当前在线人数17518
首页 - 分类讨论区 - 新闻中心 - 军事天地版 - 同主题阅读文章

此篇文章共收到打赏
0

  • 10
  • 20
  • 50
  • 100
您目前伪币余额:0
未名交友
[更多]
[更多]
big hack到底是真是假,懂技术的聊聊
[版面:军事天地][首篇作者:whoami2012] , 2018年10月10日00:00:11 ,2578次阅读,74次回复
来APP回复,赚取更多伪币 关注本站公众号:
[首页] [上页][下页][末页] [分页:1 2 3 4 ]
whoami2012
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 1 ]

发信人: whoami2012 (nosce te ipsum or temet nosce), 信区: Military
标  题: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 00:00:11 2018, 美东)

bmi ipmi都是正常remote network manager技术,难道那个小芯片可以开启ipmi的后门
? ipmi好像在bios下层,但ipmi是cpu集成的?还是bios集成的?
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2603:3024:100a:]

 
lostsouls
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 2 ]

发信人: lostsouls (lostsouls), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 00:24:23 2018, 美东)

听听老美的技术人员怎么说: https://risky.biz/RB517_feature/
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 135.]

 
whoami2012
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 3 ]

发信人: whoami2012 (nosce te ipsum or temet nosce), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 00:25:59 2018, 美东)

这只是一面之词。
还想听听技术大拿们的意见。
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2603:3024:100a:]

 
dimorphism
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 4 ]

发信人: dimorphism (雷小阿伦), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 00:26:45 2018, 美东)

不懂,坐看专家科普
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2600:387:a:14:0]

 
whoami2012
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 5 ]

发信人: whoami2012 (nosce te ipsum or temet nosce), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 00:28:08 2018, 美东)

我过去看过报道说cpu那么小,也可能是有后门的,就像virtual machine一样。
所以彭博报道中的芯片大小不是问题关键。

--
※ 修改:·whoami2012 於 Oct 10 00:29:22 2018 修改本文·[FROM: 2603:3024:100a:f]
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2603:3024:100a:]

 
antee
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 6 ]

发信人: antee (蚂蚁), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 01:14:21 2018, 美东)

当然可能。但是芯片不是是个人就能做的。就水平而言,美帝第一
有菱镜门在那,没道理美国政府不通过各大公司下手。要是CPU插个后门啥都木有系

【 在 whoami2012 (nosce te ipsum or temet nosce) 的大作中提到: 】
: bmi ipmi都是正常remote network manager技术,难道那个小芯片可以开启ipmi的后门
: ? ipmi好像在bios下层,但ipmi是cpu集成的?还是bios集成的?



★ 发自iPhone App: ChinaWeb 1.1.4
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 73.]

 
kevinwang
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 7 ]

发信人: kevinwang (凯文), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 01:54:26 2018, 美东)

操,把间谍芯片放到主板上,而且肉眼可见,尼玛,美帝人民这智商,基本上,美帝一
路向下了
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 98.]

 
helloterran
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 8 ]

发信人: helloterran (hi you), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 02:53:17 2018, 美东)

就是要编得足够低智才能让足够多的暴民看懂,一起干死小黄人

【 在 kevinwang (凯文) 的大作中提到: 】
: 操,把间谍芯片放到主板上,而且肉眼可见,尼玛,美帝人民这智商,基本上,美帝一
: 路向下了



--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 24.]

 
whoami2012
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 9 ]

发信人: whoami2012 (nosce te ipsum or temet nosce), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 10:36:49 2018, 美东)

呼唤高手
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2603:3024:100a:]

 
whoami2012
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 10 ]

发信人: whoami2012 (nosce te ipsum or temet nosce), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 21:15:54 2018, 美东)

An Analysis of Image Filtering on WeChat Moments
https://citizenlab.ca/2018/08/cant-picture-this-an-analysis-of-image-
filtering-on-wechat-moments/
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2603:3024:100a:]

 
MHP
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 11 ]

发信人: MHP (马后炮), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 21:20:17 2018, 美东)

什么说吧,除非你觉得对手技术水平比你低很多级,否则硬件后门就是找死。因为太容
易发现了。



【在  whoami2012(nosce te ipsum or temet nosce)的大作中提到:】
:bmi ipmi都是正常remote network manager技术,难道那个小芯片可以开启ipmi的后
门? ipmi好像在bios下层,但ipmi是cpu集成的?还是bios集成的?

