In this episode of IT SPARC Cast, John Barger and Lou Schmidt delve into the latest IT news, including a novel attack vector that uses radio signals from RAM to break into air-gapped networks, Oracle’s ambitious plans to power data centers with nuclear reactors, and the phasing out of ActiveX by Microsoft. Lou also introduces the power of eBPF (Extended Berkeley Packet Filter) technology in his Hot Take, discussing its role in high-performance monitoring without compromising kernel security. As always, there’s plenty of insights, banter, and a touch of nostalgia.

Show Notes:

Intro

• Episode Overview: RAMBO attacks on air-gapped networks, Oracle’s nuclear data center vision, and the unexpected longevity of ActiveX. [INSERT LINK HERE for further reading]

News Bytes

• RAMBO Air-Gap Attack: A groundbreaking attack vector discovered by Dr. Guri from Israel, where radio signals from RAM is used to exfiltrate data from air-gapped networks using radio signals. https://thehackernews.com/2024/09/new-rambo-attack-uses-ram-radio-signals.html

• Microsoft Phases Out ActiveX: A nostalgic look back at ActiveX and its impending deprecation in Office 2024, part of Microsoft’s broader security enhancements. https://www.computerworld.com/article/3510909/activex-to-be-disabled-in-office-2024.html 

• Oracle’s Nuclear Data Centers: Larry Ellison’s bold plans for next-gen data centers powered by small modular nuclear reactors, addressing energy needs and vulnerabilities. https://www.cnbc.com/2024/09/10/oracle-is-designing-a-data-center-that-would-be-powered-by-three-small-nuclear-reactors.html 

CVE of the Week

• CVE-2024-43491: A critical vulnerability in Windows 10 version 1507, which allows attackers to roll back patches and exploit system flaws. Exploits are already in the wild, with a severity score of 9.8 out of 10. Microsoft advises immediate action to mitigate this threat. https://www.securityweek.com/microsoft-says-windows-update-zero-day-being-exploited-to-undo-security-fixes/

Lou’s Hot Take

• Introduction to eBPF (Extended Berkeley Packet Filter): Lou breaks down the advantages of eBPF in high-performance monitoring, especially in cloud and container environments. He explores its potential in replacing kernel-level monitoring, offering better security without sacrificing performance. 

https://falco.org/ Falco is a cloud-native security tool designed for Linux systems.

https://coroot.com/ is monitoring systems in containerized deployments

https://deepflow.io/ is doing full service mapping in containerized full stack deployments

https://cilium.io/ One of the core toolkits maintained by the team building eBPF. 

• CrowdStrike Incident Recap: Reflecting on the March kernel panic caused by an update, Lou discusses how eBPF could mitigate such risks in the future.

Wrap Up

• Feedback Request: John and Lou invite listeners to share thoughts on eBPF, how they’re handling Windows 10 updates, and any other topics they’d like covered in future episodes. Reach out at feedback@itsparccast.com or @ITSPARCCast on X. 

Hosted on Acast. See acast.com/privacy for more information.