FOXTROT/ALFA: Raymond Banned for Saying “Fuck”, Chip Vulnerabilities, ICANN Can’t Decide on .org Deal

Hello and welcome to FOXTROT/ALFA #86 for Tuesday, 10 March 2020. The newsletter is a bit late today as I had a busy one. I wrote a blog post, two articles, recorded a podcast and an hour-long video show, among other things. But let’s get you a quick overview of the tech news before it gets much later…

Details on the Eric Raymond Ban

So, according to this tweet… opens incognito browser window to circumvent account banthis tweet, Eric Raymond was banned as of a “#NoAssholeRule” in the Open Source Initiative’s Code of Conduct. Apparently, OSI got their CoC out because of this email (see the attached conversation, as the original email was blocked off the list), which is laughable, to be honest. The worst insult I can find in there is this:

Its originator is a toxic loonytoon who believes “show me the code” meritocracy is at best outmoded and in general a sinister supremacist plot by straight white cisgender males.

Seriously? That’s no even being rude. “Toxic loonytoon”? That’s so cute, that wouldn’t even have been considered an insult in fourth grade.

Or maybe it was this:

The “Persona Non Grata” clause is best understood as an attempt to paralyze resistance to such political ratfucking by subverting the freedom-centered principles of OSI. It is very unlikely to be the last such attempt.

OMG! He said “fucking”!!!

For fuck’s sake, OSI, grow up!

Security Roundup

The anti-theft devices in millions of Toyotas, Hyundais and Kias can be hacked by cloning the keyfob via RFID. Only Tesla fixed the vulnerability, which is inherent in the car makers' implementation of the DST80 crypto system.

Researchers from KU Leuven in Belgium and the University of Birmingham in the UK earlier this week revealed new vulnerabilities they found in the encryption systems used by immobilizers, the radio-enabled devices inside of cars that communicate at close range with a key fob to unlock the car’s ignition and allow it to start. Specifically, they found problems in how Toyota, Hyundai, and Kia implement a Texas Instruments encryption system called DST80. A hacker who swipes a relatively inexpensive Proxmark RFID reader/transmitter device near the key fob of any car with DST80 inside can gain enough information to derive its secret cryptographic value. That, in turn, would allow the attacker to use the same Proxmark device to impersonate the key inside the car, disabling the immobilizer and letting them start the engine.

Firefox 74.0 is out. Security improvements include fixes for five memory corruption bugs rated with “high” severity and seven other security-relevant bugs of lower severity.

More Meltdown-type attacks have been discovered for Intel chips:

Computer security researchers involved in the discovery of the Meltdown and Spectre vulnerabilities affecting many modern processors have developed a related attack technique called Load Value Injection (LVI). The attack relies on microarchitectural data leakage to inject and execute malicious code in a way that breaks the confidentiality of modern Intel systems.

Chipzilla’s processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That’s because LVI protection involves compiler and assembler updates that insert extra x86 instructions (lfence) and replace problematic instructions (such as ret) with functionally equivalent but more verbose instruction sequences.

Using Spectre-style code gadgets – pre-existing code patterns in memory that can be manipulated to perform operations for the attacker – LVI can expose secrets and compromise Intel’s SGX secure enclave technology. SGX, in fact, makes the attack easier because the tech’s design allows attackers to create page faults for enclave memory loads by altering untrusted page tables.

Meanwhile, AMD also has new security vulnerabilities in their processors to contend with.

AMD processors sold between 2011 and 2019 are vulnerable to two side-channel attacks that can extract kernel data and secrets, according to a new research paper. In a paper titled, “Take A Way: Exploring the Security Implications of AMD’s Cache Way Predictors,” six boffins explain how they reverse-engineered AMD’s L1D cache way predictor to expose sensitive data in memory.

