14.1 C
Thursday, November 23, 2017
Home Tags Gigabyte

Tag: gigabyte

The tiny Gigabyte GeForce GTX 1080 Mini ITX 8G measures just 169mm in length.
For less high-stakes uses, Send offers reasonable security and privacy assurances.
Windows zero-days, SWIFT bank hacks, slick exploit loader among the contents.
The good news is throttled speeds aren't horrible at 1.5Mbps.
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms,versions vF6 and vF2 respectively,fails to properly set the BIOSWE,BLE,SMM_BWP,and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write arbitrary code to the platform firmware,potentially allowing for persistent firmware level rootkits or the creation of a permanent denial of service condition in the platform.
Enlarge / AT&T Sponsored Data charges companies for the right to offer Internet content without counting against mobile data caps.AT&T reader comments 36 Share this story With just over a week left as chairman of the Federal Communications Commission, Tom Wheeler today accused AT&T and Verizon Wireless of violating net neutrality rules with paid data cap exemptions.

But with the FCC about to switch to Republican control after next week's inauguration of President-elect Donald Trump, AT&T and Verizon can likely keep doing what they're doing without any chance of punishment. Wheeler described his views in a letter to US senators who had expressed concern about the data cap exemptions, or "zero-rating." FCC Wireless Telecommunications Bureau staff today also issued a report concluding that AT&T and Verizon zero-rating programs are unfair to competitors.

Both Wheeler's letter and the staff report can be read in full here. The main issue is that AT&T and Verizon allow their own video services (DirecTV and Go90, respectively) to stream on their mobile networks without counting against customers' data caps, while charging other video providers for the same data cap exemptions. The FCC also examined T-Mobile USA's zero-rating program but found that it poses no competitive harms because T-Mobile offers data cap exemptions to third parties free of charge.

T-Mobile also "provides little streaming video programming of its own," giving it less incentive to disadvantage video companies that need to use the T-Mobile network, the FCC said. Wheeler, who also faulted AT&T for not providing full responses to staff questions, wrote: While observing that AT&T provided incomplete responses to staff inquires, the report states that the limited information available supports a conclusion that AT&T offers Sponsored Data to third-party content providers at terms and conditions that are effectively less favorable than those it offers to its affiliate, DirecTV. Unlike T-Mobile, which charges all edge providers the same zero rate for participating in Binge On, AT&T imposes hefty per-gigabyte charges on third parties for use of Sponsored Data.

All indications are that AT&T's charges far exceed the costs AT&T incurs in providing the sponsored data service.

Thus, it would appear that AT&T's practices inflict significant unreasonable disadvantages on edge providers and unreasonably interfere with their ability to compete against AT&T's affiliate, DirecTV. The structure of Verizon's FreeBee Data 360 program raises similar concerns. We are aware of no safeguards that would prevent Verizon from offering substantially more costly or restrictive terms to enable unaffiliated edge providers to offer services comparable to Verizon's affiliated content on a zero-rated basis. But the FCC isn't ready to take any enforcement action against either carrier.

That process would be lengthy.
In a separate case, the FCC proposed a $100 million fine against AT&T in June 2015 for allegedly misleading customers about throttling of unlimited data plans, but it still hasn't collected any money.

AT&T challenged the decision, and the case was never resolved.

