Rick Altherr
On The Metal
00:00
Intro
Discussion with Rick Alther about the discovery of a security vulnerability in system firmware, known as USB Anywhere, found in Supermicro VMCs through remote mounting of an ISO image as a CD-ROM drive, the risks it poses, and the collaboration for developing fixes.
Transcript
Play full episode
Transcript
Episode notes
You can find Rick on Twitter at https://twitter.com/kc8apf and read his blog at https://www.kc8apf.net/.
Some of the highlights of the show include:
- USBAnywhere: https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
- Rick's talk at OSFC: https://www.youtube.com/watch?v=QrcdHHsfaKQ
- OpenBMC: https://github.com/openbmc/openbmc https://lwn.net/Articles/683320/
- Wireshark: https://www.wireshark.org/ https://github.com/wireshark/wireshark
- Ghidra: https://www.nsa.gov/resources/everyone/ghidra/ https://ghidra-sre.org/ https://github.com/NationalSecurityAgency/ghidra
- ASPEED: https://www.aspeedtech.com/products.php?fPath=20&rId=440
- Nuvoton: https://www.nuvoton.com/products/cloud-computing/ibmc/?__locale=en
- CRAY 1: http://bitsavers.trailing-edge.com/pdf/cray/CRAY-1/2240004C_CRAY-1_Hardware_Reference_Nov77.pdf https://en.wikipedia.org/wiki/Cray-1
- Deutsches Museum: https://www.deutsches-museum.de/en/exhibitions/communication/computers/
- Seymour Cray: https://www.cray.com/company/history/seymour-cray https://www.britannica.com/biography/Seymour-R-Cray
- CDC 6600: https://en.wikipedia.org/wiki/CDC_6600 https://conservancy.umn.edu/handle/11299/104327
- Alpha Station: https://web.archive.org/web/20060701073452/http://h18002.www1.hp.com/alphaserver/workstations.html https://en.wikipedia.org/wiki/AlphaStation
- Tru64: https://groups.google.com/forum/?hl=en#!original/bit.listserv.esl-l/BovGe3q9yWE/cqlcCYfxmbAJ https://en.wikipedia.org/wiki/Tru64_UNIX
- Windows NT: https://web.archive.org/web/20040610122846/http://www.microsoft.com/presspass/features/1998/winntfs.asp https://web.archive.org/web/20020503172231/http://www.win2000mag.com/Articles/Print.cfm?ArticleID=4494 https://en.wikipedia.org/wiki/Windows_NT
- Windows NT on Mips: https://gunkies.org/wiki/Installing_Windows_NT_4.0_on_Qemu(MIPS)
- Palo Alto Goodwill: https://goodwillsv.org/store/palo-alto-store/
- SGI: https://en.wikipedia.org/wiki/Silicon_Graphics https://en.wikipedia.org/wiki/SGI_Visual_Workstation
- Cray 1 on ebay: https://www.theregister.co.uk/2010/05/24/cray_1_gate_module_ebay/
- root calvin: https://www.dell.com/support/article/us/en/04/sln306783/dell-poweredge-what-is-the-default-username-and-password-for-idrac?lang=en https://www.reddit.com/r/sysadmin/comments/2wem6s/is_there_any_story_or_history_behind_rootcalvin/
- Redfish: https://www.dmtf.org/standards/redfish https://redfish.dmtf.org/
- iKVM: https://www.ikvm.net/ http://www.ikvm.net/userguide/intro.html
- IPMI: https://www.intel.com/content/www/us/en/products/docs/servers/ipmi/ipmi-home.html https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface
- I2C: https://i2c.info/
- Non maskable interrupt: https://en.wikipedia.org/wiki/Non-maskable_interrupt
- Read and write heads: https://www.computerhistory.org/storageengine/thin-film-heads-introduced-for-large-disks/ https://www.tomshardware.com/reviews/hard-drive-magnetic-storage-hdd,3005-2.html https://en.wikipedia.org/wiki/Disk_read-and-write_head
- Fly height: https://en.wikipedia.org/wiki/Flying_height http://maeresearch.ucsd.edu/callafon/publications/2011/UweIEEETonM.pdf
- The legend of the walking drives: http://catb.org/jargon/html/W/walking-drives.html http://msgboard.snopes.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=103;t=000500;p=1
- Open Source Firmware Conference: https://osfc.io/
- Coreboot: https://www.coreboot.org/
- ChromeOS Firmware: https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/custom-firmware
- EDK II: https://github.com/tianocore/edk2
- Open Compute Project: https://www.opencompute.org/
- Width of a Horse's butt: http://www.naute.com/stories/rail.phtml
The AI-powered Podcast Player
Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
