Hello, welcome to the Monday, August 13th, 2018 edition of the Santernet Storm Center's Stormcast. My name is Johannes Orich, and I'm recording from Jacksonville, Florida.

You've got a number of stories from DefCon and Blackhead to talk about today. The first one I think is really interesting because it took so long for this

story to actually make the news. What this is about is a co-processor that came with via C3

processors. Now, these processors were sold around 2000, so pretty much out of date now. They may still

sitting around in embedded hardware, but for the most part, not really all that irrelevant.

This backdoor was actually documented, so I hate calling it a backdoor. It was in the

data sheet, but then again, who reads data sheets?

The problem here is that UserLand software was able to execute code using that co-processor

and affecting memory that was privileged.

So really nifty privilege escalation built into the CPU. Again, this was documented,

if so not very well. And the intention of this co-processor was to allow the software to execute

extended instruction sets that were not part of the standard X-86 instruction set

that these via processors were supposed to implement.

Second story is a vulnerability in Apple's mobile device management system,

in particular as it comes to OS10, when you for the first time

boot a Mac, it will reach out to Apple to check if the serial number of your Mac was

registered with a mobile device management system. Now, companies do that in order to, for example,

download standard configurations and software

to these devices.

Now, the initial setup was done quite well.

Apple did implement certificate pinning, so this essentially prevents a man in the middle

from affecting this process.

...