Hundreds of millions of cable modems are vulnerable to critical takeover attacks by hackers halfway around the world, researchers said.
The attacks work by luring vulnerable users to websites that serve malicious JavaScript code that's surreptitiously hosted on the site or hidden inside of malicious ads, researchers from Denmark-based security firm Lyrebirds said in a report and accompanying website. The JavaScript then opens a websocket connection to the vulnerable cable modem and exploits a buffer overflow vulnerability in the spectrum analyzer, a small server that detects interference and other connectivity problems in a host of modems from various makers. From there, remote attackers can gain complete control over the modems, allowing them to change DNS settings, make the modem part of a botnet, and carry out a variety of other nefarious actions.
Cable Haunt, as the researchers have named their proof-of-concept exploit, is known to work on various firmware versions of the following cable modems:
Sagemcom F@st 3890
Sagemcom F@st 3686
Technicolor TC7230
Netgear C6250EMR
Netgear CG3700EMR
Seems like this attack is being served up via JavaScript, which means it can be delivered to your computer via ads even on trusted websites. It's unclear if having your own router between you and the modem makes a difference.
I'm hoping JavaScript whitelisting and ad blocking are sufficient, because my cable modem is on the list, and there are NO firmware updates available for my cable modem.
Edit The Cable Haunt website has a much more exhaustive list of vulnerable modems that include other brands than those listed in the Ars article. I recommend checking the Cable Haunt site to see if you are impacted.
The documents, from a subsidiary of the antivirus giant Avast called Jumpshot, shine new light on the secretive sale and supply chain of peoples' internet browsing histories. They show that the Avast antivirus program installed on a person's computer collects data, and that Jumpshot repackages it into various different products that are then sold to many of the largest companies in the world. Some past, present, and potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Condé Nast, Intuit, and many others. Some clients paid millions of dollars for products that include a so-called "All Clicks Feed," which can track user behavior, clicks, and movement across websites in highly precise detail.
Avast claims to have more than 435 million active users per month, and Jumpshot says it has data from 100 million devices. Avast collects data from users that opt-in and then provides that to Jumpshot, but multiple Avast users told Motherboard they were not aware Avast sold browsing data, raising questions about how informed that consent is.
The data obtained by Motherboard and PCMag includes Google searches, lookups of locations and GPS coordinates on Google Maps, people visiting companies' LinkedIn pages, particular YouTube videos, and people visiting porn websites. It is possible to determine from the collected data what date and time the anonymized user visited YouPorn and PornHub, and in some cases what search term they entered into the porn site and which specific video they watched.
Once again, the greatest threat to end user security isn't the end user themselves anymore. It's corporations who don't give a shit about actual privacy or security.
TetraNitroCubane on
+5
ShadowfireVermont, in the middle of nowhereRegistered Userregular
Remember that couple of months that Avast was good? Yeah...
Remember that couple of months that Avast was good? Yeah...
I still had avast on my HTPC. I don't typically do anything but watch sports streams on that computer, but sounds like I am uninstalling it finally. I didn't like any of their upgrades in the last 1-2 years, but I have just been too lazy.
Back to just defender and sandboxie I guess.
On a related note, apparently sandboxie is going open source, which seems kind of nice. I hadn't updated in a while, and while they transition they apparently stopped doing automatic updates, so you have to go to their website and download the newest version (might still automatically update once you get a version that is newer than the break point where they decided to transition to open source). Weirdly though it asks for your name/email/other occupational stuff in order to download. They claim it's for import/export stuff but whatever. I gave it everything fake except the email, since they probably already have that.
"The world is a mess, and I just need to rule it" - Dr Horrible
+1
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Yeah, the sandboxie situation is... Well, it's good and bad.
Sophos making it free is great, because Sandboxie is an excellent tool. It allows for the security of virtualization with a much more convenient way to access it, and it can be configured to work with programs automatically. I particularly like the way it can selectively isolate programs from the internet, or prevent them from launching other programs themselves! It really shuts down drive-by exploits. Giving people greater access to these tools for free is awesome.