As we previously reported, AT&T and the FCC could have agreed to a settlement, or the FCC could have issued a final ruling requiring AT&T to pay a fine (which AT&T would have challenged in court), but neither happened. The FCC passed its net neutrality rules in February 2015, but it did not include a strict ban on zero-rating.
Instead, the FCC decided to evaluate zero-rating on a case-by-case basis to determine whether specific implementations harm consumers or competitors. Ultimately, the FCC's evaluation of AT&T and Verizon took too long. Republican Commissioners Ajit Pai and Michael O'Rielly will become the commission majority after Wheeler leaves the FCC on January 20. Pai and O'Rielly have criticized the investigation of AT&T and Verizon and say they intend to overturn the net neutrality rules. Pai said today that the FCC staff report "does not reflect the views of the majority of commissioners," and that it "will not have any impact on the commission’s policymaking or enforcement activities following next week’s inauguration." Wheeler's letter to senators acknowledged that paid data cap exemptions will likely proliferate. "Given the powerful economic incentives of network operators to employ these practices to advantage themselves and their affiliates in various edge service markets, staff is concerned that—absent effective oversight—these practices will become more widespread in the future," Wheeler wrote. Even so, Wheeler defended his case-by-case approach to zero-rating. While some programs "might restrict consumer choice, distort competition, and hamper innovation," others "might benefit consumers and competition," he wrote. Wheeler's letter came in response to a November letter written by Senators Edward Markey (D-Mass.), Ron Wyden (D-Ore.), Al Franken (D-Minn.), Bernie Sanders (I-Vt.), Elizabeth Warren (D-Mass.), Tammy Baldwin (D-Wisc.), and Richard Blumenthal (D-Conn.). When contacted by Ars, Verizon today said, “The [FCC] staff’s positions are duly noted. We don’t agree with their view on free data and we don’t think our customers do either. Hopefully the next FCC will take into account the views of our customers who greatly benefit from watching professional football, soccer, basketball and other great content on Go90 free of data charges.” AT&T issued a statement, saying, “It remains unclear why the Wireless Bureau continues to question the value of giving consumers the ability to watch video without incurring any data charges.

