Meltdown & Spectre

[67448dc98712ffox]

heise.de: "Meltdown & Spectre: Immer mehr Malware, echte Angriffe unklar"

blog.fortinet.com: "The exponential growth of detected malware targeted at meltdown and spectre"

https://mobile.twitter.com/avtestorg/status/959015892997861376:

Q: Are any of these remotely executable/ implemented in javascript?

A: Most samples are binaries (compiled for Windows, Linux and MacOS), but we also found the first working JavaScript PoC for Spectre. The latest (just-released) versions of e.g. Chrome and Firefox includes special fixes, so at least the PoC won't work anymore.

--------------

[67448dc9873c5fox]

heise.de: "MeltdownPrime & SpectrePrime: Neue Software automatisiert CPU-Angriffe"

Nach Meltdown und Spectre hatten Experten prognostiziert, dass das Zuschneiden auf spezifische Chips eine Weile dauern würde. Dieser Prozess lässt sich nun durch Automatisierung beschleunigen. Dabei wurden auch neue Variationen der Angriffe gefunden.

------------

heise.de: "Meltdown und Spectre: Flut an Sammelklagen gegen Intel"

Chip-Riese Intel führt in seinem Form-10-K-Jahresbericht an die US-Börsenaufsicht SEC auf, dass derzeit 32 Klagen wegen der Sicherheitslücken Meltdown und Spectre gegen den Konzern anhängig sind. In 30 davon fodern Käufer von Intel-Prozessoren angemessene finanzielle Entschädigungen.

Bei den beiden übrigen handelt es sich laut dem Form-10-K-Bericht um "securites class action lawsuits" von Aktionären. Sie werfen Intel vor, im Zeitraum zwischen Entdeckung der Lücke im Sommer 2017 und der Bekanntgabe Anfang Januar 2018 falsche oder irreführende Aussagen zu Produkten und zum internen Kontrollsystem des Konzerns gemacht zu haben. Intels Chef Brian Krzanich steht zudem wegen seines Verkaufs von Unternehmensaktien unter Rechtfertigungsdruck. Er hatte im November, also noch vor Bekanntgabe der dramatischen Sicherheitslücken Intel-Aktien im Wert von 24 Millionen US-Dollar verkauft.

[67448dc98757efox]

heise.de: "Spectre-Lücke: Intels Microcode-Updates für Linux und Windows"

-------------

Vaguely related but interesting:

https://www.amdflaws.com/

13 Critical Security Vulnerabilities and Manufacturer Backdoors discovered throughout AMD Ryzen & EPYC product line

heise.de: "Sicherheitsforscher beschreiben 12 Lücken in AMD-Prozessoren"

[67448dc987711Myagi]

A "response" to that amdflaws thing

https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs

[67448dc9878adfox]

Yes, the linked heise-article also mentions the dubious origins (with Israeli intelligence connections) and the missing proof. Remains to be seen how this one unfolds. Thanks for the link, it's an interesting analysis.

-----

There's some confirmation now.

AMD: "A raft of flaws in AMD chips makes bad hacks much, much worse"

-----

For some extra spice you can follow these private detectives right here:
https://forums.anandtech.com/threads/amdflaws-com-what-is-this.2540299/page-6#post-39344342

[67448dc987a40fox]

heise.de: "Weiterer Experte bestätigt Sicherheitsprobleme in AMD Ryzen und Epyc"

-----

Some more insight into the situation and the company...

AnandTech.com:  "Our interesting call with CTS-Labs"

The CTS-guys did sound pretty reasonable, at least until the journalists asked them questions that rubbed them the wrong way at the end. There are a few shades of grey to be found here when comes to their motivation and business.

[67448dc987b5ffox]

The vulnerabilities are officially confirmed now.

AMD: "Initial AMD Technical Assessment of CTS Labs Research"

[67448dc987cdcvoodoo47]

weren't CTS revealed as frauds? basically, an offshoot of some shady company that earns money by manipulating stock prices.

[67448dc987e04Myagi]

From what I gather, the security flaws (at least some, maybe all?) are real, but involve having access to the HW so not that relevant to average joe home user (?). However how and why CTS "discovered" and published them, is apparently quite shady.

[67448dc987f90JDoran]

Yes, any security flaw that requires physical access to the victim's hardware (not counting a broadband cable, obviously) is pretty much irrelevant for most home users, and arguably most businesses, I'd have thought, though I don't know which of the new flaws (if they are genuine) fall into this category as I've not yet read up on them or on experts' opinions on them.

[67448dc9880b6fox]

CTS are a shady operation but obviously they aren't frauds (in terms of their research). Most of the vulnerabilities do not require physical access to the HW but administrative access (meaning root). These aren't going to become weapons of mass destruction but as part of specialized attacks they are able to compromise systems so deeply that they can never be considered trustworthy again.

[67448dc988216fox]

blog.frizk.net: "Total Meltdown?"

heise.de: "Kernel-Lücke Total Meltdown: Meltdown-Patch für Windows 7 verschlimmert die Lage dramatisch"

Apparently, it has been fixed already and only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable.

[67448dc98838cJML]

Thanks. In my mind I just moved closer to possibility to change my last desktop system to Linux Mint before the EOL of Win7 in 2020.

[67448dc9884b3fox]

heise.de: "Sicherheitslücke Spectre V2: Ältere Intel-Prozessoren bleiben schutzlos"

[67448dc98866ffox]

heise.de: "Spectre-NG: Intel-Prozessoren von neuen hochriskanten Sicherheitslücken betroffen"

guru3d: "Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical"

---

heise.de: "Windows 10 1803 ohne Microcode-Updates gegen Spectre V2"

Oh and Intel stock is currently about 7$ higher then when the news about Meltdown/Spectre V2 broke in January and it appears that Krzanich is still not being investigated by the SEC for possible insider trading.

In other news, Cambridge Analytica is now called Emerdata, Raider is still Twix and in response to the massive data leak, Facebook is now aiming to become the new Tinder.

[67448dc988812fox]

heise.de: "Spectre-NG: Intel verschiebt die ersten Patches – koordinierte Veröffentlichung aufgeschoben"

[67448dc988922fox]

ThreatPost.com: "Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4"

[67448dc988aabJML]

The researchers have validated the Spectre1.1 and Spectre1.2 attacks on both Intel x86 and ARM processors.

Softpedia.com: "New Variant of Spectre Security Flaw Discovered: Speculative Buffer Overflows"

[67448dc988bbffox]

heise.de: "CPU-Lücken ret2spec und SpectreRSB entdeckt"

[67448dc988cdbfox]

"NetSpectre: Read Arbitrary Memory over Network" [PDF]
https://misc0110.net/web/files/netspectre.pdf

[67448dc988dbdJML]

Ouuff. Looks like highly scientific gobbledygook to me. Thanks though!

[67448dc989b63fox]

heise.de: "Spectre-NG: "Foreshadow" gefährdet Intel-Prozessoren Update"
https://foreshadowattack.eu/