But, the underlying reason they've done this is that they're dropping support. It is considered 'open source', but from what I understand it's a cryptic kludge of software that's going to be difficult for anyone to maintain, let alone for free out of the goodness of their heart. The original Sandboxie worked by exploiting quirks in Windows that have long since ceased to be relevant.
Given the way OS updates move these days, I'd say the next big Windows patch is liable to break Sandboxie beyond function, and this time there will be no tzuk (the original programmer) to figure out how to fix it.
Tweet also understates the whole thing. Good lord.
The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as the phone numbers and other personal details of some of them.
Israeli political parties receive personal details of voters before the elections and commit to protecting their privacy, as well as not to reproduce the registry, not to provide it to a third party, and to permanently erase all the information once the election is over.
...
The Likud has yet to respond to a request for comment.
According to information obtained by Haaretz, as well as Noam Rotem and Ido Kenan of the Cybercyber podcast, a vulnerability in the application allowed for anyone to easily download the entire voter registry. The only known leak of a similar magnitude occurred in 2006, when an Interior Ministry employee stole the population registry and distributed it illegally.
Haaretz received an anonymous tip about the security lapse, allowing anyone to obtain the leaked information in its entirety without using sophisticated tools. Right-clicking on the Elector app's home page and choosing "view source" revealed the original code of the internet page. The code revealed all the usernames and passwords of system admins, allowing one to log in and download the registry.
For a brief period during that testing, Schmidt’s company JAS Global Advisors accepted connections at corp.com that mimicked the way local Windows networks handle logins and file-sharing attempts.
“It was terrifying,” Schmidt said. “We discontinued the experiment after 15 minutes and destroyed the data. A well-known offensive tester that consulted with JAS on this remarked that during the experiment it was ‘raining credentials’ and that he’d never seen anything like it.”
Likewise, JAS temporarily configured corp.com to accept incoming email.
“After about an hour we received in excess of 12 million emails and discontinued the experiment,” Schmidt said. “While the vast majority of the emails were of an automated nature, we found some of the emails to be sensitive and thus destroyed the entire corpus without further analysis.”
Hey, I’m not sure if I should ask this here or in the sysadmin thread, but does anyone have any suggestions for books/resources on learning TCP/IP? Ideally I’d like to get into pen testing (I’m bored/frustrated with web development) but even if that’s not a realistic goal, I’d still like to learn for my own edification. I know woefully little about networking and would like to be less dumb.
Clearview AI, a startup that compiles billions of photos for facial recognition technology, said it lost its entire client list to hackers.
The company said it has patched the unspecified flaw that allowed the breach to happen.
In a statement, Clearview AI's attorney Tor Ekeland said that while security is the company's top priority, "unfortunately, data breaches are a part of life. Our servers were never accessed." He added that the company continues to strengthen its security procedures and that the flaw has been patched.
Clearview AI continues "to work to strengthen our security," Ekeland said.
In a notification sent to customers obtained by Daily Beast, Clearview AI said that an intruder "gained unauthorized access" to its customer list, which includes police forces, law enforcement agencies and banks. The company said that the person didn't obtain any search histories conducted by customers, which include some police forces.
The company claims to have scraped more than 3 billion photos from the internet, including photos from popular social media platforms like Facebook, Instagram, Twitter and YouTube.
Hey, I’m not sure if I should ask this here or in the sysadmin thread, but does anyone have any suggestions for books/resources on learning TCP/IP? Ideally I’d like to get into pen testing (I’m bored/frustrated with web development) but even if that’s not a realistic goal, I’d still like to learn for my own edification. I know woefully little about networking and would like to be less dumb.
Thanks!
It's got a smattering of stuff, but there's a Cybersecurity 2020 book bundle at Humble. That may be a good place to start. Of course, that implies you are fine with either printing your literature or working reading/working with it from a screen.
Hey, I’m not sure if I should ask this here or in the sysadmin thread, but does anyone have any suggestions for books/resources on learning TCP/IP? Ideally I’d like to get into pen testing (I’m bored/frustrated with web development) but even if that’s not a realistic goal, I’d still like to learn for my own edification. I know woefully little about networking and would like to be less dumb.
