Sunday, October 17, 2021

8 Inches vs 12 Inches

Ok, get your minds out of the gutter. I'm talking about silicon wafers.

We've all heard about car and truck production being impacted by chip shortages.


Why? I could have never guessed.

It turns out that automotive chips are fabricated on 200mm (8 in.) silicon wafers. Current wafer technology is 300mm (12 in.).

The use of chips in automobiles is booming so demand for 200mm wafers is increasing.

But the manufacturers of the wafer production technology are focusing on 300mm wafers.

This has caused a crunch in manufacturing of 200mm wafers.
As one headline from December (2020) read, "8-inch wafer capacity is in short supply to unimaginable levels", with the article stating "wafer production capacity is so tight that customers' demand for production capacity has reached a panic level." And that from mid 2021 "to the second half of 2022, the logic and DRAM markets will be out of stock."
ExtremeTech reported:
200mm was supposed to fade away as 300mm came online, and that worked from 2007 - 2014, ... 200mm capacity has gotten difficult to book. Large foundries like TSMC have been slow to add new 200mm capacity ...
Even the IEEE weighed in:
Despite the auto industry's desperation, there's no great rush to build new 200-mm fabs.
So, maybe the automotive industry could just move to 300mm wafers.
For automotive products from specification to PPAP would be more like 24 to 36 months, again depending on the complexity.
There's not going to be a quick fix.

Here's the only good news I've found around this:
Stop-start technology will be gone for now from non-diesel versions of Cadillac Escalade; Chevy Tahoe, Suburban, and Silverado; plus GMC Sierra and Yukon.

Sunday, October 10, 2021

Plan Z

Facebook had a bad day recently. And the next day wasn't too good either.


I've posted a couple of times (here and here) about my "Plan Z."

I've also posted several times (here, here, and here) about WFH risks.

Apparently Facebook doesn't read my blog.

Somebody at Facebook made a mistake. People make mistakes. That will happen.

What happened (or rather what didn't happen) next is the issue.

The Daily Mail had a good recap of the series of problems.
But the repair was delayed, according a purported insider, because of 'lower staffing in data centers due to pandemic measures', ...
There's the "WFH risk." And no Plan A.
Kieron Harding, an IT Infrastructure Engineer at GRC International Group, told DailyMail.com: 'The nature of the problem meant Facebook would have needed network engineers to physically access their BGP routers - and due to the pandemic, some of the data centers quite possibly don't have an engineer based on site, or someone who could have immediately started to work on the problem.'
"Facebook would have needed network engineers to physically access their BGP routers," Facebook didn't have a Plan B.
... the misconfiguration of the BGP also affected Facebook's physical door access systems
Facebook didn't have a Plan C.

You have to have a plan all the way down to Plan Z.

Be prepared.

Sunday, October 03, 2021

Microsegmentation Discovery

In my previous post on Microsegmentation, my closing comment was:
Labeling of assets is critical along with a comprehensive understanding of the applications relationships and dependencies.

In HP Enterprise's article on microsegmentation they said:
The smaller the segments, the more likely that security policies and controls can break normal interactions. So it's crucial to first get a lay of the land through a robust discovery process that uncovers what devices and applications are running on the network and then maps their data and traffic flows.
At a recent lunch with a network architect, he related how they had bought and implemented all the hardware for microsegmentation. But nobody would step up to the "robust discovery process" necessary. The microsegmentation capabilities of the equipment were never implemented. Eventually their hardware's capacity was exceeded and they were replaced.

What a shame.

Make sure that your microsegmentation project has not only the financial capital but the political capital to succeed.

Sunday, September 26, 2021

Everyone Gets a Rootkit

Now that I have your attention with that clickbait headline ...


There's been a recent flurry of articles about a longstanding Microsoft Windows capability called "Windows Platform Binary Table" (WPBT).

Introduced with Windows 8, here's an excerpt of Microsoft's description (docx):
This paper describes a mechanism for a platform, via the boot firmware, to publish a binary to Windows for execution.  The mechanism leverages a boot firmware component to publish a binary in physical memory described to Windows using a fixed ACPI table.
"via the boot firmware" is the significant part.

Microsoft goes on:
The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a "clean" configuration. WPBT allows the Windows image on disk to be modified at boot time.
Yikes!

Remember my advice to "Reload Windows on Your New PCs?" That might not be enough.

