned executable. The overwrite shouldn't affect the executable on disk. So now, your process has the read-only binary mapped in as a private read-only object, one thread is spamming madvise() on that read-only object, and another thread is writing to that read-only object. Writing to that memory object should trigger a CoW: the touched page of the executable will be altered only in the process's memory – not the actual underlying root-owned file that's mapped in. However, due to the aforementioned bug, the kernel performs the CoW operation but then allows the process to write to the read-only mapped executable anyway. These changes are committed to disk by the kernel, which is bad news. This happens because, due to a race with madvise(), the kernel does not fully break the executable from the process's private memory. The process writes to the read-only object, triggers a page access fault, and the fault is handled by allocating a new page containing a copy of the underlying file and privately mapping it into the process. So far, so good. However, madvise() tells the kernel to discard the pages holding the mapped area. Calling this while writing to /proc/self/mem will eventually lead to an inconsistent state where the pages holding the mapped executable are removed and a write is attempted to the memory area. A write that should go to the private pages will instead alter the mapped object. These changes are committed by the kernel to storage. This can be exploited to alter a root-only setuid binary so that it, for example, spawns a root-owned shell. It is possible to combine this exploit with ptrace to make it more reliable, although it is not essential. The fix – which changes just two lines and introduces a single-line inlined function – sets a flag that signals a CoW operation has occurred, preventing the underlying page holding the executable from being unlocked and written to. ® Additional reporting by Chris Williams.