From owner-freebsd-security@FreeBSD.ORG Thu Feb 19 12:53:11 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0D0DD24A for ; Thu, 19 Feb 2015 12:53:11 +0000 (UTC) Received: from nm14-vm6.bullet.mail.ne1.yahoo.com (nm14-vm6.bullet.mail.ne1.yahoo.com [98.138.91.107]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C27D8C6 for ; Thu, 19 Feb 2015 12:53:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s2048; t=1424350242; bh=fLSbP8NCdV7MCkwEXYxNUkyCGSFfooal6orIHKQ5Gug=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=PMAcPij9RfCTe5Bjhx5rSfxRr0Ss3RVqqFxw0NNZz6l3i/wdLRfPFYR26i+U7W+cuHGuy619ElyPI5b+PvA3On4h9DMEFiy/AYadrwpOlBGt7yRiStYV0KZ1tA6ZZ8hEDSSCUbOt8DyihU21W15212ATZpD4JylAt8Oh19uhwOWTCF78tkG/hgdm0wd5YFbw6xeH7CdVa3mLlXEXTqcaeEEnmPqM/326C32OvZyeaSYDgb09h78xVk+EFHvu6Q8X572L7kAm59QM13CcUkmxp6/NzpiBFOamqPfuCEwoEuqbJmdSaAxNN2LBqF5ljyaGkejuiyYp29R4/zKeeVUk+Q== Received: from [98.138.100.102] by nm14.bullet.mail.ne1.yahoo.com with NNFMP; 19 Feb 2015 12:50:42 -0000 Received: from [212.82.98.87] by tm101.bullet.mail.ne1.yahoo.com with NNFMP; 19 Feb 2015 12:50:41 -0000 Received: from [127.0.0.1] by omp1024.mail.ir2.yahoo.com with NNFMP; 19 Feb 2015 12:50:41 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 450376.63462.bm@omp1024.mail.ir2.yahoo.com X-YMail-OSG: hcvKhFkVM1lzT.9JfYTbqn4kdv8M1.LjvT8uVugVQJfJIwK9uelb0vWyajNytVL arepnSOy13VE1xv_eNISTHy_tYDH1V635TJzvCWpcoiE7MKT6CWdlu4WOM8hznIrk1a33eGClPQG yk5qPIOsDmlW8yt3wvPLeoRx3V45W9wUymRkZQ7TIvLQ8aOEM9IBRTCShT7eJ4l7ayDGjfhr2Y.6 agrdwA6i7fchjshRI43Dd8aomCClhXOIpfY7yai1NWjUf_5nO8IuHvq_YyEC5pM2UK6HwAX108V7 YHLc1vARuOopGh5wTp6pde0Nm1JdBy2vZn24B1rI867B75SJWA2iyGS56N77Mz1AB.vzMcBonvUL 6staxyga1zj9QKgtGVF6wdbLw4rv2EGuVjamIyt7Ktw70TWgJI42bHk_UGdZUEC8jx17xzLXvd9K KzXIX.YoVK.aPCD78.ekANVgZ4op.3Xc5dnhcSw3rI.Ej4_ux52VdHhRxObi6yfRsSr_inEd5rdy _mfQ.UzrFtUtZdXU- Received: by 217.12.9.8; Thu, 19 Feb 2015 12:50:40 +0000 Date: Thu, 19 Feb 2015 12:50:40 +0000 (UTC) From: Alfred Hegemeier Reply-To: Alfred Hegemeier To: "freebsd-security@freebsd.org" Message-ID: <2128122602.2736874.1424350240576.JavaMail.yahoo@mail.yahoo.com> In-Reply-To: References: Subject: Re: freebsd-security Digest, Vol 522, Issue 1 MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 19 Feb 2015 13:51:49 +0000 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2015 12:53:11 -0000 just encrypt the whole hard drive with Geli. That's the only protection I see: everything passing through the controller= s is encrypted - unless keyloggers are installed, which you best protect ag= ainst completely firewalling the "core" system, andhaving jails to access t= he outer world. PCbsd already dumped complete auto hard drive encryption in their latest pr= oducts - the automatic full HD encr was dumped when the Snowden stuff was r= evealed, I think with 10 release.So, I guess, they know why they removed it= - makes it to secure. Which brings up an important question: how 'safe' is the encryption Geli, i= .e. how can we know that developers are not on any agencies pay list ?Does = that make sense=C2=A0 what I am writing in your opinion ? greetings. From: "freebsd-security-request@freebsd.org" To: freebsd-security@freebsd.org=20 Sent: Thursday, 19 February 2015, 13:00 Subject: freebsd-security Digest, Vol 522, Issue 1 =20 Send freebsd-security mailing list submissions to =C2=A0=C2=A0=C2=A0 freebsd-security@freebsd.org To subscribe or unsubscribe via the World Wide Web, visit =C2=A0=C2=A0=C2=A0 http://lists.freebsd.org/mailman/listinfo/freebsd-securi= ty