--
※ 来源:·Android 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 71.]

 
skybluewei
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 12 ]

发信人: skybluewei (weilan), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 21:20:38 2018, 美东)

技术上肯定是可行的啦。想想CPU那么复杂的东西都会有bug,前一段那个Meltdown and
Spectre不就是么。。。这些东西都属于后门vulnerablilty,要用的时候就可以被
exploit。
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2600:1003:b10d:]

 
skybluewei
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 13 ]

发信人: skybluewei (weilan), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 21:22:19 2018, 美东)

CPU那个Meltdown and Spectre多少年了?没那么容易发现的。当然不是说bloomberg说
的就是真的。
【 在 MHP (马后炮) 的大作中提到: 】
: 什么说吧,除非你觉得对手技术水平比你低很多级,否则硬件后门就是找死。因为太容
: 易发现了。
: :bmi ipmi都是正常remote network manager技术,难道那个小芯片可以开启ipmi的后
: 门? ipmi好像在bios下层,但ipmi是cpu集成的?还是bios集成的?



--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2600:1003:b10d:]

 
whoami2012
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 14 ]

发信人: whoami2012 (nosce te ipsum or temet nosce), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 21:25:27 2018, 美东)

AFTER MELTDOWN AND SPECTRE, ANOTHER SCARY CHIP FLAW EMERGES
https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-
vulnerability/
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2603:3024:100a:]

 
MHP
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 15 ]

发信人: MHP (马后炮), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 21:47:57 2018, 美东)

meltdown是设计问题,而且是藏在复杂的CPU里面的。bloomburg这个是一个元件,放在
主板上,这两个差别太大了。

【在  skybluewei(weilan)的大作中提到:】
:CPU那个Meltdown and Spectre多少年了?没那么容易发现的。当然不是说bloomberg
说的就是真的。
:【 在 MHP (马后炮) 的大作中提到: 】

--
※ 来源:·Android 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 71.]

 
skybluewei
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 16 ]

发信人: skybluewei (weilan), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 22:32:21 2018, 美东)

这些东西都是一回事儿,一复杂就可以钻空子,硬件软件都一样,人为的也好,无意的
也好,难者不会,会者不难。熊猫烧香的作者初中毕业,高中都没考上。
【 在 MHP (马后炮) 的大作中提到: 】
: meltdown是设计问题,而且是藏在复杂的CPU里面的。bloomburg这个是一个元件,放在
: 主板上,这两个差别太大了。
: :CPU那个Meltdown and Spectre多少年了?没那么容易发现的。当然不是说
bloomberg
: 说的就是真的。
: :【 在 MHP (马后炮) 的大作中提到: 】




--
※ 修改:·skybluewei 於 Oct 10 22:34:30 2018 修改本文·[FROM: 108.]
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 108.]

 
jiangyoun
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 17 ]

发信人: jiangyoun (果果新品发布-iQuit), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 22:43:57 2018, 美东)

任何软硬件有bug是100%的,发现是时间问题,但Bloomberg那个说的是天顶星技术,如
果tg有那个技术,米帝早被超越了


【 在 skybluewei (weilan) 的大作中提到: 】
: 这些东西都是一回事儿,一复杂就可以钻空子,硬件软件都一样,人为的也好,无意的
: 也好,难者不会,会者不难。熊猫烧香的作者初中毕业,高中都没考上。
: bloomberg



--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2607:fb90:a426:]

 
MHP
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 18 ]

发信人: MHP (马后炮), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Wed Oct 10 23:48:48 2018, 美东)

