Bit9

New Centrino platform will be all of the rage at the upcoming Black Hat 2009 conference in Washington DC this February. Joanna Rutkowska and Rafal Wojtczuk will evaluate attacking scenarios against Intel's Trusted Execution Technology.

Intel's efforts to bring a fully features Web Server directly into the Motherboard has been discussed on numerous boards and has been highlighted by Ivan Krstic in his keynote at the First Conference in Vancouver earlier this year. Subverting permanently one's motherboard may end up being the ultimate acts of subversion.

So what's all the rage. You can read on Intel's pages:

"3. Intel AMT Platform Security

While one of the key usage models for Intel AMT is that it allows management applications to access client computers when they are in a powered-off state, the radio in a wireless network interface card (NIC) is typically not operational in power states other than S0. Thus, no wireless Intel AMT functionality is available when laptops are powered down or in low-power modes (sleep, hibernate, etc.).

Going one better: "Intel AMT Releases 2.5 and 3.0 are concurrent releases, with Release 2.5 supporting wireless capabilities on mobile platforms and Release 3.0 supporting wired PCs."

You may not need a physical access anymore, but rather wardrive through a neighborhood or just take a public transportation to attack all those laptops that do not even need to be powered on.

Accompanying the Centrino Duo and Centrino Pro release were announcements of new notebook computers from Hewlett-Packard, Gateway, Fujitsu, Sony, Toshiba, Acer, Lenovo, Dell, and others. Several hundred new notebook models with the updated Centrino platforms are expected to be released and make this technology ubiqitous.

Here's a great illustration of effectiveness between IDS and Endpoint Lockdown as we have implemented it. Having a passive IDS (Intrusion Detection System) product in your Enterprise is akin sitting in a train and snapping pictures of the world that goes by. You may see bad things that you would have liked to have eliminated, but it is usually to little and to late.

On the other hand, your ability to eliminate all the unwanted or unknown components each and every time, gives you the protection for exactly the same motives that an IDS system was bought, additional visibility. As in example, you need to whack exactly what is wrong, and whack them all without a mistake.

Most organizations permit use of alternative Email clients. We all have our preferences. I still love Pine under Unix, for example. Yes, a bit retro. But, where's the line between an alternative Email client and a SPAM tool? They both send email, yet a SPAM tool does it more efficiently. A good SPAM tool may even be a great commercial product with a large price tag or even with Anger Management features. Should an Enterprise IT department monitor a list of Email clients used throughout the organization and pick only the top 10 to 20 most popular ones, and disable these boutique tools used by employees that have too much free time or too much desire for a quick buck? Down side for having your Enterprise IP segments blacklisted is known. A lot of SPAM from your organization creates brand damage that goes beyond the inability to send or receive domain from a certain mail servers. Depending on where your internet or web services traffic is destined to, it may be subjected to stricter control and outright traffic denial.

Spyware has generally taken to mean a low-tech malware that is more of a nuisance than threat, unless it tries to steal my personal data. And, given the sophistication of today's cybercrime gangs, spyware is below the belt. They are interested in rootkits, sophisticated botnet C&C protocols, etc.

Yet, we should look below the surface and ponder how bad would it be to find Credit Card Generators in your Enterprise environment. It surely cannot be permissible according to the corporate policy. Even worse, there will be liability for damages generated by the rogue employee even though he may not possess an immediate threat to the company itself. Any software used for outright criminal activity, although not necessarily malicious from the IT security's perspective, should be controlled by Enterprise IT departments.