On The Metal Rick Altherr
Jan 13, 2020
Rick Altherr, a cybersecurity enthusiast, discusses USBAnywhere vulnerability, BMC security risks, and nostalgia for Cray supercomputers. He explores challenges in BMCs, Redfish development, firmware complexities, and power-off bug solutions. The critical role of firmware in preventing hardware failures and the evolution of the Open Compute Project are also highlighted.
AI Snips
Chapters
Transcript
Episode notes
Exposed BMCs
- Rick Altherr scanned the entire IPv4 address space and found 47,000 vulnerable servers.
- Nobody knew why these servers' baseboard management controllers (BMCs) were exposed, but everyone knew they shouldn't be.
Finding vs. Exploiting
- Identifying the vulnerability's existence was quick, taking only an hour with Wireshark.
- Creating a proof of concept exploit was more challenging, requiring firmware reverse engineering with tools like Ghidra.
Cray Love
- Rick Altherr's favorite computer is the Cray supercomputer, appreciating its aesthetic and intricate design.
- He even sat on one at the Deutsches Museum in Munich.