or, via email, send a message with subject or body 'help' to =C2=A0=C2=A0=C2=A0 freebsd-security-request@freebsd.org You can reach the person managing the list at =C2=A0=C2=A0=C2=A0 freebsd-security-owner@freebsd.org When replying, please edit your Subject line so it is more specific than "Re: Contents of freebsd-security digest..." Today's Topics: =C2=A0 1. Re: [Cryptography] trojans in the firmware (grarpamp) =C2=A0 2. Re: [Cryptography] trojans in the firmware (Henry Baker) ---------------------------------------------------------------------- Message: 1 Date: Wed, 18 Feb 2015 18:12:07 -0500 From: grarpamp To: "cryptography@metzdowd.com" Cc: cypherpunks@cpunks.org, freebsd-security@freebsd.org Subject: Re: [Cryptography] trojans in the firmware Message-ID: =C2=A0=C2=A0=C2=A0 Content-Type: text/plain; charset=3DUTF-8 On Wed, Feb 18, 2015 at 5:16 PM, Tom Mitchell wrote: > The critical stage is the boot=C2=A0 ROM (BIOS) and the boot device. > Once Linux has booted a lot is possible but too much has already taken > place. > A BIOS that allows booting from a Flash memory card must be trusted. > > Virtual machines may help or hinder. > > The VM is sitting where the man in the middle wants to be and if it wants > can protect or expose > the OSs that it hosts.=C2=A0 A VM can protect a hard drive from being inf= ected > by blocking vendor > codes that might try to update or corrupt modern disks of boot flash memo= ry. Afaik, all vm's today simply pass through all drive commands. It seems a move all the BSD's and Linux could make today, without waiting on untrustable hardware vendors to roll out signature verification in hardware, is to simply kernel block all commands unnecessary to actual production use of the disk. Permit only from a list of READ, WRITE, ERASE, INQ, TUR, RST, and so on. Thus every other command component, including firmware update, vendor specific, and binary fuzzing, gets dropped and logged. It could be done as a securelevel, or compiled in. It's definitely not bulletproof, but it does force adversaries to add that much more exploit code and effort to get root and go around the driver interface to access the hardware directly. Defense in depth. Similar tactics could be applied to other areas where firmware and vendor/fuzzable opcodes are involved... usb, bios and cpu. ------------------------------ Message: 2 Date: Wed, 18 Feb 2015 17:57:40 -0800 From: Henry Baker To: grarpamp Cc: cypherpunks@cpunks.org, freebsd-security@freebsd.org, =C2=A0=C2=A0=C2=A0 cryptography@metzdowd.com Subject: Re: [Cryptography] trojans in the firmware Message-ID: Content-Type: text/plain; charset=3D"us-ascii" At 03:12 PM 2/18/2015, grarpamp wrote: >On Wed, Feb 18, 2015 at 5:16 PM, Tom Mitchell wrote: >> The critical stage is the boot=C2=A0 ROM (BIOS) and the boot device. >> Once Linux has booted a lot is possible but too much has already taken p= lace. >> A BIOS that allows booting from a Flash memory card must be trusted. >> >> Virtual machines may help or hinder. >> >> The VM is sitting where the man in the middle wants to be and if it want= s can protect or expose >> the OSs that it hosts.=C2=A0 A VM can protect a hard drive from being in= fected by blocking vendor >> codes that might try to update or corrupt modern disks of boot flash mem= ory. > >Afaik, all vm's today simply pass through all drive commands. > >It seems a move all the BSD's and Linux could make today, >without waiting on untrustable hardware vendors to roll out signature >verification in hardware, is to simply kernel block all commands >unnecessary to actual production use of the disk. Permit only >from a list of READ, WRITE, ERASE, INQ, TUR, RST, and so on. >Thus every other command component, including firmware update, >vendor specific, and binary fuzzing, gets dropped and logged. ????