EPT, Chipsets, and Reroutes

In Defense of Offensive Hacking Tools
8 points in defence of offence. | medium.com

[Comment] The cyber threat landscape has become blurred and is outpacing our ability to adequately quantify the threat. The new reality we currently face is that sophisticated attack tools, exploits, and vulnerability knowledge are all becoming democratized. Let’s call the the Effective Persistent Threat (EPT).

The hijacking flaw that lurked in Intel chips is worse than anyone thought
Patch for severe authentication bypass bug won’t be available until next week. | arstechnia.com

[Comment] Shodan searches show that the number of Internet facing systems with the bug are limited in comparison with the sheer number of devices with this chipset – so it could be much worse. We do need to ask ourselves how something so fundamental in our computing devices could contain such a flaw for so long.

Russian-controlled telecom hijacks financial services’ Internet traffic
Visa, MasterCard, and Symantec among dozens affected by “suspicious” BGP mishap.  | arstechnia.com

[Comment] BGP essential to the Internet but never designed with security in mind. Where have I heard that before. Financial institutions …. sure we have SSL, no problem. How many password resets were done during those seven minutes?
This entry was posted in Musings. Bookmark the permalink.