Podcasts about iommu

In this episode of the Hack the Planet Podcast: We are joined by a master of C code audit, Ilja van Sprundel, Director of PenTest at IOActive and prolific public … Continue reading "Interview with Ilja van Sprundel"

Don't buy that M1-powered Apple machine just yet, solving Wayland-driven fragmentation, and why Firefox is about to get an upgrade on Linux. Plus the imminent problem KDE solved this week, and more.

Don't buy that M1-powered Apple machine just yet, solving Wayland-driven fragmentation, and why Firefox is about to get an upgrade on Linux. Plus the imminent problem KDE solved this week, and more.

Don't buy that M1-powered Apple machine just yet, solving Wayland-driven fragmentation, and why Firefox is about to get an upgrade on Linux. Plus the imminent problem KDE solved this week, and more.

¿Me compro un NAS o monto un servidor?. En caso de decidir montar mi propio servidor ¿Qué hardware me conviene y cual debo comprar? ¿Qué diferencias de precio y de rendimiento hay entre uno y otro? ¿Es fácil montarlo? ¿Qué es un hipervisor y qué tipos hay?.¿Puedo acceder directamente al hardware físico con un hipervisor? ¿Sabes qué es IOMMU? Todo esto y mucho más es lo que te espera en el podcast de hoy junto a @NiPeGun de Hacks4geeks. Enlaces de interés: HP Gen 10: http://amzn.to/2GhWifG DELL PowerEdge T30: http://amzn.to/2Fc7hpq Rapberry Pi: http://amzn.to/2GdMEur ODROID-HC: http://www.hardkernel.com/main/products/prdt_info.php?g_code=G150229074080 Hacks4geeks: http://hacks4geeks.com @NiPeGun: https://twitter.com/nipegun Eduardo Collado: https://www.eduardocollado.com Ugeek: https://ugeek.github.io Métodos de contacto NASeros: Web: https://naseros.com YouTube: https://www.youtube.com/c/naseros Grupo de Telegram: https://t.me/NASeros Facebook: https://www.facebook.com/naseros.es/ iTunes: https://itunes.apple.com/es/podcast/naseros-podcast/id1019402412?mt=2 Twitter: @NASeros_com iVoox: https://www.ivoox.com/22700286 Twitter personal: @macjosan

Hardware and Trust Security: Explain it like I’m 5 Teddy Reed Security Engineer Facebook Nick Anderson Research Scientist There are a lot of presentations and suggestions that indicate HSMs, TrustZone, AMT, TrEE, SecureBoot, Attestation, TPMs, IOMMU, DRTM, etc. are silver bullets. What does it all mean, should we be afraid, excited, hopeful? Hardware-based security features are not the end of the world, nor its savior, but they can be fun and useful. Although these technologies are vulnerability research targets, their trust concepts can be used to build secure software and devices. This primer covers practical defensive uses of existing and upcoming hardware security and mobile trust technologies. We will overview the strengths, pitfalls, gotchas of these esoteric acronyms; and explain the capabilities of related features built into consumer and enterprise laptops, mobile, and embedded devices. Let’s take a tour around the wild world of hardware and trust security! Teddy is a Security Engineer at Facebook developing production security tools. He is very passionate about trustworthy, safe, and secure code development. He loves open source and collaborative engineering when scale, resiliency, and performance enable defensive and protective software design. Teddy has published at security conferences on trusted computing, hardware trusted systems, UAVs, botnet development, human performance engineering, competition game theory, biometric vulnerabilities, and PaaS API vulnerabilities. Nick Anderson is a research scientist at a US super serious secret laboratory. When Nick is not fighting cyber warriors in the cyber threatscape in his cyber career, he is actively engaged in malware research and enjoys failing at web development. Nick received his masters degree from NYU Polytechnic School of Engineering after completing his bachelors degree in Mathematics from the University of Wyoming.

