Dark mode: ON

Infosec Decoded Season 3 #36: fTPM

With @sambowne@infosec.exchange

May 5, 2023

Sam Bowne

faulTPM: Exposing AMD fTPMs' Deepest Secrets
Windows 11 made a Trusted Platform Module 2.0 mandatory. While discrete TPMs - as found in higher-end systems - have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus. In this paper, we analyze a new class of attacks against fTPMs. Bitlocker can be defeated by an attacker with 2-3 hours of physical access to the target device. A TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase.

State-controlled media experience sudden Twitter gains after unannounced platform policy change
Amazing charts show large increase in the reach of Russian, Chinese, and Iranian propaganda reach since Mar 28, 2023. NPR confirmed on April 21 that Twitter had made the deliberate decision to stop filtering government accounts in Russia, China, and Iran. Twitter used to limit amplification of state-affiliated media entities, but recently reversed that policy.

Verified Twitter Accounts Spread Misinfo About Imminent Nuclear Strike
Several bluecheck Twitter accounts and a YouTube channel spread misinformation about heightened nuclear threats online last night, saying that Russian military jets were being armed with nuclear payloads aimed at Ukraine’s capital, Kyiv. The verified Twitter accounts also spread the rumor that Russia was preparing a nuclear response hours after two drones exploded over the Kremlin and Moscow accused Kyiv and the United States of attempting to assassinate Vladimir Putin.

Army of hired guns: How Russia's 'PMCs' are becoming the main invasion force
Private Military Companies are illegal in Russia, so naturally, Moscow has been using them for decades. Now, it’s making them the main invasion force. “Putin… is now fully committed to recruiting irregular forces to avoid calling up mobilization.” Advertisements for PMCs have exploded across Russia: “They go on everything: ads on porn sites, near the metro, banners everywhere.” The units are hiring everybody they can, not just veterans. The Defense Ministry is reportedly still trying the prisons, offering cash and freedom for front-line combat.

‘Fallout’-Style Cartoons Meant to Train Russian Soldiers Are Spreading on Telegram