Tag Archive for: coming

Coming to a laptop near you: A new type of security chip from Microsoft

/in


Promotional image of new laptop computer.

In November 2020, Microsoft unveiled Pluton, a security processor that the company designed to thwart some of the most sophisticated types of hack attacks. On Tuesday, AMD said it would integrate the chip into its upcoming Ryzen CPUs for use in Lenovo’s ThinkPad Z Series of laptops.

Microsoft already used Pluton to secure Xbox Ones and Azure Sphere microcontrollers against attacks that involve people with physical access opening device cases and performing hardware hacks that bypass security protections. Such hacks are usually carried out by device owners who want to run unauthorized games or programs for cheating.

Now, Pluton is evolving to secure PCs against malicious physical hacks designed to install malware or steal cryptographic keys or other sensitive secrets. While many systems already have trusted platform modules or protections such as Intel’s Software Guard Extensions to secure such data, the secrets remain vulnerable to several types of attacks.

One such physical attack involves placing wires that tap the connection between a TPM and other device components and extract the secrets that pass between the machines. Last August, researchers disclosed an attack that took only 30 minutes to obtain the BitLocker key from a new Lenovo computer preconfigured to use full-disk encryption with a TPM, password-protected BIOS settings, and UEFI SecureBoot. The hack—which worked by sniffing the connection between the TPM and the CMOS chip—showed that locking down a laptop with the latest defenses isn’t always enough.

A similar attack unveiled three months later showed it was possible to exploit a vulnerability (now fixed) in Intel CPUs to defeat a variety of security measures, including those provided by BitLocker, TPMs, and anti-copying restrictions. Attacks known as Spectre and Meltdown have also repeatedly underscored the threat of malicious code pulling secrets directly out of a CPU, even when the secrets are stored in Intel’s SGX.

A new approach

Pluton is designed to fix all of that. It’s integrated directly into a CPU die, where it stores crypto keys and other secrets in a walled-off garden that is completely isolated…

Source…

The Robots Are Coming! – Security Boulevard

/in


 The debate around SOC automation has been a fun one to follow. Allie Mellen wrote a short but on the spot piece about it, reaffirming what seems to be the commonsense opinion on this topic today: Automation is good, but to augment human capacity, not replace it.

 

After that Anton brought up a very interesting follow up, confirming that view but also pointing to a scary future scenario, where automation would be adopted so extensively by the attackers that it would force defense to do the same. Does this scenario make sense? 

 

I believe it does, and indeed it forces defense to adopt more automation. But even if Anton says the middle ground position is “cheating”, I still think it is the most reasonable one. There will never be (until we reach the Singularity) a fully automated SOC, just as there will never be a fully automated attacker (until…you know). Why? Let’s look at the scenario Anton painted for this evolved attacker:

 

 

• You face the attacker in possession of a machine that can auto-generate reliable zero day exploits and then use them (an upgraded version of what was the subject of 2016 DARPA Grand Challenge)
• You face the attackers who use worms for everything, and these are not the dumb 2003 worms, but these are coded by the best of the best of the offensive “community”

 

 

Even if it looks scary, this scenario is still limited in certain points. You may have malware capable of creating exploits by itself, but what will they exploit? What is this exploitation trying to accomplishThere is an abstract level of actions that is defined by the creator of the malware. Using MITRE ATT&CK language, the malware is capable of generating multiple instances of a selection of techniques, but a human must define the tactics and select the techniques to be used. Quoting Rumsfeld, there will be more known unknowns, but the unknown unknown is still the realm of humans.

 

A few years ago, I had a similar discussion with a vendor claiming that their deep learningbased technology would be able to detect“any malware”. This is nonsense. Even the most advanced ML still needs to be pointed to some data to look…

Source…

A Wave Of Billion-Dollar Computer Vision Startups Is Coming

/in


Computer vision is the most technologically mature field in modern artificial intelligence. This is about to translate into enormous commercial value creation.

The deep learning revolution has its roots in computer vision. At the now-historic 2012 ImageNet competition, Geoff Hinton and team debuted a neural network—a novel architecture at the time—whose performance eclipsed all previous efforts at computer-based image recognition. The era of deep learning was born, with computer vision as its original use case. In the decade since, computer vision capabilities have raced forward at a breathtaking pace.

To put it simply, computer vision is the automation of human sight. Sight is mankind’s most important sense; it underlies much of human life and economic activity. The ability to automate it therefore opens up massive market opportunities across every sector of the economy.

(To be sure, other areas of AI—natural language processing, for instance—have also become increasingly powerful in recent years. But core technology breakthroughs in NLP have come more recently, and as a result NLP remains more nascent from a product and commercial perspective.)

The first wave of entrepreneurial activity in modern computer vision centered on autonomous vehicles. Several startup success stories in that field, including computer vision pioneer Mobileye’s $15.3 billion sale to Intel in 2018, highlight the technology’s power to transform markets and unlock massive economic value.

Today, computer vision is finding applications across every sector of the economy. From agriculture to retail, from insurance to construction, entrepreneurs are applying computer vision to a wide range of industry-specific use cases with compelling economic upside.

Expect to see many computer vision startups among the next generation of “unicorns.” A crop of high-growth computer vision companies is nearing an inflection point, poised to break out to commercial scale and mainstream prominence. It is an exciting and pivotal time in the technology’s…

Source…

Kraft is coming out with pumpkin spice mac and cheese (yes, you read that right)

/in

Mac and cheese is the perfect comfort food, and it’s been known to take on a wide range of spins, from boxed mac hacks to fancy versions with high-end cheeses and truffle oil. But the latest twist on …
mac hacker – read more