This practice, which has been embraced by AT&T and other broadband providers, has enabled millions of consumers to enjoy the latest popular content and services—for free. We hope the government continues to support a competitive marketplace that lowers costs and increases choice for consumers.”
Enlargereader comments 6 Share this story Recently a cache of 2,337 e-mails from the office of a high-ranking advisor to Russian president Vladimir Putin was dumped on the Internet after purportedly being obtained by a Ukrainian hacking group calling itself CyberHunta. The cache shows that the Putin government communicated with separatist forces in Eastern Ukraine, receiving lists of casualties and expense reports while even apparently approving government members of the self-proclaimed Donetsk People's Republic. And if one particular document is to be believed, the Putin government was formulating plans to destabilize the Ukrainian government as early as next month in order to force an end to the standoff over the region, known as Donbass. Based on reporting by the Associated Press's Howard Amos and analysis by the Atlantic Council's Digital Forensic Research Lab, at least some of the e-mails—dumped in a 1-gigabyte Outlook .PST mailbox file—are genuine. Amos showed e-mails in the cache to a Russian journalist, Svetlana Babaeva, who identified e-mails she had sent to Surkov's office. E-mail addresses and phone numbers in some of the e-mails were also confirmed. And among the documents in the trove of e-mails is a scan of Surkov's passport (above), as well as those of his wife and children. A Kremlin spokesperson denied the legitimacy of the e-mails, saying that Surkov did not have an e-mail address. However, the account appears to have been used by Surkov's assistants, and the dump contains e-mails with reports from Surkov's assistants. The breach, if ultimately proven genuine, would appear to be the first major publicized hack of a Russian political figure. And in that instance, perhaps this could be a response to the hacking of US political figures attributed to Russia. The e-mails appear to show that Vladislav Surkov, a former deputy prime minister and currently a personal advisor to Putin, directly worked to undermine the political stability of Ukraine. Surkov, generally credited as the architect of Russia's current political system and known by some as the "Grey Cardinal" of the Kremlin, is known to be in charge of managing relations with the Donetsk separatists. He also supervises things with South Ossetia and Abkhazia—two breakaway regions of Georgia recognized and aided by Russia. Most of the e-mails are routine. However, they include a report that outlines a plan for undermining the stability of the Ukrainian government entitled "The plan of priority measures to destabilize the socio-political situation in Ukraine: In view of the critical situation on the settlement of the issue in the Donbass region in Ukraine…it is necessary to create favorable conditions for controllable political forces to enter the new parliament… As a result of fundamental changes in the Ukrainian political situation, it is possible to achieve the return of the Donbass to Ukraine on Russian terms…The achievement of set goals provides as soon as possible provides measures for the political destabilization of Ukraine. The consequence [would be] early parliamentary and presidential elections. The most favorable period for…the set of measures is in November 2016  to March of 2017. The opening paragraphs of the report. The e-mails contain other evidence of collaboration with separatists, such as drafts of documents later published by the Donetsk separatists. Those drafts include an open letter allegedly written by a Donetsk resident begging for Ukraine to end attacks. There is also a PDF of a document listing proposed ministers for the Donetsk People's Republic government with some written markup and expenses for operating the Donetsk press center. The timing of the release of the documents may suggest that the "Ukrainian hacker group" may in fact have acted with the aid or at the direction of the CIA. That could be part of the "secret" cyber-response reportedly being developed in response to purported Russian hacking of the Democratic National Committee, the e-mails of the Clinton presidential campaign chair John Podesta, of state election officials' systems, and of other political organizations. The hack may also be part of an influence campaign in support of the Ukrainian government, though it's unlikely Ukraine's own intelligence organization was involved. Ukrainian National Security Service officials said on Wednesday that they believed the e-mails were real, but the organization also said it was possible that the files may have been tampered with. Regardless of their provenance, the documents would be a natural fit for Wikileaks since this raw dump of e-mails with attachments looks similar to the Podesta e-mails. Wikileaks previously published e-mails from Syrian political figures—a collection of over two million e-mails dated from 2006 to 2012. However, the Daily Dot's Dell Cameron and Patrick Howell O'Neill reported that those e-mails (obtained originally by Syrian anti-government "hactivists") were published minus a set of e-mails detailing the movement of billions of dollars from Syria's central bank to a Russian bank. Wikileaks denied suppressing the documents. Ars attempted to reach Wikileaks for comment on the Surkov e-mails, but we received no response at the time of this article.
