Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

Yet another security flaw with Intel chips.

Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip’s SPI Flash memory —a mandatory component used during the boot-up process.

According to Lenovo, who recently deployed the Intel fixes, “the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware.”

Source: Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

NFS Exports And XFS’s inode64 Mount Option – mmacleod.ca

I recently formatted my home NAS with the XFS filesystem, then was mystified when some NFS exports worked fine while others didn’t. It turns out it’s an XFS quirk and needs a tweak to the /etc/exports file, as detailed in this blog post below.

I fixed it by adding fsid=1, fsid=2, … to the export options of each share in /etc/exports so that NFS could individually identify them. Kind of a bother but it works!

I recently turned up a new RAID array and plopped an XFS filesystem down on it. I didn’t bother setting any specific tunings when I created the filesystem. However I couldn’t for the life of me export any subdirectories from the volume over NFS. Local access was fine and I could export via netatalk and samba.On the server I saw messages like this in the logs:

Feb 14 13:08:43 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.50:1003 for /mnt/music (/mnt/music)Feb 14 13:08:57 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.50:1002 for /opt/music (/opt/music)Feb 14 13:15:19 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:717 for /mnt/music (/mnt/music)Feb 14 13:15:20 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:1001 for /mnt/music (/mnt/music)Feb 14 13:15:22 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:1002 for /mnt/music (/mnt/music)Feb 14 13:15:26 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:801 for /mnt/music (/mnt/music)Feb 14 13:15:34 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:967 for /mnt/music (/mnt/music)Feb 14 13:15:44 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:794 for /mnt/music (/mnt/music)Feb 14 13:15:54 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:855 for /mnt/music (/mnt/music)Feb 14 13:16:04 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:863 for /mnt/music (/mnt/music)Feb 14 13:16:14 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:932 for /mnt/music (/mnt/music)Feb 14 13:16:24 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:830 for /mnt/music (/mnt/music)

On the client I would get two different behaviours, depending on whether it was NFSv4 or NFSv3 that was being used. With NFSv4 it would mount the directory, but any attempt to read from it would give a ‘Stale NFS handle’ error:

root:~# mount -t nfs -v 192.168.1.10:/mnt/music /mnt/mount.nfs: timeout set for Fri Feb 14 16:49:39 2014mount.nfs: trying text-based options 'vers=4,addr=192.168.1.10,clientaddr=192.168.1.20'root:~# ls /mnt/ls: cannot open directory /mnt/: Stale NFS file handle

Source: NFS Exports And XFS’s inode64 Mount Option – mmacleod.ca

How a group of neighbors created their own Internet service | Ars Technica

When you live somewhere with slow and unreliable Internet access, it usually seems like there’s nothing to do but complain. And that’s exactly what residents of Orcas Island, one of the San Juan Islands in Washington state, were doing in late 2013. Faced with CenturyLink service that was slow and outage-prone, residents gathered at a community potluck and lamented their current connectivity.

“Everyone was asking, ‘what can we do?’” resident Chris Brems recalls. “Then [Chris] Sutton stands up and says, ‘Well, we can do it ourselves.’”

Doe Bay is a rural environment. It’s a place where people judge others by “what you can do,” according to Brems. The area’s residents, many farmers or ranchers, are largely accustomed to doing things for themselves. Sutton’s idea struck a chord. “A bunch of us finally just got fed up with waiting for CenturyLink or anybody else to come to our rescue,” Sutton told Ars.Around that time, CenturyLink service went out for 10 days, a problem caused by a severed underwater fiber cable. Outages lasting a day or two were also common, Sutton said.Faced with a local ISP that couldn’t provide modern broadband, Orcas Island residents designed their own network and built it themselves. The nonprofit Doe Bay Internet Users Association (DBIUA), founded by Sutton, Brems, and a few friends, now provide Internet service to a portion of the island. It’s a wireless network with radios installed on trees and houses in the Doe Bay portion of Orcas Island. Those radios get signals from radios on top of a water tower, which in turn receive a signal from a microwave tower across the water in Mount Vernon, Washington.

Source: How a group of neighbors created their own Internet service | Ars Technica

Amazon built its hyper efficient warehouses by embracing chaos — Quartz

Good look at how Amazon takes advantage of randomness in its warehouses.

