May 9, 2023
Sister Podcasts, Paying Ransom to Hackers, Torvalds first RC for Linux 6.4, MSI Cyber Attack
In this Episode:
Three podcasts you might find interesting
Should Companies Consider Paying Ransom to Hackers
Torvalds announces the first RC for Linux 6.4
?? Olimpiu Pop, Transylvania, Romania ↗
LKML: Linus Torvalds: Linux 6.4-rc1
Linus Torvalds Announces First Linux Kernel 6.4 Release Candidate – 9to5Linux
Linus Torvalds Cleaned Up the Intel LAM Code for Linux 6.4 – Slashdot
MSI Cyber Attack Leaks Code Signing Keys
Hey, it’s 5:05 on Tuesday, May 9th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang.. Stories into this episode come from Edwin Kwan in Sydney, Australia, Olimpiu Pop in Transylvania, Romania, Ian Garrett in Arlington, Virginia. And we will start with a message from the Executive Producer, Mark Miller.
Let’s get to it.
This is Mark Miller, Executive Producer of It’s 5:05. We have three other shows that we’ve added to our syndicate here that you might be interested in.
The first is with DJ Schleen. His show is called daBOM. That’s B-O-M, where he talks about SBOMs with leaders in the software industry. The second show we have is called Real Technologists with Tracy Bannon. If you haven’t listened to that, it’s a pretty exciting show because what she does is tells the personal stories of people and their careers and how they got to where they are today.
The third show we have, and I’m a little partial to this one because I’m the host, is called. “That’s in my EULA??” where lawyer Joel MacMull and I get together and we literally tear apart a typical end user license agreement for TikTok or YouTube or Slack or Zoom or something like that.
If any of those sound interesting, all of us would appreciate you joining our little tribe and subscribing to the shows that interest you. In the meantime, please enjoy today’s show and we’ll see you soon.
This is Edwin Kwan from Sydney, Australia.
The ABC News recently interviewed the CEO of the Australian Cyber Security Research Center on whether companies should consider paying ransom to hackers. Her view is that we should not, as it normalizes the criminal behavior. She said that once you receive the ransomware note, you are in reputation salvage mode as your data is already compromised. At that point, paying criminals is more of an insurance policy for them not to publish your data.
The Australian government is currently looking to impose a ban on ransomware payments to cyber criminals, to remove that option, take it completely off the table for company boards.
That will sent a message to cyber criminals and allow companies to focus on their customers and mopping up what they can. She does concede that there can be situations for paying a ransom, such as when there are threats to life, such as hospital systems.
One piece of common and important security advice is to always make sure your devices are updated with the latest patches. However, if you have anything from MSI, you might want to wait on any firmware updates. A recent leak from a hack by the group, Money Message, shows keys that would normally be reserved to show the legitimacy of an update, so you might be inadvertently installing malware that your device deems legitimate.
Hey folks. This is Ian Garrett in Arlington, Virginia.
MSI, a Taiwanese PC vendor, has been hit by a cyber attack that saw some of its information systems infiltrated by hackers. After detecting the breach, MSI’s IT department initiated information security defense mechanisms and recovery procedures.
The company also reported the issue to the relevant government authorities. MSI confirmed that the cyber attack has had no significant financial or operational impact on the company.
However, cyber criminals may have an easier time attacking MSI laptops after a ransomware gang leaks private code signing keys for the company’s products. The leak comes from a group known as Money Message, which has infiltrated MSI and stolen sensitive company files, including alleged source code.
Cybersecurity firm, Binarly, analyzed the leak files and confirm they contain private co-signing keys for the MSI firmware across fifty-seven products. These keys are important because MSI uses them to certify that a firmware update comes from the company. Otherwise, a computer can flag the software as untrusted and potentially malicious.
The leak also contains private signing keys for Intel Boot Guard, which can verify the correct computer code is running when a PC first boots up. Binarly found private keys for Intel Boot Guard across one hundred sixteen MSI products. The company also noted that Intel Boot Guard is used across the tech industry. MSI has merely worn customers to install firmware and bios updates from the company’s official websites, not from third party sources.
MSI has limited options to fix the problem, and for now, it remains unclear if the company can revoke the private signing keys.
What better moment than a Sunday around noon to roll out the release candidate for the Linux Kernel. Torvalds just announced the closing of the merge window and the release of Linux Kernel 6.4-RC1. Among the features promised, you can find Intel Liniar Address Masking support, user events for tracing, or the ability for the machine keying used for machine owner keys to store only certificate authority-enforced keys.
According to Linux’s announcement post, the long awaited Shadow Stack hardware security feature, didn’t make the cut into this release. His words read:
” The one feature that didn’t make it was the x86 Shadow Stack code. That side was probably a bit unlucky, in that it came in as I was looking at x86 issues anyway, and so I looked at it quite a bit and had enough reservations that I asked for a couple of fairly big reorganization.”
Version 6.4 of Linux will come with greater harder support through new and updated drivers. To name just a couple of the many:
– rumble support for the latest xbox controllers
– a new driver for Novo Tech touch controllers
– and some thermal improvements in the media Tech driver.
You can see the whole list in the 9to5linux article or in the official announcement.
The final release of Linux Kernal 6.4 is expected around late June or early in July. Those of you that would like to try it earlier can download it from Linus Torvald’s git tree or kernel.org. The full episode and resources are available on 505updates.com.
This was Olimpiu Pop reporting from Transylvania, Romania.
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Mark Miller, Edwin Kwan. Olympian pop. And Ian Garrett for today’s contributions.
The Executive Producer is Mark Miller. The editor and the sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.