你这种大而化之的思维方式,可以跟bloomburg这记者一起混了。

【在  skybluewei(weilan)的大作中提到:】
:这些东西都是一回事儿,一复杂就可以钻空子,硬件软件都一样,人为的也好,无意
的也好,难者不会,会者不难。熊猫烧香的作者初中毕业,高中都没考上。
:【 在 MHP (马后炮) 的大作中提到: 】

--
※ 来源:·Android 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 71.]

 
whoami2012
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 19 ]

发信人: whoami2012 (nosce te ipsum or temet nosce), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Thu Oct 11 10:35:42 2018, 美东)

你这种已经先认为彭博是假新闻的才是鲜明的五毛立场。

【 在 MHP (马后炮) 的大作中提到: 】
: 你这种大而化之的思维方式,可以跟bloomburg这记者一起混了。
: :这些东西都是一回事儿,一复杂就可以钻空子,硬件软件都一样,人为的也好,无意
: 的也好,难者不会,会者不难。熊猫烧香的作者初中毕业,高中都没考上。
: :【 在 MHP (马后炮) 的大作中提到: 】



--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2603:3024:100a:]

 
whoami2012
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 20 ]

发信人: whoami2012 (nosce te ipsum or temet nosce), 信区: Military
标  题: Re: big hack到底是真是假,懂技术的聊聊
发信站: BBS 未名空间站 (Thu Oct 11 10:52:24 2018, 美东)

IPMI: The most dangerous protocol you've never heard of
IPMI could be punching holes in your corporate defenses.
            
Paul F. Roberts By Paul F. Roberts
ITworld | AUGUST 19, 2013

MORE GOOD READS
Many servers expose insecure out-of-band management interfaces to the
Internet
Those 'invisible' servers could open your network to hackers
Despite patches, Supermicro's IPMI firmware is far from secure, researchers
say
screen shot 2018 09 21 at 10.43.22 am
DEALPOSTS
Apple's dropping Back To My Mac Remote Access. Here's an Alternative,...




You spend thousands or even hundreds of thousands of dollars to secure the
data stored on the critical databases and application servers your
organization relies on. But what if each of those systems secretly harbored
a powerful, hardware
ADVERTISEMENT

based back door that would give a remote attacker total control of the
system? And what if that backdoor wasn't planted by some shadowy hacker
group operating out of the former Soviet republics, but by the multi-billion
dollar Western company that sold you the server in the first place?

If that sounds fantastic, I've got one word...err...acronym for you: IPMI,
and its turning into the new four letter word in security. IPMI stands for
Intelligent Platform Management Interface. It's a powerful protocol that is
supported by many late model server hardware from major manufacturers like
Dell, HP, Oracle and Lenovo.

–– ADVERTISEMENT ––



At the 100,000-foot level, IPMI can be understood as technology that gives
administrators almost total control over remotely deployed servers. IPMI and
now-standard hardware called a Baseboard Management Controller (BMC) - let
remote administrators monitor the health of servers, deploy (or remove)
software, manage hardware peripherals like the keyboard and mouse, reboot
the system and update software on it.

You'd think with that kind of power, IPMI would be a fortress: secure
against remote hackers and malware based attacks. But you'd be wrong.
Instead, researchers who have looked at implementations of IPMI have found
just the contrary: that remotely exploitable vulnerabilities in IPMI
implementations from major vendors are widespread, potentially giving a
remote attacker total control over a vulnerable operating system. The most
recent revelation about IPMI insecurity came last week in Washington D.C. at
WOOT '13, the 7th annual USENIX Workshop on Offensive Technologies. (Get it
? WOOT!) In a presentation there, Anthony Bonkoski, Russ Bielawski and J.
Alex Halderman of the University of Michigan presented the findings of
research on a common IPMI implementation from the server OEM Supermicro.
They found that the IPMI firmware, developed by ATEN Technologies, contained
"numerous, textbook security flaws" that included buffer overflow
vulnerabilities, privilege escalation vulnerabilities and shell injection.
They then demonstrated an attack leveraging one of those: a buffer over&#
64258;ow in a web interface used to access the IPMI feature to remotely
obtain a root shell on the BMC.

