The types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself & the outlook for 2018.

Plus a concise breakdown of Meltdown, Spectre & side-channel attacks like only TechSNAP can.

Then we run through the timeline of events & the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances, your questions & more!

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

What is Meltdown and Spectre

  • Meltdown and Spectre

  • These vulnerabilities have been present in most computers for nearly 20 years.

  • Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack.

  • What is a side channel?

From Wikipedia:

“… a side-channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system.”

  • Spectre and Meltdown are side-channel attacks which deduce the contents of a memory location which should not normally be accessible by using timing to observe whether another, accessible, location is present in the cache.

  • Meltdown is a CPU vulnerability. It works by using modern processors’ out-of-order execution to read arbitrary kernel-memory location. This can include personal data and passwords. This functionality has been an important performance feature. It’s present in many modern processors, most noticeably in 2010 and later Intel processors. By breaking down the wall between user applications and operating system’s memory allocations, it can potentially be used to spy on the memory of other programs and the operating systems.

  • Spectre breaks down the barriers between different applications. You could theoretically use it to trick applications into accessing arbitrary program, but not kernel, memory locations. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate, and it attacks even more chip architectures than Meltdown does. For now, there are no universal Spectre patches.

  • Meltdown And Spectre Explained

  • The timeline: How we got to Spectre and Meltdown A Timeline  

  • ‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown

Behind the Scenes all is not well

Meltdown and Spectre Patch Performance Hit

Protecting our Google Cloud customers from new vulnerabilities without impacting performance

With the performance characteristics uncertain, we started looking for a “moonshot”—a way to mitigate Variant 2 without hardware support. Finally, inspiration struck in the form of “Retpoline”—a novel software binary modification technique that prevents branch-target-injection, created by Paul Turner, a software engineer who is part of our Technical Infrastructure group. With Retpoline, we didn’t need to disable speculative execution or other hardware features. Instead, this solution modifies programs to ensure that execution cannot be influenced by an attacker.

What’s the fix for Meltdown and Spectre?

Checking yourself and the outlook for 2018

macOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password

A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.

The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

WD My Cloud NAS devices have hard-wired backdoor

The backdoor, detailed here, lets anyone log in as user mydlinkBRionyg with the password abc12345cba.

Feedback

+ New video feed http://techsnap.systems/video

Question? Comments? Contact us here!