Harold Martin, now in custody, is a risk to himself and others if freed from custody, a US prosecutor warns in a detailed filing in the case. When law enforcement officials stumbled upon a cache of firearms while executing a search warrant on the premises of Harold Martin, the National Security Agency (NSA) contractor recently arrested for stealing classified information, his very distraught wife asked for the weapons to be removed from her home. She was afraid that he would use them to kill himself if he "thought it was all over," US Attorney Rod Rosenstein said in a pretrial motion that paints a troubling if somewhat incomplete picture of the man behind what could arguably be the biggest-ever case of insider theft. Rosenstein's motion, filed in the US District Court for the District of Maryland this week, urges the court not to release Martin from pretrial custody. It uses his wife's concerns of self-inflicted harm and a litany of other reasons as a basis for the request. The 12-page legal brief alleges that in the 20 years between 1996 and 2016 that Martin worked with government, he stole a staggering 50 terabytes of data in digital form and an additional six banker's boxes full of printed documents. It is unclear why Martin’s alleged theft of classified as well as unclassified data over such an extended period of time was never spotted. The apparent fact that he was able to continue illegally accessing data even after Snowden's data theft prompted a government-wide security overhaul, also is sure to raise new alarms about the effectiveness of that overhaul. A lot of the data he allegedly stole was marked Secret or Top Secret and at least some of it is what the government considers as information of national defense and national security import. For instance, one of the classified documents allegedly in Martin's possession was marked "Top Secret/Sensitive Compartmented Information" ("TS/SCI") and pertained to specific operational plans against a known US enemy, Rosenstein said. Martin's cache of stolen data is also believed to have included information on top-secret hacking tools developed by US intelligence agencies, the New York Times reported this week, citing unnamed sources. The staggering volume of data that was allegedly found in Martin's possession would appear to make his theft even bigger than Edward Snowden's heist. "The Defendant was in possession of an astonishing quantity of marked classified documents which he was not entitled to possess," Rosestein noted in somewhat of an understatement. "Many of the marked documents were lying openly in his home office or stored in the backseat and trunk of his vehicle." Martin regularly carried highly sensitive data in his vehicle and routinely parked it in his driveway because he didn’t have an enclosed garage, the filing revealed. Even the 50,000 gigabytes of digital information that he is believed to have stolen could be a conservative estimate, Rosenstein’s legal brief said, noting that each gigabyte offers enough space for storing 10,000 pages of text and images. The legal document shows that Martin's alleged illegal behavior began in 1996 when he abused his access to classified information while serving in the US Naval Reserves. Between then and his arrest on August 27, Martin worked at several government agencies including the National Security Agency, as an employee for seven different private contractors. With his security clearance, Martin worked on highly classified and specialized projects and signed numerous non-disclosure agreements acknowledging the sensitive nature of his work and his commitment not to abuse his access to sensitive data. "The Defendant's decades of criminal behavior were in flagrant violation of his many promises and oaths, as well as the law," Rosenstein said. The motion called attention to Martin's enrollment in a Ph.D program in information security at the time of his arrest, and of his several advanced degrees and expertise in areas like encryption, anonymization, and secure-communication. Such skills would make it easy for Martin to access and transmit information to others that he may have stored online, Rosenstein said in arguing against Martin's release from custody. "As a trusted insider, the Defendant was able to defeat myriad, expensive controls placed on that information," and he has the skill to transfer all of the stolen information electronically and make it available to others if he was given access to the Internet, the prosecuting attorney noted. The motion does not make clear what Martin's motives might have been. But it makes clear that there's enough evidence to suggest that Martin either illegally shared or planned to share the data with others. For example, the 10 firearms recovered from his home included an "AR-style tactical rifle and a pistol-grip shotgun with a flash suppressor." In addition, he had a loaded handgun in his car in violation of state law. If Martin had stolen it for his own edification as claimed, there would have been little reason to "arm himself as though he ere trafficking in dangerous contraband," Rosenstein argued. Similarly, a printed email chain marked "Top Secret" recovered from Martin's car had handwritten notes on the back of the document describing classified technical operations and appear intended "for an audience outside of the Intelligence Community." 'Prime Target' The extensive publicity the case has received guarantees that every foreign counterintelligence agency knows Martin has access to highly sensitive data either hidden in physical locations, cyberspace, or stored in his head, the filing said. "This makes the Defendant a prime target, and his release would seriously endanger the safety of the country and potentially even the Defendant himself," Rosenstein said. Related stories   Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio More Insights
It's not cool to kill a demo, but you can watch all the pr0n you want Black Hat Neil Wyler and Bart Stump are responsible for managing what is probably the world’s most-attacked wireless network. The two friends, veterans among a team of two dozen, are at the time of writing knee deep in the task of running the network at Black Hat, the security event where the world reveals the latest security messes. The event kicks off with three days of training, then unleashes tempered anarchy as the conference proper gets under way. Wyler, better known as Grifter (@grifter801), heads the network operations centre (NoC) at Black Hat, an event he has loved since he was 12 years-old. “I literally grew up among the community,” he says. Bart (@stumper55) shares the job. Wyler's day job is working for RSA's incident response team while Stumper is an engineer with Optiv, but their Black Hat and DEF CON experience trumps their professional status. Wyler has worked with Black Hat for 13 years and DEF CON for 16 years, while Stump has chalked up nine years with both hacker meets. Together with an army of capable network engineers and hackers they operate one of the few hacker conference networks that delegates and journalists are officially advised to avoid. Rightly so; over the next week the world’s talented hacker contingent will flood Las Vegas for Black Hat and DEF CON, the biggest infosec party week of the year.