The University of Michigan research is just the latest in a string of
worrying reports on issues around IPMI. Notably, the security researcher Dan
Farmer, working as part of a DARPA-funded research project, was among the
first to sound the alarm on IPMI, in a paper first published in January. (
The research was recently updated).

Farmer's analysis raised many of the same concerns as the University of
Michigan study. In it, Farmer identified a wide range of security flaws in
the firmware the runs the Baseboard Management Controller, which he
described as "a bloodsucking leech" attached to the motherboard of servers
that use IPMI.

In an e-mail, Farmer said the University of Michigan work confirmed what he
suspected about the IPMI protocol and, more pointedly, the BMC component.
BMCs were rife with exploitable vulnerabilities that had yet to be
discovered or explored, Farmer said. "I talked about the appearance of
really shoddy work on a visceral level in my own work - poorly written shell
scripts, bad architecture, just terrible security design," he told me in an
e-mail. "I suspect if they looked ...at other vendors there wouldn't be all
that much difference. Each time I look at these things another piece falls
off, it's amazing we've held it all together as long as we have."

[ Prepare to become a Certified Information Security Systems Professional
with this comprehensive online course from PluralSight. Now offering a 10-
day free trial! ]
Others have taken notice. HD Moore, the author of the Metasploit penetration
testing tool and the Chief Research Officer at the security firm Rapid7,
published a "Penetration Tester's Guide to IPMI and BMCs" in July that built
on Farmer's research, highlighting some of the major vulnerabilities in
IPMI and BMCs and providing tips to professional penetration testers about
how to exploit them - taking advantage of default username and passwords
that haven't been changed, or bypassing authentication or brute forcing
usernames and passwords using known vulnerabilities.

How to Gain a Competitive Talent Advantage: Start Now
SponsoredPost Sponsored by TriNet
How to Gain a Competitive Talent Advantage: Start Now
Here's how we can help you do what you do best—grow your business.
Farmer's work and Moore's "guide" to breaking IPMI and BMCs prompted the
Department of Homeland Security to issue an alert in late July about the
security of systems that use IPMI. "Attackers can easily identify and access
systems that run IPMI and are connected to the Internet," CERT warned. "It
is important to restrict IPMI access to specific management IP addresses
within an organization and preferably separated into a separate LAN segment."

In an e-mail, Moore told me that he has received numerous reports from
professional penetration testers working in the field about successful
exploits of systems using IPMI. "In almost all cases, they were able to use
the information and code provided to gain access to an important target of
their test," he wrote. That doesn't mean that IPMI and BMC hacks are being
used outside of controlled tests (or "in the wild,") but Moore thinks it is
likely that they will be eventually, if they haven't already. So what's a
company to do? As is often the case, the level of risk from IPMI devices "
depends" - in this the risk of attack due to IPMI depends on how an
organization's servers are managed. "Companies using dedicated servers from
public providers will be directly exposed to the most dangerous types of
attacks," Moore said. Other firms, managing their own hardware, may yet
leave IPMI enabled on internal servers, which can allow an intruder with
internal network access to gain access to critical systems., Moore warned.

Farmer has published a list of security best practices to use with systems
that support IPMI. They include "severely restricting" access to any BMC,
beefing up authentication requirements and isolating systems with a BMC and
supporting IPMI from being able to access the public Internet. (That would
seem to be a no-brainer, but the University of Michigan researchers found
more than 100,000 such servers that were reachable via public Internet
searches and scans.)

Moore echoes that advice. "The best way to mitigate IPMI is to disable it or
place the IPMI interface on a dedicated and physically isolated network,"
Moore wrote.
--
※ 来源:·WWW 未名空间站 网址:mitbbs.com 移动:在应用商店搜索未名空间·[FROM: 2603:3024:100a:]

[首页] [上页][下页][末页] [分页:1 2 3 4 ]
[快速返回] [ 进入军事天地讨论区] [返回顶部]
回复文章
标题:
内 容:

未名交友
将您的链接放在这儿

友情链接


 

Site Map - Contact Us - Terms and Conditions - Privacy Policy

版权所有,未名空间(mitbbs.com),since 1996