Techlines Today
You’ve Been Hit by a Brick-and-Run
Those of us that work in the PC industry have wanted to initiate a permanent denial of service (PDOS) to a temperamental piece of hardware from time to time, usually with the aid of a sledge hammer or a gentle knudge down a flight of stairs. Rich Smith, head of research for offensive technologies & threats at HP Systems Security Lab, plans to demonstrate such a PDOS attack – remotely.
Smith will demonstrate how network-enabled systems firmware is susceptible to a remote PDOS attack — which he calls “phlashing” — this week at the EUSecWest security conference in London. He’ll also unveil a fuzzing tool he developed that can be used to launch such an attack as well as to detect PDOS vulnerabilities in firmware systems.
His so-called PhlashDance tool fuzzes binaries in firmware and the firmware’s update application protocol to cause a PDOS, and it detects PDOS weaknesses across multiple embedded systems.
Phlashing? PhlashDance demo? Did we have to go completely looney with the naming? “Damn, sir, we’ve been phlashdanced!” Take that to management when determining next fiscal’s security budget. When the commonplace term “bricking” is rather appropriate, they choose to go another direction.
“We’ve been hit with a brick-and-run!”
Recent Articles
Tag Cloud
Annoyances Apple Apple iPod Backup Backups Command Line Command Prompt Customization File Management Firefox Gaming Gmail Google Google Calendar Google Chrome Google Docs Internet Internet Explorer Linux Media Center Microsoft Excel Microsoft Office Microsoft Outlook Microsoft Word Mozilla Thunderbird Multimedia Networking Office Optimization OS X Privacy Productivity Security Shortcuts System Administration Troubleshooting Ubuntu Vista Windows Windows 7 Windows Home Server Youtube
Discussion
No comments for “You’ve Been Hit by a Brick-and-Run”
Post a comment