The diverse talents – and ethics – of the attending masses render everything from local ATMs to medical implants potentially hostile and not-to-be-trusted. Some 23 network and security types represent the network operations centre (NoC) and are responsible for policing the Black Hat network they help create.

Come August each member loosens the strict defensive mindset they uphold in their day jobs as system administrators and security defenders to let the partying hackers launch all but the nastiest attacks over their network. “We will sit back and monitor attacks as they happen," Wyler tells The Register from his home in the US. "It's not your average security job." The Black Hat NoC.
Image: supplied. The crew operates with conference din as a background, sometimes due to cheers as speakers pull off showy hacks or offer impressive technical demos in rotating shifts.
In the NoC, some laugh, some sleep, and all work in a pitch broken by the glow of LEDs and computer screens.

Their score is a backdrop of crunching cheese Nachos, old hacker movies, and electronic music. "Picture it in the movies, and that's what it's like," Stump says, commiserating with your Australia-based scribe's Vegas absence; "it'll be quite a sight, you'll be missing something". Delegates need not.

The NoC will again be housed in The Fish Bowl, a glass den housing the crew and mascots Lyle the stuffed ape and Helga the inflatable sheep.

Delegates are welcome to gawk. Risky click The NoC operators at Black Hat and DEF CON need to check their defensive reflexes at the door in part to allow a user base consisting almost entirely of hackers to pull pranks and spar, and in part to allow presenters to legitimately demonstrate the black arts of malware. When you see traffic like that, you immediately go into mitigation mode to respond to that threat," Wyler says. "Black Hat is a very interesting network because you can't do that - we have to ask if we are about to ruin some guy's demonstration on stage in front of 4000 people". Stump recalls intruding on a training session in a bid to claim the scalp of a Black Hat found slinging the infamous Zeus banking trojan. "The presenter says 'it's all good, we are just sending it up to AWS for our labs' and we had a laugh; I couldn't take the normal security approach and simply block crazy shit like this." Flipping malware will get you noticed and monitored by one of the NoC's eager operators who will watch to see if things escalate beyond what's expected of a normal demonstration. If legitimate attacks are seeping out of a training room, the sight of Wyler, Stump, or any other NoC cop wordlessly entering with a walkie-talkie clipped to hip and a laptop under arm is enough for the Black Hat activity to cease. "It is part of the fun for us," Wyler says. "Being able to track attacks to a location and have a chat." Targeting the Black Hat network itself will immediately anger the NoC, however. The team has found all manner of malware pinging command and control servers over its network, some intentional, and some from unwittingly infected delegates. "We'll burst in and say anyone who's MAC address ends with this, clean up your machine," Stump says. $4000 smut-fest Training is by far the most expensive part of a hacker conference. Of the 71 training sessions running over the weekend past ahead of the Black Hat main conference, each cost between US$2500 (£1887, A$3287) and US$5300 (£4000, A$6966) with many students having the charge covered by generous bosses. Bart and the blow up doll cameo on CNN Money. So it was to this writer's initial incredulity that most of the sea of "weird porn" flowing through the Black Hat pipes stems from randy training students. "It is more than it should ever be," Wyler says of the Vegas con's porn obsession. "While you are at a training class - I mean it's not even during lunch." The titillating tidbit was noticed when one NoC cop hacked together a script to pull and project random images from the network traffic on Fish Bowl monitors.

A barrage of flesh sent the shocked operators into laughing fits of ALT-TAB.

Another moment was captured when Stump was filmed for on CNN Money and a shopper's blow up doll appeared with perfect timing. Balancing act Black Hat's NoC started as an effective but hacked-together effort by a group of friends just ahead of the conference.