=C2=A0 If the disk drive or flash drive firmware has already been compromised, none of this will work, because the firmware simply waits for the appropriate "legitimate" read & write commands, and does its thing. BTW, what happens with "emulated" disks -- e.g., .vdi files -- in vm's ?=C2=A0 Presumably these emulated disks have no firmware to update, so any attempt would either be ignored or crash the system. ------------------------------ Subject: Digest Footer _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" ------------------------------ End of freebsd-security Digest, Vol 522, Issue 1 ************************************************ From owner-freebsd-security@FreeBSD.ORG Thu Feb 19 16:16:02 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 89BEF95B for ; Thu, 19 Feb 2015 16:16:02 +0000 (UTC) Received: from elasmtp-mealy.atl.sa.earthlink.net (elasmtp-mealy.atl.sa.earthlink.net [209.86.89.69]) by mx1.freebsd.org (Postfix) with ESMTP id 57A99AA5 for ; Thu, 19 Feb 2015 16:16:01 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=pipeline.com; b=GYKwoOi5vc2tepvkSurjvZix9n0AJt4BjidKTqWmGKObm15apbl9ZKxHxa2D88cT; h=Received:X-Mailer:Date:To:From:Subject:In-Reply-To:References:Mime-Version:Content-Type:Message-ID:X-ELNK-Trace:X-Originating-IP; Received: from [70.109.44.99] (helo=A.pipeline.com) by elasmtp-mealy.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1YOTjj-0004uI-59; Thu, 19 Feb 2015 11:13:59 -0500 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Thu, 19 Feb 2015 08:12:41 -0800 To: grarpamp ,cypherpunks@cpunks.org, freebsd-security@freebsd.org,cryptography@metzdowd.com From: Henry Baker Subject: Re: [Cryptography] trojans in the firmware In-Reply-To: References: <54E2B04C.9080707@av8n.com> <54E436FB.9000709@deadhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-ID: X-ELNK-Trace: 1ae2556e383722335a792f37df7f8ca8b65b6112f891153790fc6552fcaf67896e6db278222a318a350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 70.109.44.99 X-Mailman-Approved-At: Thu, 19 Feb 2015 16:23:00 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2015 16:16:02 -0000 I would love to be able to program this device myself, instead of relying on Samsung's firmware. BTW, what's the point of AES encryption on this pre-p0wned device? More security theatre? http://hothardware.com/reviews/samsung-portable-ssd-t1-review Samsung Portable SSD T1 Review: Blazing Fast External Storage Utilizing Samsung's proprietary 3D Vertical NAND (V-NAND) technology and a SuperSpeed USB 3.0 interface, the Portable SSD T1 redlines at up to 450MB/s when reading or writing data sequentially, according to Samsung. For random read and write activities, Samsung rates the drive at up to 8,000 IOPS and 21,000 IOPS, respectively. Capacity 1TB (250GB and 500GB also available) Interface Compatible with USB 3.0, 2.0 Dimensions (W x H x D) 71.0 x 9.2 x 53.2 mm Weight Max. 30 grams Transfer Speed Up to 450MB/sec UASP Mode UASP Mode Encryption AES 256-bit Security Password setting (optional) Certification CE, BSMI,KC, VCC, C-tick, FCC, IC, UL, TUV, CB RoHS Compliance RoHS2 Warranty Limited 3 year Price$569 (street) - Find It At Amazon