The Return of Spectre | TechSNAP 357

techsnap-0357-v

New variants, bad patches, busted microcode & devastated performance. It’s a TechSNAP Meltdown & Spectre check up.

Plus Tesla gets hit by Monero Cryptojacking & a dating site that matches people based on their bad passwords…. So we gave it a go!

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

People Are Actually Using a Joke Dating Site That Matches People Based on Their Passwords

This website answers the question no one ever asked: what if you dated someone who used the same password?

Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users’ machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting ‘pirate’ serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users’ web browsers.

Lessons from the Cryptojacking Attack at Tesla

New research from the RedLock CSI team revealed that the latest victim of cryptojacking is Tesla. While the attack was similar to the ones at Aviva and Gemalto, there were some notable differences. The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.

Chef InSpec 2.0 helps automate security compliance in cloud apps

InSpec is a free open source tool that enables development teams to express security and compliance rules as code. Version 1.0 was about ensuring that applications were set up properly. The new version extends this capability to the cloud where companies are running the applications, allowing teams to test and write rules for compliance with cloud security policy. It supports AWS and Azure and comes with 30 common configurations out of the box including Docker, IIS, NGINX and PostgreSQL.

Meltdown and Spectre Check Up

Linux upstream kernel

Noteworthy:

FreeBSD Finally Gets Mitigated For Spectre & Meltdown

There is Meltdown mitigation for Intel CPUs via a KPTI implementation similar to Linux, the Kernel Page Table Isolation. There is also a PCID (Process Context Identifier) optimization for Intel Westmere CPUs and newer, just as was also done on Linux.

For their Spectre mitigation they are currently making use of IBRS: Indirect Branch Restricted Speculation. The IBRS feature just as with Linux requires support from the CPU microcode and is for mitigating the Variant Two vulnerability as an alternative to Retpolines.

Spectre & Meltdown Checkers
  • Linux: Stéphane Lesimple put together a simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs.
    • Linux: Red Hat Check Script – get the latest version from the diagnose tab of the main Red Hat vulnerability article.
    • Linux: Debian Spectre-Meltdown Checker – Spectre & Meltdown vulnerability/mitigation checker available in stretch-backports.
    • Microsoft Windows: See the Windows section in this document containing the link to the official Powershell script.
Microsoft gives sysadmins Meltdown and Spectre detection in Windows Analytics

Windows Analytics can now scan enterprise PCs running Windows 10, Windows 8.1 and Windows 7 and report on whether they’re prepped to fend off attacks based on the Meltdown and Spectre vulnerabilities.

Meltdown fix’s ‘massive overhead’ will slow Linux systems, warns Netflix engineer

Brendan Gregg describes the impact of updates to the Linux kernel that work around Meltdown as demonstrating the “largest kernel performance regressions I’ve ever seen”.

New Spectre, Meltdown variants leave victims open to side-channel attacks

MeltdownPrime and SpectrePrime, found by Princeton and NVIDIA researchers, may require significant hardware changes to be mitigated.

In Conclusion… For Now.

  • Keep in mind Meltdown was one attack…
  • But Spectre is a class of attacks, which we will be hearing about for years very likely.
  • Plan to keep patching against Spectre attacks.

Feedback

Question? Comments? Contact us here!