Attacking Hypervisors Using Firmware and Hardware Yuriy Bulygin Advanced Threat Research, Intel Security Mikhail Gorobets Advanced Threat Research, Intel Security Alexander Matrosov Advanced Threat Research, Intel Security Oleksandr Bazhaniuk Advanced Threat Research, Intel Security Andrew Furtak Security Researcher In this presentation, we explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines. We will also show how a firmware rootkit based on these vulnerabilities could expose secrets within virtual machines and explain how firmware issues can be used for analysis of hypervisor-protected content such as VMCS structures, EPT tables, host physical addresses (HPA) map, IOMMU page tables etc. To enable further hypervisor security testing, we will also be releasing new modules in the open source CHIPSEC framework to test issues in hypervisors when virtualizing hardware. Mikhail Gorobets is a security researcher in the Advanced Threat Research team. His area of expertise includes hardware security, virtualization technologies, reverse engineering, and vulnerability analysis. Previously, he led a team of security researchers working on Intel Virtualization Technology (VTx) and Intel Atom core security evaluation. Mikhail holds a MS in computing machines, systems, and networks from the Moscow Institute of Electronics and Mathematics. Alexander Matrosov has more than ten years of experience with malware analysis, reverse engineering, and advanced exploitation techniques. He is currently a senior security researcher in the Advanced Threat Research team at Intel Security Group. Prior to this role, he spent four years focused on advanced malware research at ESET. He is co-author of numerous research papers, including “Stuxnet Under the Microscope,” “The Evolution of TDL: Conquering x64,” and "Mind the Gapz: The most complex bootkit ever analyzed?". Alexander is frequently invited to speak at security conferences such as REcon, Ekoparty, Zeronigths, AVAR, CARO, and Virus Bulletin. Nowadays, he specializes in the comprehensive analysis of advanced threats, modern vectors of exploitation, and hardware security research. Oleksandr Bazhaniuk is a security researcher in the Advanced Threat Research team. His primary interests are low-level hardware security, bios/uefi security, and automation of binary vulnerability analysis. His work has been presented at world-renowned conferences, including Black Hat USA, Hack In The Box, Hackito Ergo Sum, Positive Hack Days, Toorcon, CanSecWest. He is also a co-founder of DCUA, the first DEF CON group in Ukraine. Andrew Furtak is a security researcher focusing on security analysis of firmware and hardware of modern computing platforms. He was previously a security software engineer. Andrew holds a MS in applied mathematics and physics from the Moscow Institute of Physics and Technology. Yuriy Bulygin is chief threat researcher at Intel Security Group where he is leading the Advanced Threat Research team in identifying and analyzing new threats impacting modern platforms and researching mitigations in hardware and software against these threats. He joined Intel’s Security Center of Excellence in 2006, where he was responsible for conducting security analysis and penetration testing of microprocessors, chipsets, graphics, and various other components, firmware, and technologies on Intel PCs, servers, and mobile devices. Yuriy is also a member of the core security architecture team reviewing Intel’s future products. Prior to joining Intel, he was teaching undergrad seminars in information security at Moscow Institute of Physics and Technology. Twitter: @c7zero

On this week's mini-episode, we'll be talking with Baptiste Daroussin about packaging the FreeBSD base system with pkgng. Is this the best way going forward, or are we getting dangerously close to being Linux-like? We'll find out, and also get to a couple of your emails while we're at it, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Xen dom0 in FreeBSD 11-CURRENT (https://svnweb.freebsd.org/ports?view=revision&revision=382965) FreeBSD has just gotten dom0 (http://wiki.xen.org/wiki/Dom0) support for the Xen hypervisor, something NetBSD has had (http://wiki.netbsd.org/ports/xen/howto/#netbsd-dom0) for a while now The ports tree will now have a Xen kernel and toolstack, meaning that they can be updated much more rapidly than if they were part of base It's currently limited to Intel boxes with EPT and a working IOMMU, running a recent version of the -CURRENT branch, but we'll likely see it when 11.0 comes out How will this affect interest in Bhyve? *** A tale of two educational moments (http://blog.anthrobsd.net/044.html) Here we have a blog post from an OpenBSD developer about some experiences he had helping people get involved with the project It's split into two stories: one that could've gone better, and one that went really well For the first one, he found that someone was trying to modify a package from their ports tree to have fewer dependencies Experience really showed its worth, and he was able to write a quick patch to do exactly what the other person had been working on for a few hours - but wasn't so encouraging about getting it committed In the second story, he discussed updating a different port with a user of a forum, and ended up improving the new user's workflow considerably with just a few tips The lesson to take away from this is that we can all help out to encourage and assist new users - everyone was a newbie once *** What's coming in NetBSD 7 (http://saveosx.org/NetBSD7/) We first mentioned NetBSD 7.0 on the show in July of 2014, but it still hasn't been released and there hasn't been much public info about it This blog post outlines some of the bigger features that we can expect to see when it actually does come out Their total platform count is now over 70, so you'd be hard-pressed to find something that it doesn't run on There have been a lot of improvements in the graphics area, particularly with DRM/KMS, including Intel Haswell and Nouveau (for nVidia cards) Many ARM boards now have full SMP support Clang has also finally made its way into the base system, something we're glad to see, and it should be able to build the base OS on i386, AMD64 and ARM - other architectures are still a WIP In the crypto department: their PNRG has switched from the broken RC4 to the more modern ChaCha20, OpenSSL has been updated in base and LibreSSL is in pkgsrc NetBSD's in-house firewall, npf, has gotten major improvements since its initial debut in NetBSD 6.0 Looking to the future, NetBSD hopes to integrate a stable ZFS implementation later on *** OpenZFS office hours (https://www.youtube.com/watch?v=mS4bfbEq46I) We mentioned a couple weeks back that the OpenZFS office hours series was starting back up They've just uploaded the recording of their most recent freeform discussion, with Justin Gibbs (http://www.bsdnow.tv/episodes/2015_03_11-the_pcbsd_tour_ii) being the main presenter In it, they cover how Justin got into ZFS, running in virtualized environments, getting patches into the different projects, getting more people involved, reviewing code, spinning disks vs SSDs, defragging, speeding up resilvering, zfsd and much more *** Interview - Baptiste Daroussin - bapt@freebsd.org (mailto:bapt@freebsd.org) Packaging the FreeBSD base system with pkgng Discussion Packaging the FreeBSD base system with pkgng (follow-up) Feedback/Questions Jeff writes in (http://slexy.org/view/s20AWp6Av1) Anonymous writes in (http://slexy.org/view/s20QiFcdh8) Alex writes in (http://slexy.org/view/s2YzZlswaB) Joris writes in (http://slexy.org/view/s21Mx9TopQ) *** Mailing List Gold ok feedback@ (https://www.marc.info/?l=openbsd-ports&m=142679136422432&w=2) ***

