Hello, welcome to the Thursday, September 28, 2017 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Baltimore, Maryland.

Did he today conclude his three-part diary about a resume PDF that he received?

If you remember, one of the sticking points kind of

wasn't embedded JPEC that DA wasn't really all that sure about. Well, he now managed to sort of

finally analyze it. And turns out JPEG structures, they are quite complex. And the DAG goes into quite a bit of detail about how JPEC structures, they are quite complex, and DDA goes into quite a bit of detail about how JPEX are composed.

And of course, he has a Python tool for you to help you analyze JPEX.

In the end, the JPEC didn't look malicious, but of course one of the hardest things in Info Security is to prove

that something is not malicious or not compromised. So he still leaves the opening here that

maybe there's actually an exploit that's being triggered in some JPEG viewers, but nothing that he was able to detect.

Nevertheless, he managed to disassemble the entire JPEC structure

and really explain quite well how JPEX are composed and how to analyze them.

And Linux 414 was released, and with that there are some quite interesting security enhancements that were introduced.

First of all, the Linux kernel now does support the AMD version of secure memory encryption. Now, this is only supported on the latest AMD processors.

Intel took a little bit different approach with SGX,

which really more isolates different memory areas from each other,

so one process cannot necessarily read memory from another process

and he also has a second sort of version of their encryption which is secure

encrypted virtualization that part is not yet implemented and it would allow the

hypervisor like send for example to isolate memory from

different virtual machines better in addition Linux now also supports some of the

cold boot attack protections that have been implemented in reasoned biases the

...