Language Selection

English French German Italian Portuguese Spanish

Security

Security: CPU Bugs, Western Digital Back Doors

Filed under
Security
  • There will always be hardware bugs

    By now everyone has seen the latest exploit, meltdown and spectre, complete with logos and full academic paper. The gist of this is that side channel attacks on CPUs are now actually plausible instead of mostly theoretical. LWN (subscribe!) has a good collection of posts about actual technical details and mitigations. Because this involves hardware and not just software, fixes get more complicated.

  • What are Meltdown and Spectre? Here’s what you need to know.
  • Intel faces class action lawsuits regarding Meltdown and Spectre

    The three lawsuits—filed in California, Indiana, and Oregon (PDF)—cite not just the security vulnerabilities and their potential impact, but also Intel's response time to them. Researchers notified Intel about the flaws in June. Now, Intel faces a big headache. The vast majority of its CPUs in use today are impacted, and more class action complaints may be filed beyond these three.

  • Western Digital My Cloud drives have a built-in backdoor

    Western Digital's network attached storage solutions have a newfound vulnerability allowing for unrestricted root access.
    James Bercegay disclosed the vulnerability to Western Digital in mid-2017. After allowing six months to pass, the full details and proof-of-concept exploit have been published. No fix has been issued to date.
    More troubling is the existence of a hard coded backdoor with credentials that cannot be changed. Logging in to Western Digital My Cloud services can be done by anybody using "mydlinkBRionyg" as the administrator username and "abc12345cba" as the password. Once logged in, shell access is readily available followed with plenty of opportunity for injection of commands.

Security: Meltdown & Spectre, Critical CSRF Security Vulnerability, OpenVPN and More

Filed under
Security
  • Meltdown & Spectre
  • Meltdown and Spectre Linux Kernel Status

    By now, everyone knows that something “big” just got announced regarding computer security. Heck, when the Daily Mail does a report on it , you know something is bad…

    Anyway, I’m not going to go into the details about the problems being reported, other than to point you at the wonderfully written Project Zero paper on the issues involved here. They should just give out the 2018 Pwnie award right now, it’s that amazingly good.

    If you do want technical details for how we are resolving those issues in the kernel, see the always awesome lwn.net writeup for the details.

    Also, here’s a good summary of lots of other postings that includes announcements from various vendors.

  • Spectre and Meltdown: What you need to know going forward

    As you've likely heard by now, there are some problems with Intel, AMD, and ARM processors. Called Meltdown and Spectre, the discovered attack possibilities are rather severe, as they impact pretty much every technical device on the network or in your house (PCs, laptops, tablets, phones, etc.).

    Here's a breakdown of all the things you need to know. As things change, or new information becomes available, this article will be updated.

    The key thing to remember is not to panic, as the sky isn't about to come crashing down. The situation is one that centers on information disclosure, not code execution (a far more damning issue to deal with).

  • Open Source Leaders: Take Intel to Task

    I do not know Linus Torvalds or Theo de Raadt. I have never met either of them and have read very little about them. What I do know, gleaned from email archives, is when it comes to bum hardware: they both have pretty strong opinions. Both Linus and Theo can be a bit rough around the edges when it comes to giving their thoughts about hardware design flaws: but at least they have a voice. Also, Linus and Theo have often been at odds whether it be about how to approach OS design, licensing etc but I suspect, or I at least have to believe, the latest incident from intel (the Spectre and Meltdown flaws) is one area they agree on.

    Linus and Theo cannot possibly be the only Open Source leaders out there who are frustrated and tired of being jerked around by intel. What I hope comes out of this is not many different voices saying the same thing here and there but instead, perhaps, our various leaders could get together and take intel to task on this issue. Intel not only created a horrible design flaw they lied by omission about it for several months. During those months the Intel CEO quietly dumped his stock. What a hero.

  • Docker Performance With KPTI Page Table Isolation Patches

    Overall most of our benchmarks this week of the new Linux Kernel Page Table Isolation (KPTI) patches coming as a result of the Meltdown vulnerability have showed minimal impact overall on system performance. The exceptions have obviously been with workloads having high kernel interactions like demanding I/O cases and in terms of real-world impact, databases. But when testing VMs there's been some minor impact more broadly than bare metal testing and also Wine performance has been impacted. The latest having been benchmarked is seeing if the Docker performance has been impacted by the KPTI patches to see if it's any significant impact since overall the patched system overhead certainly isn't anything close to how it was initially hyped by some other media outlets.