Speaker: Prof. L. Rizzo Abstract: In this talk I will give a survey of solutions and tools that we have developed in recent years to achieve extremely high packet processing rates in commodity operating systems, running on bare metal and on virtual machines. Our NETMAP framework supports processing of minimum size frames from user space at 10 Gbits per second (14.88 Mpps) with very small CPU usage. Netmap is hardware independent, supports multiple NIC types, and it does not require IOMMU or expose critical resources (e.g. device registers) to userspace. A libpcap library running on top of netmap gives instant acceleration to pcap clients without even the need to recompile applications. VALE is a software switch using the netmap API, which delivers over 20 Mpps per port, or 70 Gbits per second with 1500 byte packets. Originally designed to interconnect virtual machines, VALE is actually very convenient also as a testing tool and as a high speed IPC mechanism. More recently we have extended QEMU, and with a few small changes (using VAEL as a switch, paravirtualizing the e1000 emulator, and with small device driver enhancements), we reached guest to guest communication speeds of over 1 Mpps (with socket based clients) and 5 Mpps (with netmap based clients). NETMAP and VALE are small kernel modules, part of standard FreeBSD and also available as add-on for Linux. QEMU extensions are also available from the author and are being submitted to the qemu-devel list for inclusion in the standard distributions.

Speaker: Prof. L. Rizzo Abstract: In this talk I will give a survey of solutions and tools that we have developed in recent years to achieve extremely high packet processing rates in commodity operating systems, running on bare metal and on virtual machines. Our NETMAP framework supports processing of minimum size frames from user space at 10 Gbits per second (14.88 Mpps) with very small CPU usage. Netmap is hardware independent, supports multiple NIC types, and it does not require IOMMU or expose critical resources (e.g. device registers) to userspace. A libpcap library running on top of netmap gives instant acceleration to pcap clients without even the need to recompile applications. VALE is a software switch using the netmap API, which delivers over 20 Mpps per port, or 70 Gbits per second with 1500 byte packets. Originally designed to interconnect virtual machines, VALE is actually very convenient also as a testing tool and as a high speed IPC mechanism. More recently we have extended QEMU, and with a few small changes (using VAEL as a switch, paravirtualizing the e1000 emulator, and with small device driver enhancements), we reached guest to guest communication speeds of over 1 Mpps (with socket based clients) and 5 Mpps (with netmap based clients). NETMAP and VALE are small kernel modules, part of standard FreeBSD and also available as add-on for Linux. QEMU extensions are also available from the author and are being submitted to the qemu-devel list for inclusion in the standard distributions.