I have upgraded my TPM firmware on my Librem13v2. Its keys are now safe. \o/
Back in 2017 we had the Infineon disaster (aka ROCA). I’ve written about it before about how bad it is and how to check if you’re affected with a simple tool.
I TAKE NO RESPONSIBILITY IF YOU BRICK YOUR DEVICE OR FOR ANYTHING ELSE BAD HAPPENING FROM YOU FOLLOWING MY NOTES.
$ tpm_version | grep Chip
Chip Version: 1.2.4.40 <--- Example vulnerable version
$ cbmem -c | grep Purism # I upgraded coreboot/SeaBIOS just before doing this.
coreboot-4.9-10-g123a4c6101-4.9-Purism-2 Wed Nov 13 19:54:43 UTC 2019 […]
[…]
Found mainboard Purism Librem 13 v2
$ wget https://repo.pureos.net/pureos/pool/main/t/tpmfactoryupd/tpmfactoryupd_1.1.2459.0-0pureos9_amd64.deb
[…]
$ alien -t tpmfactoryupd_1.1.2459.0-0pureos9_amd64.deb
[…]
$ tar xfz tpmfactoryupd-1.1.2459.0.tgz
$ mv usr/bin/TPMFactoryUpd .
$ sudo systemctl stop trousers.service # Need to turn off tcsd for TPMFactoryUpd to work in its default mode.
[…]
$ ./TPMFactorUpd -info
**********************************************************************
* Infineon Technologies AG TPMFactoryUpd Ver 01.01.2459.00 *
**********************************************************************
TPM information:
----------------
Firmware valid : Yes
TPM family : 1.2
TPM firmware version Continue reading
Service provider revenue dropped 13% year over year in Q1, while Cisco’s enterprise business...
SD-branch can connect nearly any location, from a city office to a cabin in the woods. Here's how...
Digital Reality dropped billions on European expansion; Ciena closed its acquisition of Centina;...
In-net SD-WAN allows maximum service delivery with minimum customer premises equipment (CPE)...
Cloud security posture management includes processes and tools to avoid cloud misconfigurations...
The top security concerns related to 5G include a larger attack surface, device proliferation, IoT...
“The larger vision here is that Mist is the cornerstone of Juniper’s AI-driven enterprise...
Gartner calls SASE a transformational technology but analysts from IHS Markit and IDC aren't...
“The important thing to realize is we’re in this for the long haul,” Chronicle CEO Stephen...
SDxCentral Weekly Wrap for Nov. 8, 2019: Security and SD-WAN are Fortinet’s focus; Amazon is...
The company cited simplicity and security as being the heart of its K10 platform in order to target...
You may have noticed last week that Ubiquiti added a new “feature” to their devices in a firmware updated. According to this YouTube video from @TomLawrenceTech, Ubiquiti built an new service that contacts a URL to “phone home” and check in with their servers. It got some heavy discussion going, especially on Reddit.
The consensus is that Ubiquiti screwed up here by not informing people they were adding the feature up front and also not allowing users to opt-out initially. The support people at Ubiquiti even posted a quick workaround of blocking the URL at a perimeter firewall to prevent the communications until they could patch in the option to opt-out. If this was an isolated incident I could see some manner of outcry about it, but the fact of the matter is that companies are adding these hidden features more and more every day.
The first issue comes from the fact that most release notes for apps any more are nothing aside from platitudes. “Hey, we fixed some bugs and stuff so turn on automatic updates so you get the best version of our stuff!” is somewhat common now when it comes to a list of Continue reading
SnapRoute's network operating system joins InfoBlox's growing software portfolio and helps fill out...
Hello my friend,
After the release of the previous article outlining the data and control plane security for IPv4 in Cisco, Nokia and Mellanox/Cumulus (link) I’ve got several requests about the security in IPv6. The requests were fair enough and with this article we close this gap.
1
2
3
4
5 No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus for providing me the Mellanox switch and Cumulus license for the tests.
This is the fourth article in the series about the Mellanox/Cumulus switch. The three previous are:
The importance of the security for the network in terms of the control and data plane protection was explained in the previous article Continue reading
Menlo Security claims to provide VMware VeloCloud customers with direct access to the internet...
The deeper integration provide a consistent operational security model for customers running...
In a 100 switch deployment, Pica8's pricing is roughly 98.5% lower than Cisco's, the vendor...
The vendor added proactive and defensive capabilities across its security portfolio as part of its...