  • Can We Replace Intel x86 With an Open Source Chip?
  • Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched

    A "cross site request forgery" vulnerability in a popular tool for administrating MySQL and MariaDB databases that could lead to data loss has been patched.

  • 8 reasons to replace your VPN client with OpenVPN

    OpenVPN could be the answer. It's an ultra-configurable open source VPN client which works with just about any VPN provider that supports the OpenVPN protocol. It gives you new ways to automate, optimize, control and troubleshoot your connections, and you can use it alongside your existing client, or maybe replace it entirely – it's your call.

  • I’m harvesting credit card numbers and passwords from your site. Here’s how.

Security: Currencies, Marcus Hutchins, and Hardware Bugs

Filed under
Security
  • Hot New Cryptocurrency Trend: Mining Malware That Could Fry Your Phone
  • PyCryptoMiner Attacks Linux Machines And Turns Them Into Monero-mining Bots
  • Marcus Hutchins' lawyers seek information around arrest

    Lawyers acting for British security researcher Marcus Hutchins have filed a motion seeking additional information on a number of aspects surrounding his arrest in order to prepare for a trial that is expected to take place this year.

  • AMD Did NOT Disable Branch Prediction With A Zen Microcode Update

    With the plethora of software security updates coming out over the past few days in the wake of the Meltdown and Spectre disclosure, released by SUSE was a Family 17h "Zen" CPU microcode update that we have yet to see elsewhere... It claims to disables branch prediction, but I've confirmed with AMD that is not actually the case.

    AMD did post a processor security notice where they noted their hardware was not vulnerable to variant threee / rogue data cache load, for the "branch target injection" variant that there was "near zero risk" for exploiting, and with the bounds check bypass it would be resolved by software/OS updates.

  • Spectre and Meltdown Attacks Against Microprocessors

    "Throw it away and buy a new one" is ridiculous security advice, but it's what US-CERT recommends. It is also unworkable. The problem is that there isn't anything to buy that isn't vulnerable. Pretty much every major processor made in the past 20 years is vulnerable to some flavor of these vulnerabilities. Patching against Meltdown can degrade performance by almost a third. And there's no patch for Spectre; the microprocessors have to be redesigned to prevent the attack, and that will take years. (Here's a running list of who's patched what.)

  • OpenBSD & FreeBSD Are Still Formulating Kernel Plans To Address Meltdown+Spectre

    On Friday DragonFlyBSD's Matthew Dillon already landed his DragonFly kernel fixes for the Meltdown vulnerability affecting Intel CPUs. But what about the other BSDs?

    As outlined in that article yesterday, DragonFlyBSD founder Matthew Dillon quickly worked through better kernel/user separation with their code to address the Intel CPU bug. Similar to Linux, the DragonFlyBSD fix should cause minimal to small CPU performance impact for most workloads while system call heavy / interrupt-heavy workloads (like I/O and databases) could see more significant drops.

  • Retpoline v5 Published For Fending Off Spectre Branch Target Injection

    David Woodhouse of Amazon has sent out the latest quickly-revising patches for introducing the "Retpoline" functionality to the Linux kernel for mitigating the Spectre "variant 2" attack.

    Retpoline v5 is the latest as of Saturday morning as the ongoing effort for avoiding speculative indirect calls within the Linux kernel for preventing a branch target injection style attack. These 200+ lines of kernel code paired with the GCC Retpoline patches are able to address vulnerable indirect branches in the Linux kernel.

    The Retpoline approach is said to only have up to a ~1.5% performance hit when patched... I hope this weekend to get around to trying these kernel and GCC patches on some of my systems for looking at the performance impact in our commonly benchmarked workloads. The Retpoline work is separate from the KPTI page table isolation work for addressing the Intel CPU Meltdown issue.

  • Intel hit with three class-action lawsuits over chip flaws
  • Meltdown, aka "Dear Intel, you suck"

    We have received *no* non-public information. I've seen posts elsewhere by other *BSD people implying that they receive little or no prior warning, so I have no reason to believe this was specific to OpenBSD and/or our philosophy. Personally, I do find it....amusing? that public announcements were moved up after the issue was deduced from development discussions and commits to a different open source OS project. Aren't we all glad that this was under embargo and strongly believe in the future value of embargoes?

