Latest Blog Posts

Nintendo Switch: Nvidia Tegra X1 Exploit

A hardware exploit has enabled some creative individuals to run Linux on the Nintendo Switch

  • 04-26-2018 (11:11 AM CST)
  • 0

The Quick Details

Over the past few weeks, the news of a hardware security issue have become publicly known thanks to the group “Fail0verflow. This provides a means for individual to short a specific pin on the device and this will cause a series of events that throws the device into the “Nvidia Tegra” chip’s USB Recovery Mode (RCM). The Tegra X1 Bug has allowed many creative minds to take a look at the platform and a few have been nice enough to document everything, including the Fusée Gelée vulnerability which is the meat and potatoes of this so called problem for Nintendo. Some have even gone so far as to get Linux running on the device! Surely, I do not advocate doing any of this, as you may damage your Switch in the process if not careful, and do not condone any illegal acts that this could enable. Regardless, it is neat to see how this has been done and, in this video, below you can Linux running on a Nintendo Switch and it’s pretty neat.

For further instruction and details here is a link to "Fail0verflow"'s documents.

Microsoft Outlook: Data Disclosure Vulnerability

Hackers may have taken advantage of your data in this disclosure issue

  • 04-12-2018 (10:17 AM CST)
  • 0

CVE-2018-0950

The newly patched Microsoft Outlook vulnerability, discovered and reported in Q4 of 2016, gave malicious users access to Windows login credentials. All the user needed to do was preview the email sent to them on Microsoft Outlook, and then without any other action, the user’s information was compromised. Going in to more detail, the problem is based in that of using a RTF (Rich Text Format) message and allowing the message to be previewed, this would then “phone home” and start a SMB connection.

Exploitation and Resolve

Outlook instantaneously loads OLE content (remote-host image file) and will start an automatic authentication session with the attacker and their remote system via the SMB connection with SSO (single sign-on). This then gives the victims username and hashed password, which is more than enough information to potentially gain access to the victim’s computer system.

This is all accomplished when an attacker exploits the newly publicized “CVE-2018-0950” by sending an RTF type message to the victim machine, via email, and because it contains an OLE object, it will load this automatically and connect to the remote attackers session, ultimately exposing their private information. To fix this you should update your Windows machine and continue to practice digital vigilance.

Apple to Make ARM Chips, Dropping Intel As Supplier

Long-time rummor comming true despite critics views

  • 04-10-2018 (10:29 AM CST)
  • 0

The Decision

Recently announced early this April (2018), Apple announced that it will be using custom ARM chips by their own design in favor of Intel. It has been said that this transition may take place as soon as 2020 and will primarily affect the current Intel powered devices, such as Apple’s laptops and desktops. This decision by Apple will still need to be determined as to whether or not it will future problems may arise. This speculatively will save Apple money in the long run but will cost them much in terms of research and development. Apple does however have experience in making their own CPU’s, as is seen in their A-series chips in recent mobile products.

Project “Kalamata”

Recent development of this new project will allow Apple to have a uniform production of their unique architecture across many of their devices. The challenge will be in creating a processor for desktops that is ARM compatible, but yet will allow for scalability. Other projects have been announced but they have yet to be fully announced and or are simply speculative at this point. However, among these changes surely will come a splendid revolution for Apple and their devices, allowing for better optimized and more efficient products in the end.

Ransomware Illegal in Michigan

How a "first of its kind" bill became a law

  • 04-03-2018 (10:20 AM CST)
  • 0

House Bill 5257

Little known to most, on November 29th, 2017 “House Bill 5257” was put into motion to make possession of “ransomware” a felony. This bill explained that to own ransomware in Michigan could be punishable up to a 10 year sentence in prison, this comes with the caveat that this is only applicable if the user has malicious intent. According to bill 5257, the judicial definition of ransomware is described as “a computer or data containment, encryption, or lock” that has potential to be used or introduced without authorization on an information system also demanding “payment of money or other consideration” in order to resolve the issue.

The Ruling

Ultimately, the bill was checked and edited in a manner in which the law would express that owning ransomware in Michigan, with a malicious intent, is “a crime punishable by up to three years in prison…”. On the dates of March 22nd and 23rd of 2018, the U.S. Senate voted 34 (Yes) to 0 (No) on the matter and then moving on to the House, it was voted 106 (Yes) to 3 (No) in agreement with the Senate. Now the bill has become a fully enforceable law.

Cloudflare 1.1.1.1 DNS Service

A fast, new, "privacy-first", service for consumers

  • 04-01-2018 (5:40 PM CST)
  • 0

What is DNS?

DNS is known as the “Domain Name System”, it's like the librarian at a library. For example, you can submit your book request (search the internet) and the Liberian (DNS) will check to see if it is available (resolve the address), if so they will provide you with the exact location of the book (routing to site) and it will be super easy to locate (connected!). Moving past the librarian analogy, the most common DNS connection has to be that of “Google” with their iconic quad eight (8.8.8.8), most commonly used and known to most techies.

The 1.1.1.1 Solution

Cloudflare, being one of the largest hosting organizations, has recently decided that they were big enough to get in on the consumer DNS service side of the internet. Interestingly enough they had to acquire the 1.1.1.1 address from the “APNIC” research group in charge of IP distribution in the Asia Pacific region. After snagging that sweet deal the team had to coincidentally decide on a launch date for this new DNS service. Keeping it in fashion with the address they decided on April 1st, 2018 and even though many thought it was a joke, it turned out to be the real deal. Thus we have achieved a new resolver for our usage, that of (1.1.1.1) . For more information on how to setup this new DNS service address, just click on the link or navigate to it!