Hey, I’m not sure if I should ask this here or in the sysadmin thread, but does anyone have any suggestions for books/resources on learning TCP/IP? Ideally I’d like to get into pen testing (I’m bored/frustrated with web development) but even if that’s not a realistic goal, I’d still like to learn for my own edification. I know woefully little about networking and would like to be less dumb.
Thanks!
It's got a smattering of stuff, but there's a Cybersecurity 2020 book bundle at Humble. That may be a good place to start. Of course, that implies you are fine with either printing your literature or working reading/working with it from a screen.
Hey, I’m not sure if I should ask this here or in the sysadmin thread, but does anyone have any suggestions for books/resources on learning TCP/IP? Ideally I’d like to get into pen testing (I’m bored/frustrated with web development) but even if that’s not a realistic goal, I’d still like to learn for my own edification. I know woefully little about networking and would like to be less dumb.
Security researchers are warning of a major new security flaw inside Intel processors, and it could defeat hardware-based encryption and DRM protections. The flaw exists at the hardware level of modern Intel processors released in the last five years, and could allow attackers to create special malware (like keyloggers) that runs at the hardware level and is undetectable by traditional antivirus systems. Intel’s latest 10th Gen processors are not vulnerable, though.
It apparently takes quite a bit of technical skill to exploit, and it may be somewhat patchable - in as much as it be made unexploitable remotely, eventually.
ED emailed us the other day with a notice about an ongoing "...CYBEREVENT!" which is to say, someone in the province was getting fucked by Eternal Blue. That shit is 3 years old, are you for real? Why do I want to bet it was some hospital who aren't allowed the patch the patient critical XP machine that controls god knows what because the fucking vendor won't update?
+3
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited March 2020
Hey everyone! Getting tired of biological security flaws? How about more digital ones!
Yet another CPU flaw has been disclosed. Distinct from Meltdown and Spectre - which snoop data from CPUs - LVI - or Load Value Injection seems to sneak commands into execution. Looks like any patches to mitigate this new attack method will CONSIDERABLY slow down Intel processors.
LVI is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data.
LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.
Crucially, LVI is much harder to mitigate than previous attacks, as it can affect virtually any access to memory. Unlike all previous Meltdown-type attacks, LVI cannot be transparently mitigated in existing processors and necessitates expensive software patches, which may slow down Intel SGX enclave computations 2 up to 19 times.
Also, there's a fairly large and critical Windows vulnerability that's just been disclosed. No patch for this one yet, but the linked article does have a powershell command to mitigate the attack on vulnerable servers, and recommend blocking port 445 on vulnerable clients.
Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world.
The vulnerability exists in version 3.1.1 of the Server Message Block, the service that’s used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.
The flaw, which is tracked as CVE-2020-0796, affects Windows 10, versions 1903 and 1909 and Windows Server versions 1903 and 1909, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren’t available, and Tuesday’s advisory gave no timeline for one being released. Asked if there was a timeline for releasing a fix, a Microsoft representative said, “Beyond the advisory you linked, nothing else to share from Microsoft at this time.”
SANS FOR572 was a very very very very VERY shitty experience. I was grieving for Elizabeth Warren's campaign all the week that I took the boot camp for it, but I found the lectures and notes completely and utterly irrelevant to what the practice tests expect: having HTTP headers, tshark, nfdump and some languages that aren't in the books at all.
Are there any books on HTTP header forensics, tshark, nfdump etc?
3DS Friendcode 5413-1311-3767
0
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited April 2020
In a bizarre turn of events, apparently the source code for both Team Fortess 2 and CS:S have been leaked. With the source code being out in the wild, there's been proof of concept of remote code execution being leveraged on systems playing these games in the same server as an attacker.
The source code for Team Fortress 2 has apparently been leaked, leading to hackers reportedly able to deliver malware through Remote Code Execution to other players.