  • Hack-proof Quantum Data Encryption

'Chipocalypse'

Filed under
Security

Security leftovers

Filed under
Security
  • Python-Based Botnet Targets Linux Systems with Exposed SSH Ports

    Experts believe that an experienced cybercrime group has created a botnet from compromised Linux-based systems and is using these servers and devices to mine Monero, a digital currency.

    Crooks are apparently using brute-force attacks against Linux systems that feature exposed SSH ports. If they guess the password, they use Python scripts to install a Monero miner.

  • AMD PSP Affected By Remote Code Execution Vulnerability

    While all eyes have been on Intel this week with the Spectre and Meltdown vulnerabilities, a disclosure was publicly made this week surrounding AMD's PSP Secure Processor in an unrelated security bulletin.

    AMD's Secure Processor / Platform Security Processor (PSP) that is akin to Intel's Management Engine (ME) is reportedly vulnerable to remote code execution.

  • DragonFlyBSD Lands Fixes For Meltdown Vulnerability

    Linux, macOS, and Windows has taken most of the operating system attention when it comes down to the recently-disclosed Meltdown vulnerability but the BSDs too are prone to this CPU issue. DragonFlyBSD lead developer Matthew Dillon has landed his fixes for Meltdown.

  • Spectre question

    Could ASLR be used to prevent the Spectre attack?

    The way Spectre mitigations are shaping up, it's going to require modification of every program that deals with sensitive data, inserting serialization instructions in the right places. Or programs can be compiled with all branch prediction disabled, with more of a speed hit.

    Either way, that's going to be piecemeal and error-prone. We'll be stuck with a new class of vulnerabilities for a long time. Perhaps good news for the security industry, but it's going to become as tediously bad as buffer overflows for the rest of us.

    Also, so far the mitigations being developed for Spectre only cover branching, but the Spectre paper also suggests the attack can be used in the absence of branches to eg determine the contents of registers, as long as the attacker knows the address of suitable instructions to leverage.

  • Intel Deploying Updates for Spectre and Meltdown Exploits

    Intel reports that company has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from “Spectre” and “Meltdown” exploits reported by Google Project Zero. I

  • Capsule8 Launches Open Source Sensor for Real-time Attack Detection Capable of Detecting Meltdown
  • You know what’s not affected by Meltdown or Spectre? The Raspberry Pi

    One or more of the security vulnerabilities disclosed this week affect nearly every modern smartphone, PC, and server processor. Intel processor are vulnerable to both Meltdown and Spectre attacks. AMD chips are vulnerable to Spectre attacks. And the ARM-based processors that are used in most modern smartphones can fall prey to a Spectre attack as well.

Security: Updates, PyCryptoMiner, and Hardware Crisis

Filed under
Security

RISC-V and Raspberry Pi Secure

Filed under
Linux
Hardware
Security
  • RISC-V Foundation Trumpets Open-Source ISAs In Wake Of Meltdown, Spectre

    The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre and, in the wake of those bugs, stressed the importance of open-source development and a modern ISA in preventing vulnerabilities.

    In consumer computing, we usually only hear about two instruction set architectures (ISA): x86 and ARM. Classified as a complex instruction set, x86 dominates the desktop and server space. Since the rise of smartphones, however, reduced-instruction-set (RISC) ARM processors have dominated the mobile computing market. Beyond x86, there aren’t many complex instruction sets still in use, but there are still many relevant RISC designs despite ARM’s seeming ubiquity.

    The lesser known RISC-V ISA is among those being developed to take on ARM. It was created in the University of California, Berkeley and is unique because it’s open-source. The ISA is actively being worked on and is now overseen by the RISC-V Foundation, which includes companies such as AMD, Nvidia, Micron, Qualcomm, and Microsoft. An ISA alone doesn’t define a CPU design, though. RISC-V being open-source means that anyone is free to build their own CPU to implement the ISA, or their own compiler to build software that can run on RISC-V CPUs.

  • WHY RASPBERRY PI ISN’T VULNERABLE TO SPECTRE OR MELTDOWN

    Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel’s address space (which should normally be inaccessible to user programs).

    Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.

    To help us understand why, here’s a little primer on so

Security: KPTI, Meltdown and Spectre

Filed under
Security
  • Intel facing class-action lawsuits over Meltdown and Spectre bugs

    Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week.