To save power when looking up a cache line in a set-associative cache, AMD’s CPUs rely on something called way prediction. The way predictor allows the CPU to predict the correct cache location required, rather than test all the possible cache locations, for a given memory address. This speeds up operations, though it can also add latency when misprediction occurs.

The cache location is, in part, determined by a hash function, undocumented by AMD, that hashes the virtual address of the memory load. By reverse engineering this hash function, the researchers were able to create cache collisions which present observable timing effects – increased access time or L1 cache misses – that allow covert kernel data exfiltration, cryptographic key recovery, and weakening ASLR defenses on a fully-patched Linux system, the hypervisor, or the JavaScript sandbox.

ICANN Can’t Make Up its Mind about the .org Sale

The Internet Corporation for Assigned Names and Numbers (ICANN) had its first virtual meeting this week because of the-virus-that-shall-not-be-named and was confronted by a lot of angry netizens asking what was going on with the .org sale (a topic I’ve reported on in this newsletter at length). It didn’t go too well.

At one point, after ICANN refused to answer a question about whether any commitments on the future of .org could be subsequently changed without input from .org owners, the virtual chatroom was flooded with people demanding a response from the organization supposedly in charge. They didn’t get one.

It seems ICANN can’t make up its mind. And time is running out.

In 11 days, DNS overseer ICANN is supposed to rule on the $1.13bn purchase of a critical piece of the internet – the .org registry with its 10 million domain names. But ICANN has yet to even decide what criteria it will use decide whether to green-light the takeover.

Despite two previous postponements, four months’ notice, dozens of letters, and a protest outside its headquarters, on Monday this week ICANN refused to say whether it will consider the broader public interest in its decision, or apply the same criteria it used last time the registry changed ownership.

It even refused to say whether it considered the use of so-called “public interest commitments” (PICs) – a format that ICANN had itself devised – would be legally sufficient to address concerns from the non-profit community that the sale of the registry from non-profit Internet Society to an unknown private-equity firm would undermine decades of investment in their .org addresses.

ICANN told attendees at the start of the meeting it had decided the confab was going to be “a session designed to gather your input, to listen to your input, so we can take that into account when making our decision.” Everyone else, however, had expected the meeting to largely comprise ICANN representatives providing clear answers to precise questions that have been asked repeatedly for several weeks.

There has been mainstream press coverage, letters from US senators, organized protests, and an investigation by California’s Attorney General – and still, months later, ICANN has yet to explain how it will approach the issue.

If you are interested in this topic, it’s probably worth it to read the full piece about it on The Register.

Twitter Expands its Hate Speech Rules

Twitter is making the internet more safe by listing more things you’re not allowed to say on the platform. This increased censorship is apparently going to make Twitter a safer place. Hey, that’s what THE RESEARCH says, according to Twitter. They do list one (!) peer reviewed paper published in Current Opinion in Psychology, at least. I’ll be reading that as soon as I’ve managed to finagle myself access to it cough Sci-Hub cough.

In the meantime, take care that you don’t accidentally say something that could be construed as hate speech under these rules, because there are a lot of people out there who have nothing better to do than to sit on Twitter all day and squeal on people. And Twitter will ban your account.

Ricoh Introduces a 360° Camera That’s Clearly a Men In Black Homage

This is pretty weird… Someone at Ricoh obviously really likes the Men In Black movies:

Japanese imaging specialist Ricoh has spun off its 360° camera team into a new company called Vecnos.

The new outfit, which boasts the same core team behind the Ricoh Theta 360 camera line, already has a first product in the works: a pen-shaped 360° camera that looks a bit like the neuralyzer from Men In Black.

Users will be able to upload footage to an app, where they can cut and edit it for sharing. Vecnos also waxed lyrical about AI enhancements while not really explaining how these will work. In terms of imaging, the camera packs a proprietary four-lens system, with three lenses on the side, and one on the top of the device. This, the company said, has enabled the product to fit into a slim, pen-sized package.

Also Noteworthy

Some other stories that you might find interesting:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.