This leak was initially reported by @SteamDB on Twitter, with the source code in question dating back to 2017 and 2018, affecting Counter-Strike: Source and Team Fortress 2. According to a report on the issue from PCGamesN, several Team Fortress 2 server communities have advised players to avoid the game until further notice.
Valve are yet to comment, and the PoC attacks are currently unconfirmed, but it's still making waves out there at the moment.
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited April 2020
The source code for CS:S was leaked, from what I understand, so I believe that would make CS:S vulnerable. I've seen some other headlines implicating CS:GO, but nothing concrete.
There are additional rumblings out there that other source engine games may also be exposed due to shared code, too. I have heard that Gary's Mod may be one to avoid until an official statement has been issued.
Hopefully Valve will issue as statement sooner than later. For now I would treat the news with careful skepticism, but err on the side of caution. It may be FUD, but this is the sort of thing that can't be reversed once it hits.
Edit: There are some reports that CS:GO is also in this bucket.
Basically anything made from the source engine would be susceptible to the attacks.
So, not counting mods, that's...
Half-Life 2
Vampire: The Masquerade – Bloodlines
Half-Life 2: Deathmatch
Half-Life: Source
Counter-Strike: Source
Day of Defeat: Source
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life 2: Episode One
Garry's Mod
SiN Episodes
Dark Messiah of Might and Magic
The Ship
Kuma\War
Half-Life 2: Episode Two
Team Fortress 2
Portal
Dystopia
Insurgency: Modern Infantry Combat
Left 4 Dead
Left 4 Dead 2
Zeno Clash
NeoTokyo
Bloody Good Time
Vindictus
E.Y.E.: Divine Cybermancy
Alien Swarm
Portal 2
No More Room in Hell
Nuclear Dawn
Postal III
Dino D-Day
Dear Esther
Counter-Strike: Global Offensive
Hybrid
Tactical Intervention
The Stanley Parable
Blade Symphony
Consortium
Contagion
Insurgency
Aperture Tag: The Paint Gun Testing Initiative
Fistful of Frags
Portal Stories: Mel
The Beginner's Guide
Infra
Day of Infamy
Black Mesa
Going to be interesting to see how many of them actually patch for this crap. Good thing I never got into PC TF2.
Basically anything made from the source engine would be susceptible to the attacks.
So, not counting mods, that's...
Half-Life 2
Vampire: The Masquerade – Bloodlines
Half-Life 2: Deathmatch
Half-Life: Source
Counter-Strike: Source
Day of Defeat: Source
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life 2: Episode One
Garry's Mod
SiN Episodes
Dark Messiah of Might and Magic
The Ship
Kuma\War
Half-Life 2: Episode Two
Team Fortress 2
Portal
Dystopia
Insurgency: Modern Infantry Combat
Left 4 Dead
Left 4 Dead 2
Zeno Clash
NeoTokyo
Bloody Good Time
Vindictus
E.Y.E.: Divine Cybermancy
Alien Swarm
Portal 2
No More Room in Hell
Nuclear Dawn
Postal III
Dino D-Day
Dear Esther
Counter-Strike: Global Offensive
Hybrid
Tactical Intervention
The Stanley Parable
Blade Symphony
Consortium
Contagion
Insurgency
Aperture Tag: The Paint Gun Testing Initiative
Fistful of Frags
Portal Stories: Mel
The Beginner's Guide
Infra
Day of Infamy
Black Mesa
Going to be interesting to see how many of them actually patch for this crap. Good thing I never got into PC TF2.
The exploit seems to be if the victim is on the same server as the attacker. So, don't play any of these games online?
"Simple, real stupidity beats artificial intelligence every time." -Mustrum Ridcully in Terry Pratchett's Hogfather p. 142 (HarperPrism 1996)
Other online game engines have had their source code legitimately released (e.g. older id Software engines); is there a reason why this is more dangerous than those would be? I know I'm probably being incredibly thick here, but it's something I've wondered.