Amazon has completely redefined warehouse efficiency and customer convenience. Through its Prime membership, it has promised tens of millions of customers free two-day shipping on more than 100 million products, and, last year, it shipped 5 billion items to them. “That was the major innovation,” says Daniel Theobald, who cofounded a warehouse robotics company called Vecna in 1998 and counts major retailers and logistics companies as clients. “As soon as people realized, you can order something and get it tomorrow, that turned the industry upside down.”

The core of this disruptive efficiency, though, is not Amazon’s automated shelf-moving warehouse robots, which is the innovation that gets the most attention. And it isn’t, on its surface, something that you would associate with a well-oiled machine. It’s not even a breakthrough technology. In fact, some version of it was already in place when Alperson worked in Amazon’s early warehouses.

What makes Amazon’s warehouse work is the way they organize inventory: with complete randomness.

Source: Amazon built its hyper efficient warehouses by embracing chaos — Quartz

Are these SpaceX’s Starlink satellites?

Looks like I may have found the orbital elements (TLEs) of SpaceX’s Starlink Internet satellites. I noticed on SatView’s site that three objects entered orbit on 22 February, one of which was SpaceX’s PAZ satellite. PAZ was the primary payload on SpaceX’s most recent Falcon 9 flight and the Starlink birds were the secondaries.

Starlink orbits!

Following Satview’s links takes you to the real-time tracking of 43616U and 43617U (International Designators 2018-020A & 2018-020B), two satellites that are almost certainly Starlink’s TinTin A & B (or Microsat 2A & 2B). They show up in NORAD’s catalog as the bland descriptions of “Object B” and “Object C” and were launched from Vandenberg Air Force Base on the same day as PAZ. From CelesTrak:

So now I know both what to look for and where and when to look for it. Now I need to acquire the gear to acquire the signals, which might be the biggest stumbling block of all. Well, aside from actually decoding any signals I happen to get.

Yes, folks, this actually is rocket science.

SpaceX’s Starlink satellite internet: It’s time for tough talk on cyber security in space | Science| In-depth reporting on science and technology | DW | 21.02.2018

It’s time to talk about how secure our flying Internet will be.

Imagine a cutting-edge industry that’s all about pushing boundaries, finding solutions to problems that never existed and “disrupting” absolutely everything we’ve come to rely on with a cast-iron belief in better-life-through-technology. Now, imagine them just “sitting around a big table with a lot of coffee, and talking about it.”

It’s not exactly an image of action, is it? No matter what the “it” is.

And yet that’s precisely the way Constantin Constantinides describes the satellite industry today. Constantinides is a radio frequency engineer with a satellite company in Glasgow called Alba Orbital. And the “it” refers to … cyber security.

Cyber security is one of the biggest unsolved challenges we have on Earth, and it’s about to become a far larger challenge in space.

You could say, “Well, at least they are talking about it.” At least cyber security is on the new space agenda. And it had certainly better be, because the more satellites we fire up into space, and the more those satellites form huge constellations, the more we rely on the data they accrue — the communications networks, location services, Earth Observation, shipping, flight and freak weather tracking, plus masses of unimagined stuff.

And, the more we’re putting our daily lives — human life — at risk.

Source: SpaceX?s Starlink satellite internet: It?s time for tough talk on cyber security in space | Science| In-depth reporting on science and technology | DW | 21.02.2018

Hacking and tracking SpaceX’s Starlink Internet satellites

Starlink Microsat/TinTin

Update 1 March: I found the satellites!

As my family and I strolled our neighborhood at sunset, my eagle-eyed son spotted a light in the sky sliding slowly away from us before fading. At first we thought it was the International Space Station (ISS) but it was too dim for that. We decided it was a low-earth orbit satellite and the conversation shifted to SpaceX’s recent launch of two low-earth-orbit test satellites for their proposed satellite Internet service, Starlink.

I have no idea whether the satellite we watched is a Starlink Satellite (more formally called TinTin A & B and previously known as Microsat 2A and 2B). I didn’t have my satellite tracking app fired up on my phone at the time. It did get me thinking, though, that it would be fun to track the TinTin satellites to see what I could discover.

A search on the Internet reveals very little information about these birds. I have not yet found the two-line elements (TLE) which describe their orbits. They haven’t been mentioned on my satellite-tracking email list, either.

What if I could locate them, then what? I’d like to try to collect whatever telemetry is being broadcast, even if it’s just beeps. Better yet, I could capture the data stream from the Internet side but that would be challenging to do anything with as it’s said to be encrypted. The birds do have imagery capability. What if I could tune into that and download an image snapped from orbit? Wouldn’t that be cool!
Continue reading