February 2, 2018

Apple fixes security hole in Intel ME discovered by Positive Technologies

Apple has released a security update for macOS High Sierra 10.13.2, macOS Sierra 10.12.6 and OS X El Capitan 10.11.6, that patches a vulnerability in Intel Management Engine found by Positive Technologies experts Mark Ermolov and Maxim Goryachy. Details are available in a security document on the Apple support website.

January 26, 2018

How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME

At the recent Black Hat Europe conference, Positive Technologies researchers Mark Ermolov and Maxim Goryachy spoke about the vulnerability in Intel Management Engine 11, which opens up access to most of the data and processes on the computer.

Such level of access also means that any attacker exploiting this vulnerability, once bypassed traditional software-based protection, will be able to conduct attacks even when the computer is turned off. New details of the study in our blog post.

January 22, 2018

MySQL grammar in ANTLR 4

The main purpose of a web application firewall is to analyze and filter traffic relevant to an application or a class of applications, such as web applications or database management systems (DBMS). A firewall needs to speak the language of the application it is protecting. For a relational DBMS, the language in question will be an SQL dialect.

Let us assume that the task is to build a firewall to protect a DBMS. In this case, the firewall must recognize and analyze SQL statements in order to determine whether they comply with the security policy. The depth of analysis depends on the task required (for example, detection of SQL injection attacks, access control, or correlation of SQL and HTTP requests). In any case, the firewall must perform lexical, syntactic, and semantic analysis of SQL statements.