Other online game engines have had their source code legitimately released (e.g. older id Software engines); is there a reason why this is more dangerous than those would be? I know I'm probably being incredibly thick here, but it's something I've wondered.
In the present situation the difference is that supposed Proof of Concept for remote code execution was already demonstrated for TF2.
The veracity of these claims are yet to be confirmed, but as to why this discussion is happening for source engine games vs. other games that have had their source codes released, this is the underlying reason.
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
I clicked that Twitter account and it's literally a joke/meme account that spams "No" because it's answering the question in the handle.
Not to sound rude, but why would you even give a shit what that account is saying? Even if it were true you're better off finding a better source to quote.
A lot of woo going around today about a "thunderbolt security flaw".
The whole point of Thunderbolt is that it is some PCIe lanes routed outside of the box. Part of that is that it has DMA to your system, because it is just some PCIe lanes on a port.
More details of the "Thunderspy" vulnerability:
It requires physical access to the inside of the machine to hook up to the thunderbolt controller and flash its bios.
I am eternally grateful that our external product teams were able to get our customers to accept that any security issue that requires physical access to exploit is a them-problem, not an us-problem. Saved me from having to backport a bunch of like TTY driver security patches and USB exploits.
Our primary customers are telcos and DCs, so they already have to have physical security controls in place anyway.
Posts
Seems like this attack is being served up via JavaScript, which means it can be delivered to your computer via ads even on trusted websites. It's unclear if having your own router between you and the modem makes a difference.
I'm hoping JavaScript whitelisting and ad blocking are sufficient, because my cable modem is on the list, and there are NO firmware updates available for my cable modem.
Edit The Cable Haunt website has a much more exhaustive list of vulnerable modems that include other brands than those listed in the Ars article. I recommend checking the Cable Haunt site to see if you are impacted.
Notably, Arris Surfboard modems appear vulnerable.
No, it's not about the efficacy of the antivirus scanner itself. It's that apparently the company is using Avast's free version to harvest private personal data from the users who install it, and then sell that data for profit.
Once again, the greatest threat to end user security isn't the end user themselves anymore. It's corporations who don't give a shit about actual privacy or security.
I still had avast on my HTPC. I don't typically do anything but watch sports streams on that computer, but sounds like I am uninstalling it finally. I didn't like any of their upgrades in the last 1-2 years, but I have just been too lazy.
Back to just defender and sandboxie I guess.
On a related note, apparently sandboxie is going open source, which seems kind of nice. I hadn't updated in a while, and while they transition they apparently stopped doing automatic updates, so you have to go to their website and download the newest version (might still automatically update once you get a version that is newer than the break point where they decided to transition to open source). Weirdly though it asks for your name/email/other occupational stuff in order to download. They claim it's for import/export stuff but whatever. I gave it everything fake except the email, since they probably already have that.
Sophos making it free is great, because Sandboxie is an excellent tool. It allows for the security of virtualization with a much more convenient way to access it, and it can be configured to work with programs automatically. I particularly like the way it can selectively isolate programs from the internet, or prevent them from launching other programs themselves! It really shuts down drive-by exploits. Giving people greater access to these tools for free is awesome.
But, the underlying reason they've done this is that they're dropping support. It is considered 'open source', but from what I understand it's a cryptic kludge of software that's going to be difficult for anyone to maintain, let alone for free out of the goodness of their heart. The original Sandboxie worked by exploiting quirks in Windows that have long since ceased to be relevant.
Given the way OS updates move these days, I'd say the next big Windows patch is liable to break Sandboxie beyond function, and this time there will be no tzuk (the original programmer) to figure out how to fix it.
Tweet is from a Buzzfeed News reporter.
Tweet also understates the whole thing. Good lord.
*Spit take* Wait, WHAT? The credentials were stored in plaintext? IN THE PAGE SOURCE?!
...
Excuse me. I have to go find a very hard surface to bang my head against.
And that's modestly frightening.
Thanks!
Hey listen these things happen lol ¯\_(ツ)_/¯
It's got a smattering of stuff, but there's a Cybersecurity 2020 book bundle at Humble. That may be a good place to start. Of course, that implies you are fine with either printing your literature or working reading/working with it from a screen.