    The flaws, called Meltdown and Spectre, exist within virtually all modern processors and could allow hackers to steal sensitive data although no data breaches have been reported yet. While Spectre affects processors made by a variety of firms, Meltdown appears to primarily affect Intel processors made since 1995.

    Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel’s delay in public disclosure from when it was first notified by researchers of the flaws in June. They also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor.

  • More about Spectre and the PowerPC (or why you may want to dust that G3 off)

    Most of the reports on the Spectre speculative execution exploit have concentrated on the two dominant architectures, x86 (in both its AMD and Meltdown-afflicted Intel forms) and ARM. In our last blog entry I said that PowerPC is vulnerable to the Spectre attack, and in broad strokes it is. However, I also still think that the attack is generally impractical on Power Macs due to the time needed to meaningfully exfiltrate information on machines that are now over a decade old, especially with JavaScript-based attacks even with the TenFourFox PowerPC JIT (to say nothing of various complicating microarchitectural details). But let's say that those practical issues are irrelevant or handwaved away. Is PowerPC unusually vulnerable, or on the flip side unusually resistant, to Spectre-based attacks compared to x86 or ARM?

  • Measuring the Intel Management Engine to Create a More Secure Computer

    A modern computer has many different avenues for attack—ranging from local user-level exploits to root and kernel exploits, all the way down to exploits that compromise the boot loader or even the BIOS—but for over ten years the Intel Management Engine—with its full persistent access to all computer hardware combined with its secretive code base—has offered the theoretical worst-case scenario for a persistent invisible attack. The recent exploit from the talented group of researchers at Positive Technologies moves that worst-case scenario from “theoretical” to reality. While the proof-of-concept exploit is currently limited to local access, it is only a matter of time before that same style of stack smash attack turns remote by taking advantage of systems with AMT (Advanced Management Technology) enabled.

  • Linus Torvalds Latest Meltdown: “Is Intel Selling Sh*t And Never Willing To Fix Anything?”

    It’s not surprising to hear that the creator of the open-source Linux kernel couldn’t hold his temper after learning that Intel processors are affected by vulnerabilities that date back more than a decade ago. And why not? He has enough power to criticize Intel as the active development of the 26-year-old Linux kernel can’t go forward without him.

  • Linux Kernel 4.14.12 Released to Disable x86 PTI for AMD Radeon Processors

    It was bound to happen sooner or later, so Greg Kroah-Hartman just announced today the release of the Linux 4.14.12 kernel, which disables the x86 KPTI patches for AMD Radeon processors.

    Submitted over the Christmas holidays by AMD engineer Tom Lendacky, the "x86/cpu, x86/pti: Do not enable PTI on AMD processors" patch has landed today in the Linux 4.14.12 kernel, disabling the kernel page table isolation (KPTI) for all AMD Radeon processors, which were treated as "insecure" until now.

  • More Linux Kernel & GCC Patches Come Out In The Wake Of Spectre+Meltdown

    Besides the already-merged Kernel Page Table Isolation (KPTI) patches, other Linux kernel patches are coming out now in light of the recent Spectre and Meltdown vulnerabilities.

    Paul Turner of Google has posted some "request for comments" patches on a "Retpoline" implementation for the Linux kernel. The Retpoline patches are intended for fending off Spectre, the attack that breaks isolation between different applications. Unfortunately the Retpoline patching does add an additional cost to the kernel performance with the overall overhead being reported up to a 1.5% range.

  • KPTI Intel Chip Flaw Exposes Security Risks

    Operating system vendors are rushing to put out a fix for an alleged Intel chip flaw that could be used to exploit systems.

    Intel has not officially disclosed details on the flaw yet, though a patch already exists in the Linux kernel, with patches for Microsoft Windows and Apple macOS expected by Jan. 9. The Intel flaw doesn't have a branded name at this point, though security researchers have referred to it as both KPTI (Kernel Page Table Isolation) and KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed).

  • Reading privileged memory with a side-channel

    We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

Meltdown/Spectre 'Damage Control'

Filed under
Hardware
Security
  • Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers
  • Massive Intel Chip Security Flaw Threatens Computers

    A design flaw in all Intel chips produced in the last decade is responsible for a vulnerability that puts Linux, Windows and macOS-powered computers at risk, according to multiple press reports. The flaw reportedly is in the kernel that controls the chip performance, allowing commonly used programs to access the contents and layout of a computer's protected kernel memory areas. The Linux kernel community, Microsoft and Apple have been working on patches to their operating systems to prevent the vulnerability.