Principally, WPBT is there for hardware manufacturers to install their own firmware drivers before Windows loads.

But remember Murphy's Law: If anything can go wrong, it will.

As far back as 2015 there have been vulnerabilities related to WPBT. Here's (archive.is) Lenovo's story.

This popped up again this week in a report (archive.is) from eclypsium.

How-To Geek has the process (archive.is) on how to check your PC:
... open the C:\Windows\system32 directory and look for a file named wpbbin.exe. ... If it’s not present, your PC manufacturer hasn’t used WPBT to automatically run software on your PC.
My ThinkPad and Asus desktop were clean.

YMMV

Sunday, September 19, 2021

WFH Issues

WFH is a new acronym  for "Work From Home." I've blogged about my concerns before here and here.

Recently I came across a white paper from HP's Wolf Security group. Remember that they sell "endpoint security."

According to our HP Wolf Security Blurred Lines and Blindspots report, 23% of office workers globally expect to predominantly work from home post-pandemic, with an additional 16% expecting to split their time equally between home and the office. This will have far-reaching consequences for organizations across all economies.
This change is here to stay. That's really scary from a security perspective.

Here is a summary of their findings.

OFFICE WORKER REBELLIONS

Apathy
  • 39% of office workers surveyed aged 18-24 were unsure of the existing data security policies in place at their work
  • 36% of office workers surveyed had been given training on how to protect their home network
  • 54% of office workers surveyed aged 18-24 were more worried about deadlines than exposing the business to a data breach
Frustration
  • 48% of office workers surveyed aged 18-24 thought security policies are a hindrance
  • 37% of office workers surveyed said security policies and technologies are too restrictive
  • 48% of office workers surveyed said security measures result in a lot of wasted time
Circumvention
  • 31% of office workers surveyed aged 18-24 had tried to circumvent security
We have a lot of work to do.

There's another section on IT Team Rejections. I'll let you read that at your leisure.


Sunday, September 12, 2021

Mobile LTE Coverage Map

I recently came across an interesting article posted by the Federal Communications Commission (FCC).

It contains a map that shows the 4G LTE mobile coverage areas of the nation’s four largest mobile wireless carriers: AT&T Mobility, T-Mobile, UScellular, and Verizon.

It states that the coverage map was created using data submitted voluntarily by the four mobile carriers and depicts the coverage a customer can expect to receive when outdoors and stationary.

I am an AT&T wireless customer and have always found that cellular coverage varies significantly in the Memphis metro area.

This tool supports that experience on AT&T but I am skeptical of the other carriers' reporting.

Here is an example of LTE data in a neighborhood in Memphis that is not friendly to cellular towers.

AT&T

T-Mobile

Verizon

Who do you believe?

For reference, here's a map of cell tower locations.




Sunday, September 05, 2021

Microsegmentation

Years ago, a co-worker and I had a discussion about architecting our Unix systems as if each one was at risk from the network, even the LAN. His thinking was that you would never know where the threat was coming from so you should not trust anyone except those connections you made deliberately.

He was so far ahead of everyone else. And ahead of the technology available then.

Now we have Software Defined Networking (SDN). Usually SDN is applied to Wide Area Networks (WANs). SDNs warrant a whole series of posts on their own.

What is now nascent is Microsegmentation.


This excerpt from eSecurity Planet nails my co-worker's vision.
The Problem With Traditional Security Techniques
More traditional security tools, such as firewalls, VPNs and network access control (NAC), have their limits because they focus primarily on securing the network perimeter. Security teams historically assumed the biggest threats were attacking from outside the network. But that approach overlooked insider threats - and the damage that hackers could do when they eventually got inside the network.
SDN provides the underlying technology that wasn't available years ago.

But that allows you to worry about the next layer. What traffic do you allow between systems? Now you need to get to Layer 7 granularity.

Gardicore has a good article that lays out the benefits (and challenges) of microsegmentation.
Benefits of Microsegmentation
Lateral Movement Security
Reduce Attack Surface
Secure Critical Applications
Then an organization has to consider the methods.
Microsegmentation by environment
Creating regulatory boundaries
Microsegmentation by application type
Microsegmentation by tier
The steps for an implementation effort are:
Identify what needs to be segmented
Tackle short-term goals
Deal with long term goals
Repeat
Labeling of assets is critical along with a comprehensive understanding of the applications relationships and dependencies.

I'll cover more of microsegmentation in future posts.