Risky Business 67: Firmware pwnage

Security researcher John Heasman has learned it is possible to load undetectable rootkits into PCI devices, as we explain in this week's Risky Business security podcast.

Patrick Gray

This week’s Risky Business security podcast looks at firmware root kits with John Heasman from the US arm of NGS Software. Download it here:

http://itradio.com.au/security

Some time ago, John figured out how to plonk a root kit on to a PCI device.

As you can imagine, those sorts of root kits can be very difficult to detect and remove.

But it gets worse.

Newer research, due to be presented at BlackHat in Las Vegas, will show how the CPU on some PCI devices (like the chip on network devices designed to do TCP checksum calculations) can actually be used to run the root kits.

That means they never gets loaded into main memory. Try detecting that!

Surveillance technology under fire, amid growing societal concerns

As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance ...

Deep learning pioneer Fei-Fei Li on the fundamentals of ethical AI

AI luminary Fei-Fei Li was among a group of distinguished AI researchers asked to share their thoughts on how to develop ethical ...

Andrew Ng's AI playbook for the enterprise: 6 must-dos

AI legend and online education pioneer Andrew Ng has developed an AI playbook for businesses. Here are six must-dos.

SearchSecurity

Risk & Repeat: Cisco vulnerabilities raise backdoor concerns

This week's Risk & Repeat podcast looks at vulnerabilities in Cisco and Huawei products, which have raised concerns ...

2019's top email security best practices for employees

Attackers exploit email every day to break into your network, but you can reduce risk for everyone by promoting these email ...

IT pros stress importance of security awareness training

End-user naiveté can lead to costly data breaches, underscoring the critical importance of security awareness training. Learn how...

SearchNetworking

Riverbed launches SaaS accelerator and updates SD-WAN products

Riverbed's latest update is spearheaded by the launch of its SaaS Accelerator, promising to speed up SaaS apps primarily for ...

Customers get a peek at future Extreme Networks products

Extreme Connect attendees got a peek at the company's product roadmap. Upcoming Extreme Networks products include an IoT device ...

Marconi Mainnet launched for building, scaling complex networks

The Marconi Mainnet platform provides blockchain security, multi-cloud connectivity, advanced firewalls and secure gateways for ...

SearchDataCenter

3 ways to approach cloud bursting

With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

Exascale computing, now at $2.8B, described as critical to U.S.

The race to build exascale supercomputers is a project of big governments -- China, Japan, the European Union and the U.S. ...

HPE-Cray deal brings supercomputers to enterprises for AI

HPE's $1.3 billion deal to acquire supercomputing pioneer Cray Inc. should better position the company in the HPC market among IT...

SearchDataManagement

Inside view of Tibco integration architecture planning

Tibco's acquisitions of well-regarded, small software specialists such as SnappyData are part of a drive toward what it calls '...

Lumina launches Radiance, a data risk management platform

In an effort to prevent data loss, Lumina launched Radiance, a SaaS data risk management platform. It collects and analyzes data ...

Advice on enterprise data cleansing from an SAP VP

SAP's Kristin McMahon details data cleansing best practices and explains why a good data cleanse needs continual communication, ...

Read more on Security policy and user awareness

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.