  • What Linux Users Must Know About Meltdown and Spectre Bugs Impacting CPUs

    While these bugs impact a huge number of devices, there has been no widespread attacks so far. This is because it’s not straightforward to get the sensitive data from the kernel memory. It’s a possibility but not a certainty. So you should not start panicking just yet.

  • Loose threads about Spectre mitigation

    KPTI patches are out from most vendors now. If you haven't applied them yet, you should; even my phone updated today (the benefits of running a Nexus phone, I guess). This makes Meltdown essentially like any other localroot security hole (ie., easy to mitigate if you just update, although of course a lot won't do that), except for the annoying slowdown of some workloads. Sorry, that's life.

    Spectre is more difficult. There are two variants; one abuses indirect jumps and one normal branches. There's no good mitigation for the last one that I know of at this point, so I won't talk about it, but it's also probably the hardest to pull off. But the indirect one is more interesting, as there are mitigations popping up. Here's my understanding of the situation, based on random browsing of LKML (anything in here may be wrong, so draw your own conclusions at the end):

    Intel has issued microcode patches that they claim will make most of their newer CPUs (90% of the ones shipped in the last years) “immune from Spectre and Meltdown”. The cornerstone seems to be a new feature called IBRS, which allows you to flush the branch predictor or possibly turn it off entirely (it's not entirely clear to me which one it is). There's also something called IBPB (indirect branch prediction barrier), which seems to be most useful for AMD processors (which don't support IBRS at the moment, except some do sort-of anyway, and also Intel supports it), and it works somewhat differently from IBRS, so I don't know much about it.

  • The disclosure on the processor bugs

    The rumored bugs in Intel (and beyond) processors have now been disclosed: they are called Meltdown and Spectre, and have the requisite cute logos. Stay tuned for more.

    See also: this Project Zero blog post. "Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01."

    See also: this Google blog posting on how it affects users of Google products in particular. "[Android] devices with the latest security update are protected. Furthermore, we are unaware of any successful reproduction of this vulnerability that would allow unauthorized information disclosure on ARM-based Android devices. Supported Nexus and Pixel devices with the latest security update are protected."

  • How the Meltdown Vulnerability Fix Was Invented

    A major security flaw has surfaced that’s thought to affect all Intel microprocessors since at least 2011, some ARM processors and, according to Intel, perhaps those of others. Unusually, the exploit, called Meltdown, takes advantage of the processors’ hardware rather than a software flaw, so it circumvents security schemes built into major operating systems.

  • Why Intel x86 must die: Our cloud-centric future depends on open source chips

    Two highly publicized security flaws in the Intel x86 chip architecture have now emerged. They appear to affect other microprocessors made by AMD and designs licensed by ARM.

    And they may be some of the worst computer bugs in history -- if not the worst -- because they exist in hardware, not software, and in systems that number in the billions.

    These flaws, known as Meltdown and Spectre, are real doozies. They are so serious and far-reaching that the only potential fix in the immediate future is a software workaround that, when implemented, may slow down certain types of workloads as much as 30 percent.

  • Intel Acknowledges Chip-Level Security Vulnerability In Processors

    Security researchers have found serious vulnerabilities in chips made by Intel and other companies that, if exploited, could leave passwords and other sensitive data exposed.

  • ​How Linux is dealing with Meltdown and Spectre

    He's not the only one unhappy with Intel. A Linux security expert is irked at both Google and Intel. He told me that Google Project Zero informed Intel about the security problems in April. But neither Google nor Intel bothered to tell the operating system vendors until months later. In addition, word began to leak out about the patches for these problems. This forced Apple, the Linux developers, and Microsoft to scramble to deliver patches to fundamental CPU security problems.

    The result has been fixes that degrade system performance in many instances. While we don't know yet how badly macOS and Windows will be affected, Michael Larabel, a Linux performance expert and founder of the Linux Phoronix website, has ran benchmarks on Linux 4.15-rc6, a Linux 4.15 release candidate, which includes Kernel Page Table Isolation (KPTI) for Intel's Meltdown flaw.

