ISC StormCast for Monday, May 8th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 7 May 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, May 8, 2017 edition of the Sansanet Storm Center's Stormcast. My name is Johannes Ulrich, |
| 0:08.7 | and today I'm recording from Jacksonville, Florida. Tenable released a blog post with details regarding |
| 0:16.1 | Intel's AMT vulnerability that caused a lot of press and a lot of concerns last week. |
| 0:24.3 | And well, what Tenable did discover actually is pretty severe. |
| 0:29.7 | Turns out that AMT uses Digest Authication to authenticate clients. |
| 0:36.9 | Now, Digest authentication has problems, but in itself, |
| 0:41.1 | it's reasonably solid. But Intel implemented the algorithm badly. When a user submits a password hash, |
| 0:49.8 | then Intel does only compare as many digits of the hash as the user submitted. |
| 0:57.0 | So if the user submits a null-size hash or no hash at all, then nothing is compared and the user is automatically logged in. |
| 1:07.0 | So all the user has to do is submit a username without a password and the user is automatically |
| 1:14.6 | logged in. |
| 1:16.5 | So a regular browser will not really allow you to exploit this, but it would be trivial to set |
| 1:22.8 | up a little proxy that deletes the hash or to set up a custom little Python script that will log you in and then execute whatever command you need to execute within the AMT user interface. |
| 1:36.3 | Another important point that's made here in Tenables block is the test system. They used as standard Dell computer. It did come with AMT, but it had to be |
| 1:48.1 | enabled first. And that's quite typical. You first have to enable the feature to be vulnerable. |
| 1:54.6 | It's typically not a vulnerable out of the box. But again, this may depend on the vendor and on the specific system that you're |
| 2:03.2 | looking at. So given that there is now a working exploit out there, definitely get patching, |
| 2:09.9 | and it will take you some while to really find all this system and patch them all, in particular |
| 2:14.5 | if it requires BIOS updates, disable the feature if you can, |
| 2:19.3 | and at the very least disable incoming traffic on your firewall. And researchers at the |
| 2:25.9 | Technical University of Braunschweig in Germany did some interesting work looking at actual |
| 2:31.2 | implementations of ultrasonic side channels. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.