"It Wasn't Me" - Ledger's HSM Hack

Adam M. Adam M.

Adam M.

Account Director @ BlueOptima | SaaS Sales | Revenue Builder | Sales Leader #DeveloperProductivity #SoftwareEngineering #MEDDPIC

发布日期: 2019年6月11日
+ 关注

If you sell, support, integrate, utilize or even sit close to a HSM (Hardware Security Module) then you will understand that the week so far has been quite intriguing following the report from Ledger security researchers; Gabriel Campana and Jean-Baptiste Bédrune, that highlighted HSM vulnerabilities that can be accessed remotely. The research titled: Everybody be Cool, This is a Robbery! (great title) will be presented in August at the BlackHat Conference (Vegas). I for one will certainly be there to hear their findings first hand.

Though there are rumblings in the Twitter-sphere of who the specific HSM vendor is, I think it's best to quote the lyrically talented artist known as 'Shaggy' and simply say:

"It wasn't me!" - Or the KeyperPLUS? for that matter, if the musical reference does not fit the bill for you.

I think this also needed to be cleared up as ZDNet.com, who initially posted the information on the research, did so with a blurred image of the KeyperPLUS? unit. Which of course, is quite inaccurate when reverting back to the lyrics of 'Shaggy' (yes the last time he will be mentioned). I mean, you could have just asked for starters.

Moving on.... The KeyperPLUS? HSM is designed with the integrity and resistance which makes it immune to the vulnerabilities mentioned within the report. This is level of assurance is the reason why it has maintained a FIPS 140-2 Level 4 Certification it holds for both Hardware and Firmware for many years - The Only One Of Its Kind on the market.

The unit is also based on a well-proven and FIPS certified secure operating system, with the HSM application itself developed using state-of-the-art defensive coding techniques in order to mitigate against common attack vectors and vulnerabilities. The KeyperPLUS? software is also architected in such a way to ensure that traversal between software layers is defended against, unlike in some more conventional approaches.

I hope that provides some clarity and if not, you can always connect and message (LinkedIn/Twitter), email on [email protected] or alternatively, wait for BlackHat and spot the only guy wearing a suit in the desert.

#Level4OverLevel3

要查看或添加评论,请登录

Adam M.的更多文章

社区洞察

其他会员也浏览了