Think Security Onion, intrusion detection running on Kali, and Openbsd boxes. Now they have brought on security and network muscle, some recruited from a cruise through a cruise of the expo floor, including two one gigabyte pipes from CenturyLink with both running about 600Mbps on each. "We were used to being a group of friends hanging out where a lot of stuff happened on site, and now we've brought in outsiders," Stump says. Ruckus Wireless, Fortinet, and CenturyLink are now some of the vendors that help cater to Black Hat's more than 70 independent networks. "It's shenanigans," Wyler says. "But we love it." The pair do not and cannot work on the DEF CON networks since they are still being built during Black Hat, but they volunteer nonetheless leading and helping out with events, parties, and demo labs.
I feel a responsibility to give back to the community which feeds me," Wyler says. "That's why we put in the late nights." ® Sponsored: 2016 Cyberthreat defense report
NEWS ANALYSIS: New zero-day vulnerability may also affect computers from other makers that used similar Intel UEFI reference code to create their BIOS firmware. Lenovo has confirmed that reports of a critical vulnerability in the UEFI (unified extensible firmware interface) in its ThinkPad computers are accurate and that the company is currently investigating the problem.Lenovo released a statement on June 30 confirming that there is a vulnerability in the ThinkPad's System Management Mode (SMM) BIOS that was introduced by one of its independent BIOS vendors. However, Lenovo hasn't specified what range of ThinkPad models are likely affected by the vulnerability.The UEFI is a current version of what used to be called the BIOS (basic input output system) which forms an interface between the computer hardware and the operating system, such as Microsoft Windows.

The current practice is that the IBVs (Independent BIOS Vendors) work from reference code provided by the CPU manufacturer and then provide machine-specific code that provides the rest of the machine-specific interface.Normally, machines using similar processors and chip sets will use the same reference code.

This means that while the vulnerability could have been introduced by the IBV, it's also possible that it was introduced by Intel when it created the reference code. The vulnerability was found by an independent security researcher Dmytro Oleksiuk, who published details on GitHub, a software development collaboration site. Oleksiuk says in his posting that the vulnerability, which he has named ThinkPwn, allows the running of arbitrary System Management Mode code. He said that this will allow an attacker to disable Flash write protection and then allow malware infection of the platform firmware.

This in turn will allow an attacker to disable Secure Boot and Virtual Secure Mode on Windows 10. By embedding malware in the system firmware, an attacker can avoid detection by anti-malware software.

Furthermore the malware may be difficult or impossible to remove. Oleksiuk says in his GitHub entry that the vulnerability was apparently fixed by Intel in 2014, but because there was no public announcement, the vulnerability was never removed by computer makers that were using the earlier version in their UEFI code.Further research by Oleksiuk and others appears to indicate that Lenovo isn’t the only computer maker affected by the same bug.
Independent security researcher Alex James has reported in a series of Tweets that he found the same vulnerability on some Hewlett Packard laptop computers and in the firmware for some Gigabyte Technology motherboards.The vulnerability was discovered so recently that the full extent of the problem is unknown.

But because Intel and the independent BIOS vendors likely used similar reference code and UEFI software as much as possible, the problem is likely to be much more widespread than just the three makers that are currently known.While Lenovo has acknowledged that the vulnerability exists, there’s more to attacking a computer than the existence of a vulnerability.

At the very least, there needs to be a means of delivering it.
Vendors queue for punishment as 'ThinkPwn' fallout spreads Gigabyte has been swept into turmoil surrounding low-level security vulnerabilities that allows attackers to kill flash protection, secure boot, and tamper with firmware on PCs by Lenovo and other vendors. Unconfirmed reports suggest the hardware vendor has used the "ThinkPwn" vulnerable code, thought to be born of Intel reference code, on four of its motherboards: Z68-UD3H, Z77X-UD5H, Z87MX-D3H, and Z97-D3H. Researcher Dmytro Oleksiuk revealed the vulnerabilities in a post to Github stating that can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise” thanks to a flaw in the SystemSmmRuntimeRt UEFI driver. Pwn pundit Alex James then reported that Gigabyte looks affected by the System Management Mode BIOS vulnerability saying on Twitter that many other Gigabyte models are likely affected. Gigabyte has been contacted for comment. Further quips by other researchers claim HP Pavillion lines may also be affected. Many more will likely be added to the list curious hackers and vendors peer into the internals of their PCs. Lenovo labelled the flaw in its advisory as "industry-wide" with a high severity rating. The tech giant fired a salvo at Oleksiuk for his "uncoordinated disclosure" adding that its internal security team made "several unsuccessful attempts" to stuff a responsible disclosure gag in the researcher's mouth before his zero day drop. Lenovo is working on a fix, and presumably, the rest of the industry is scrambling its resources as well. ®