Well, there is always the authoritative source
https://tools.ietf.org/html/rfc793
And supplemental,
https://tools.ietf.org/html/rfc879
https://tools.ietf.org/html/rfc1323
https://tools.ietf.org/html/rfc2018
plus others
Get wireshark, and pcap, which you can use to send & receive raw packets
I bought the entire bundle XD
Awesome, thanks!
It apparently takes quite a bit of technical skill to exploit, and it may be somewhat patchable - in as much as it be made unexploitable remotely, eventually.
Steam | XBL
Same, well, will be seven years in August.
~ Buckaroo Banzai
Yet another CPU flaw has been disclosed. Distinct from Meltdown and Spectre - which snoop data from CPUs - LVI - or Load Value Injection seems to sneak commands into execution. Looks like any patches to mitigate this new attack method will CONSIDERABLY slow down Intel processors.
Also, there's a fairly large and critical Windows vulnerability that's just been disclosed. No patch for this one yet, but the linked article does have a powershell command to mitigate the attack on vulnerable servers, and recommend blocking port 445 on vulnerable clients.
Are there any books on HTTP header forensics, tshark, nfdump etc?
Valve are yet to comment, and the PoC attacks are currently unconfirmed, but it's still making waves out there at the moment.
There are additional rumblings out there that other source engine games may also be exposed due to shared code, too. I have heard that Gary's Mod may be one to avoid until an official statement has been issued.
Hopefully Valve will issue as statement sooner than later. For now I would treat the news with careful skepticism, but err on the side of caution. It may be FUD, but this is the sort of thing that can't be reversed once it hits.
Edit: There are some reports that CS:GO is also in this bucket.
So, not counting mods, that's...
Vampire: The Masquerade – Bloodlines
Half-Life 2: Deathmatch
Half-Life: Source
Counter-Strike: Source
Day of Defeat: Source
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life 2: Episode One
Garry's Mod
SiN Episodes
Dark Messiah of Might and Magic
The Ship
Kuma\War
Half-Life 2: Episode Two
Team Fortress 2
Portal
Dystopia
Insurgency: Modern Infantry Combat
Left 4 Dead
Left 4 Dead 2
Zeno Clash
NeoTokyo
Bloody Good Time
Vindictus
E.Y.E.: Divine Cybermancy
Alien Swarm
Portal 2
No More Room in Hell
Nuclear Dawn
Postal III
Dino D-Day
Dear Esther
Counter-Strike: Global Offensive
Hybrid
Tactical Intervention
The Stanley Parable
Blade Symphony
Consortium
Contagion
Insurgency
Aperture Tag: The Paint Gun Testing Initiative
Fistful of Frags
Portal Stories: Mel
The Beginner's Guide
Infra
Day of Infamy
Black Mesa
Going to be interesting to see how many of them actually patch for this crap. Good thing I never got into PC TF2.
I can has cheezburger, yes?
The exploit seems to be if the victim is on the same server as the attacker. So, don't play any of these games online?
Steam | XBL
In the present situation the difference is that supposed Proof of Concept for remote code execution was already demonstrated for TF2.
The veracity of these claims are yet to be confirmed, but as to why this discussion is happening for source engine games vs. other games that have had their source codes released, this is the underlying reason.
Steam | XBL
Steam | XBL
Not to sound rude, but why would you even give a shit what that account is saying? Even if it were true you're better off finding a better source to quote.
The whole point of Thunderbolt is that it is some PCIe lanes routed outside of the box. Part of that is that it has DMA to your system, because it is just some PCIe lanes on a port.
Tsk. Two missed opportunities to call it "Thunderstruck".
Sokolov: "You in the West know him as... Thunderbolt!"
Snake: "Thunderbolt? Never heard of him."
Steam | XBL
It requires physical access to the inside of the machine to hook up to the thunderbolt controller and flash its bios.
Our primary customers are telcos and DCs, so they already have to have physical security controls in place anyway.