  • [Fedora] Protect your Fedora system against Meltdown

    You may have heard about Meltdown, an exploit that can be used against modern processors (CPUs) to maliciously gain access to sensitive data in memory. This vulnerability is serious, and can expose your secret data such as passwords. Here’s how to protect your Fedora system against the attack.

  • Today's CPU vulnerability: what you need to know

    The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

  • Apple says Spectre and Meltdown vulnerabilities affect all Mac and iOS devices

    Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data — including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe.

    The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which cannot be fully resolved as of yet. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses.

  • Intel CEO Sold $24 Million In Stocks After Google Exposed 10 Year Old Vulnerabilities

    In the month of November last year, Intel CEO Brian Krzanich sold off a big chunk of his company stocks worth $24 million (245,743 shares). The stocks were valued at $11 million back then. Now, the CEO is left with just 250,000 shares which fulfill the minimum requirement to continue his job.

  • “Meltdown” And “Spectre” Flaws: Affecting Almost All Devices With Intel, AMD, & ARM CPUs

    Just yesterday, a report from The Register disclosed a massive security screwup on behalf of Intel, which impacted nearly all chips manufactured in the past ten years. It was also reported that future patches released by the developers of Windows and Linux kernel could reduce the performance of devices up to 5-30%. That’s a lot.

  • Security updates for Thursday

    As might be guessed, a fair number of these updates are for the kernel and microcode changes to mitigate Meltdown and Spectre. More undoubtedly coming over the next weeks.

  • A collection of Meltdown/Spectre postings
  • Mitigations landing for new class of timing attack

    Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.

  • Is PowerPC susceptible to Spectre? Yep.

    Meltdown is specific to x86 processors made by Intel; it does not appear to affect AMD. But virtually every CPU going back decades that has a feature called speculative execution is vulnerable to a variety of the Spectre attack. In short, for those processors that execute "future" code downstream in anticipation of what the results of certain branching operations will be, Spectre exploits the timing differences that occur when certain kinds of speculatively executed code changes what's in the processor cache. The attacker may not be able to read the memory directly, but (s)he can find out if it's in the cache by looking at those differences (in broad strokes, stuff in the cache is accessed more quickly), and/or exploit those timing changes as a way of signaling the attacking software with the actual data itself. Although only certain kinds of code can be vulnerable to this technique, an attacker could trick the processor into mistakenly speculatively executing code it wouldn't ordinarily run. These side effects are intrinsic to the processor's internal implementation of this feature, though it is made easier if you have the source code of the victim process, which is increasingly common.

Syndicate content

More in Tux Machines

Security Leftovers

  • Security updates for Tuesday
  • Initial Retpoline Support Added To LLVM For Spectre v2 Mitigation
    The LLVM code has been merged to mainline for the Retpoline x86 mitigation technique for Spectre Variant 2. This will be back-ported to LLVM 6.0 and also LLVM 5.0 with an immediate point release expected to get this patched compiler out in the wild. The compiler-side work -- similar to GCC's Retpoline code -- is to avoid generating code where an indirect branch could have its prediction poisoned by a rogue actor. The Retpoline support uses indirect calls in a non-speculatable way.
  • Teen Hacker Who Social Engineered His Way Into Top-Level US Government Officials' Accounts Pleads Guilty To Ten Charges
    The teenage hacker who tore CIA director John Brennan a new AOL-hole is awaiting sentencing in the UK. Kane Gamble, the apparent founder of hacker collective Crackas With Attitude, was able to access classified documents Brennan has forwarded to his personal email account by posing as a Verizon tech. Social engineering is still the best hacking tool. It's something anyone anywhere can do. If you do it well, a whole host of supposedly-secured information can be had, thanks to multiple entities relying on the same personal identifiers to "verify" the social engineer they're talking to is the person who owns accounts they're granting access to. Despite claiming he was motivated by American injustices perpetrated around the world (Palestine is namechecked in the teen's multiple mini-manifestos), a lot of what Gamble participated in was plain, old fashioned harassment.
  • The Guardian view on cyberwar: an urgent problem [Ed: Lists several attacks by Microsoft Windows (but names neither)]
    The first known, and perhaps the most successful of these, was the joint US/Israeli Stuxnet attack on the Iranian nuclear programme in 2009. Since then there has been increasing evidence of attacks of this sort by Russia – against Estonia in 2009, and then against Ukraine, where tens of thousands of attacks on everything from power supplies to voting machines have opened an under-reported front in an under-reported war. Across the Baltic, the Swedish government has just announced a beefed-up programme of civil defence, of which the most substantial part will be an attempt to protect its software and networks from attacks. Meanwhile, North Korean state hackers are blamed by western intelligence services for the WannaCry ransomware attacks which last year shut down several NHS hospitals in the UK. Persistent reports suggest the US has interfered in this way with North Korea’s nuclear missile programme.
  • Reproducible Builds: Weekly report #143
  • Don’t Install Meltdown And Spectre Patches, Intel Warns It Would Increase System Reebots
  • On that Spectre mitigations discussion
    By now, almost everybody has probably seen the press coverage of Linus Torvalds's remarks about one of the patches addressing Spectre variant 2. Less noted, but much more informative, is David Woodhouse's response on why those patches are the way they are.

