cyber predictions

Every time I see myself on the pod I'm like "gotta move that plant" and then I don't.

Join millions who have switched to Grok.

@RiversidedotFM And on Reddit what I see is people saying they got quoted a miscellaneous array of prices anywhere from 10x to 100x the price of the "Pro" plan. And then i'm like ya know. I'll make do with pro. lol

@RiversidedotFM But fine. I'll click Book A Demo, and WHAM: Monster form. I don't fill out forms like this for free. You gotta be the IRS to make me fill out this form. And again, I do not need a demo. I already use this product better than half your employees, I swear. So I go to reddit.

Real life example. @RiversidedotFM - great product, use it personally. But this pricing page kills me. I just wanna know how much it costs. ballpark, so I know whether or not to even try. I know how to use it. Don't need to book a demo. Better CTA: "Get Your Pricing"

Not having ANY enterprise pricing information on your website at all raises the barrier SO HIGH for me to engage with your company at all. I have buying power, and I know the approximate limits of it, and if your thing is too expensive, it is a waste of both our time to even talk.

Great coverage by @dangoodin001 for @arstechnica about the active exploitation of CVE-2024-54085 (AMI MegaRac SPx Authentication Bypass) - thanks for the @eclypsium shoutout!

I think CVE-2024-54085 (AMI MegaRAC SPx Authentication bypass) (discovered by @eclypsium) is the first BMC vulnerability in CISA's Known Exploited Vulnerabilities list.

RT @eclypsium: Yesterday CISA added CVE-2024-54085, a vulnerability discovered by Eclypsium that affects AMI’s MegaRAC BMC software, to its….

@eclypsium Watch me yap about BMC security on YouTube if that’s more your format

Here’s the @eclypsium post where we discussed this Redfish vuln. It’s the third in a series we’ve done over the past several years, disclosing (after proper disclosure processes) vulnerabilities in BMCs

wow! an AMI MegaRAC/Redfish CVE just got added to @CISAgov’s Known Exploited Vulnerabilities list. CVE-2024-54085 (discovered by @eclypsium ) a Redfish auth bypass vuln with a CVSS 4.0 score of 10 (critical) is being used in the wild. Good time to bone up on BMC security.

Here's a link to the @NVIDIADC Offensive Security Team's research on BMC security Shoutout to @AlexTereshkin and @Adam_pi3 for this awesome research, and thanks for citing @eclypsium in the footnotes!.

The bottom line: BMCs are critical infrastructure that can't be ignored from a security perspective. A compromised BMC = game over for your entire server fleet. Time to treat BMC security with the same rigor as your application security. 🛡️.

Cybersecurity Recommendations For AI Data Center Operators:. Audit your BMC firmware security posture.Change default credentials immediately.Disable unused BMC services and APIs.Implement network segmentation for BMC traffic.Monitor BMC access logs closely.

Key Finding #6: Unauthenticated RCE . A buffer overflow in the telemetry logging library allowed unauthenticated remote code execution. No credentials needed. just send a crafted packet and own the BMC entirely. Hard yikes.

Key Finding #5: Host Firmware Manipulation . Perhaps most concerning: the BMC could write arbitrary data to the host's SPI flash memory. This means attackers can modify bootloaders, disable Secure Boot, and achieve persistent firmware-level access. 🚨.

Key Finding #4: Command Injection Everywhere .Multiple APIs (SNMP config, NTP config) directly embedded user input into shell commands without sanitization. Classic command injection vulnerabilities that should never exist in production firmware.

Key Finding #3: Memory Corruption Galore . With BMC access, they found APIs allowing arbitrary memory read/write within the IPMI server process. No ASLR, no stack canaries, no basic exploit mitigations. It's like security hardening from 2005. 💀

Key Finding #2: .Hash Leak → Password Cracking. Once they had a valid username, they could request HMAC hashes and perform offline brute-force attacks to recover passwords. The IPMI protocol itself requires plaintext passwords. Here's a deeper explainer of the challenge here.