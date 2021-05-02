Security and Hardware
UVA Engineering Computer Scientists Discover New Vulnerability Affecting Computers Globally
A team of University of Virginia School of Engineering computer science researchers has uncovered a line of attack that breaks all Spectre defenses, meaning that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced. The team reported its discovery to international chip makers in April and will present the new challenge at a worldwide computing architecture conference in June.
The researchers, led by Ashish Venkat, William Wulf Career Enhancement Assistant Professor of Computer Science at UVA Engineering, found a whole new way for hackers to exploit something called a “micro-op cache,” which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process. Micro-op caches have been built into Intel computers manufactured since 2011.
Computer scientists discover new vulnerability affecting computers globally
Because all current Spectre defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat's team's new attacks. Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors.
"Intel's suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute," Venkat said. "But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel."
CVE-2021-31799: A command injection vulnerability in RDoc
There is a vulnerability about Command Injection in RDoc which is bundled in Ruby. It is recommended that all Ruby users update RDoc to the latest version that fixes this issue.
[...]
RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command.
HowTo: Using a Pager in the 21st Century | by Dmitrii Eliuseev | May, 2021 | Medium
In the 90th I was a student and the pager for me was something like a Star Trek Communicator, a piece of the cutting edge technology. It is fun to remember it because now I know that technologically the paging protocol is very straightforward. From the encoding perspective, the pager is not so different from the wireless doorbells that are selling now for 5$ in Aliexpress.
[...]
Bits are encoded with a frequency shift keying (FSK) modulation using 9 kHz bandwidth and 1200 bits per second speed, all this message is transmitting in about 0.5s.
Looks simple, and it really is. I will skip the details, those who are interested can read the protocol specification. It is even easy to draw all these bits with pen and paper — these protocols were simple in the past, I think nobody can do it with modern GSM or WiFi. In POCSAG messages there is no authentication, no security keys — all messages to all paging company customers are available on-air “as is”, and by the way, can be easily decoded with PC software like PDW.
How customers are receiving their messages? Every pager has its own unique ID, called CAP — Channel Access Protocol or RIC — Receiver Identification Code. All pagers from the paging provider are listening to the same frequency, let’s say, 164 MHz. If the message code is equal to the pager code, the pager saves the message and makes the loud “beep”. That’s it. It’s a one-way communication, there is no confirmation sending back, the pager has only the receiver and no transmitter at all. The logic and hardware are extremely simple, and because of that, the pager can work for more than a month from a single AAA battery. Interestingly, pagers are still in use in some countries even now — in the hospitals or emergency services, where it is important to have a portable and lightweight device with long battery life.