Tails 3.5 Anonymous OS Released to Mitigate Spectre Vulnerability for AMD CPUs

Tails, the open-source Linux-based operating system designed to protect user's privacy while surfing the Internet, also known as Anonymous OS, was updated today to version 3.5. Coming only two weeks after the Tails 3.4 release, which included patches for the Meltdown and Spectre security vulnerabilities publicly disclosed earlier this month, today's Tails 3.5 update is here to bump the Linux kernel to version 4.14.13 and include the microcode firmware for AMD CPUs to mitigate the Spectre flaw. Read more

Graphics: Freedreno, Gallium3D, AMDGPU, RadeonSI, Mesa

  • Code Aurora Working On Adreno 6xx Support For Freedreno
    The Qualcomm-aligned Code Aurora is working on supporting the latest-generation Adreno A6xx graphics hardware with the open-source Freedreno+MSM driver stack.
  • Work Revised On Adding SPIR-V Support To Clover Gallium3D
    Last May we reported on a Nouveau developer adding SPIR-V support to Gallium3D's OpenCL state tracker. Finally the better part of one year later, Pierre Moreau is ready with the second version of these patches to accept this IR associated with Vulkan / OpenCL 2.1+ within Clover.
  • Trying Out DRM-Next For Linux 4.16 With AMDGPU On Polaris & Vega
    I have spent some time this weekend trying out the DRM-Next code slated for inclusion in Linux 4.16 when its merge window opens next week. The DRM-Next state of the AMDGPU driver appears to be in good shape, at least for the RX 580 and RX Vega cards used for my initial testing.
  • RadeonSI NIR Back-End Picks Up Support For More OpenGL Extensions
    It was just a few days ago that Valve Linux developer Timothy Arceri enabled GLSL 4.50 support for RadeonSI's NIR back-end after previously taking care of tessellation shaders and other requirements. Now he has taken to implementing some other extensions in RadeonSI's NIR code-path.
  • mesa 18.0-0-rc1
    The first release candidate for Mesa 18.0.0 is now available. The plan is to have one release candidate every Friday, until the anticipated final release on 9th February 2018. The expectation is that the 17.3 branch will remain alive with bi-weekly releases until the 18.0.1 release. NOTE: Building the SWR with LLVM 3.9 is currently not possible. Please use newer LLVM version until the issue is resolved. Here are the people which helped shape the current release.
  • Mesa 18.0 Now Under Feature Freeze With 18.0-RC1 Premiere
    Feature development on Mesa 18.0 has now ended with the release today of 18.0-RC1 following the code-base being branched. Emil Velikov of Collabora just announced the availability of Mesa 18.0-RC1. As usual, he's planning on weekly release candidates until the 18.0.0 stable release is ready to ship. Velikov tentatively expects to ship Mesa 18.0.0 around 9 February, but as we know from past releases, it might end up slipping by some days.

Using Dual 4K Monitors Stacked With GNOME

The setup for my main production system that is still on Fedora Workstation 26 with GNOME Shell 3.24.3 has been working out fine. The two displays are the ASUS MG28UQ monitors that work out well on their own and do work with AMDGPU FreeSync on Linux. A GeForce GTX 1050 Ti is enough to power the dual 3840 x 2160 displays for desktop tasks mostly limited to many terminals, Firefox, Chrome, Thunderbird, and other GNOME desktop applications. Certainly that lower-end Pascal GPU isn't fast enough for 4K gaming, but it's not like I have the time for any gaming and for a purely desktop system it's working out fine paired with the 387.34 proprietary driver on Fedora 26 paired with Linux 4.14. Read more