JUSTFORTHESHELLOFIT

Did Intel Just Get the Axe?

Link to Paper

Intel could probably start causing fires with their processors and still be the number one provider of silicon in the world. They are not likely to find themselves filing bankrupcy because a research team has continued to develop an exploit disclosed in January. While the modification for use of processors may reduce chipset features, Intel has provided a superior product for a significant duration. Cancel culture should not creep into decisions based on logic. I have reached out to these researchers about a possible interview.

Link to ZECOPS 3 Part Write Up

With the development of SMBGhost and SMBleed attacking the vector that is SMB compression in Windows, the CacheOut and SGAxe team has continued the trend for maintaining and growing a documented vulnerability with expertise in both marketing and technical aptitude. It is apparent the CVE chain will likely give way to the gamification of vulnerability disclosure. That is not to say CVE will no longer be used, but that the impact of vulnerability disclosure may give precedence to those able to market their wares accordingly.

CVEdetails.com

Does anyone find it strange that VMWARE has not had any vulnerabilities published in what looks like six months? I was reviewing some of the documentation and there appears to be a configuration for a NFS share that seems a little sub-par. I know, misconfigurations are different than vulnerabilities. That being said, for those of you who are misconfiguring your NFS shares through sharing via IP address for read/write access, I can assure you that setting an IP address and using your NFS shares directory to then compromise your VM’s and datastores would have a severe impact. Especially if it is done over a length of time longer than you use to incrementally backup or snapshot systems.

Leave a Reply

%d bloggers like this: