Author: Andreas

AMD Ready To Make Arm Chips

The ARMy grows

Source: AMD: We Stand Ready To Make Arm Chips | Tom’s Hardware

September 17, 2021
Good CX? Look no further than mobile authentication

The pandemic has uprooted life for everyone, from distributors to sellers to consumers; and with this change in the economy, a heavier dependence on digitalization has formed. Businesses across industries have placed a concentrated effort on transforming their digital presence to meet the growing needs of hungry consumers accustomed to instant gratification.

Source: Good CX? Look no further than mobile authentication

September 16, 2021
Schmelzkäse

Schmelzkäse

Für ein Sandwich aus dem Sandwich-Toaster unterwegs auf dem Plastik-Highway in die CO2-Hölle.

September 16, 2021
“Secret” Agent Exposes Azure Customers To RCE

This week, again Azure makes the news with cloud security issues. Following the linked article, Microsoft secretly installed a “management agent” on customer VMs. As if the act itself was not severe enough, the agent is reachable from the network.

Source: “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog

And, if this does not seem bad enough, the said agent will an attacker root access when the authentication header is missing:

This is even more severe. The RCE is the simplest RCE you can ever imagine. Simply remove the auth header and you are root. remotely. on all machines. Is this really 2021? pic.twitter.com/iIHNyqgew4
— Ami Luttwak (@amiluttwak) September 14, 2021

When working with the cloud, do your threat modelling before choosing a vendor.

September 15, 2021
Nervennahrung

Prinzregententorte

September 15, 2021
Apple may have to work alone on its electric car after failing to find a partner

The Apple-Car has been a rumor for years. And mobility is one of the hottest bets for the future. Car manufacturers, in particular premium brands, are in a good position to defend their pool position. The techradar.com news therefore does not sound surprising. At all.

From techradar.com

Some Apple gossip is pure fantasy, but some of the hearsay has roots in the real world. The Apple car falls into the latter category, and if a new report from Korean site mk.co.kr is accurate, the company now plans to shoulder the entire development process of the autonomous and/or electric car on its own.

Source: techradar.com

September 14, 2021
cloud based CI/CD issues – travis-ci

Travis-CI published a security bulletin the other day, describing a special condition that would allow to access secrets belonging to a foreign repository in Github or Bitbucket. The condition requires a fork from a public repository. That’s how open source work, and very central functionality. Not a corner case.

Turns out, the cloud service did address the issue, still plenty of secrets have been affected:

Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.

Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4https://t.co/i23jFzAjjH
— Péter Szilágyi (karalabe.eth) (@peter_szilagyi) September 14, 2021

While cloud technology is all great economically, this is another sample of why commercial software vendors need to consider third party vendors in their threat profiles.

September 14, 2021
Fack yu Goete

Schulanfang

September 14, 2021
Rumstehen

Schwammerl

September 13, 2021
Jedes Schild hat eine Geschichte

September 12, 2021