Category Archives: Spectre

Raising Spectres – blocks off the old chips

  1. A paper from the University of Graz offers a disquieting alternative view, suggesting that Spectre attacks aren’t necessarily dependent on code being executed locally. The paper NetSpectre: Read Arbitrary Memory over Network demonstrates “a generic remote Spectre variant 1 attack … the first access-driven remote Evict+Reload cache attack over network”.Admittedly, a side-channel attack that leaks 15 bits an hour doesn’t sound all that impressive, though the researchers also claimed that “Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system.”  For the Register, Thomas Claburn points out that this might not be as bad as it sounds, in that “it could take days to find and gather privileged information such as an encryption key or authentication token.”

    According to Claburn, Intel are playing it cool: “”NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753), and is mitigated in the same manner – through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate…” Claburn interprets this as meaning that “Essentially, if you’ve updated your code and applications to mitigate previous Spectre exploits, you should be safe from NetSpectre.”

  2. Researchers in the US also have a new Spectre attack to pique our interest. Here’s the research in question: Spectre Returns! Speculation Attacks using the Return Stack Buffer from the University of California, Riverside. “In this paper, we introduce a new Spectre-class attack that we call SpectreRSB. In particular, rather than exploiting the branch predictor unit, SpectreRSB exploits the return stack buffer (RSB), a common predictor structure in modern CPUs used to predict return addresses.”Commentary from Bleeping Computer (Catalin Cimpanu): Researchers Detail New CPU Side-Channel Attack Named SpectreRSB.
  3. The Register cites an instance where the medicine could do with a spoonful of sugar: Spectre/Meltdown fixes in HPC: Want the bad news or the bad news? It’s slower, say boffins – “MIT Lincoln metalheads broke big iron so you don’t have to… oh, you still have to, don’t you?…network connections, disk accesses, and computational workloads can all be affected by the fixes, whether in the operating system or the microcode.”
  4. Also from Bleeping Computer: Academics Announce New Protections Against Spectre and Rowhammer Attacks – “Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer.”
  5. Maybe the sky is falling after all. In a paper dramatically entitled Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers, Eurecom researchers they present “a new side channel that affects mixed-signal chips used in widespread wireless communication protocols, such as Bluetooth and WiFi. … the radio transmitter may unintentionally broadcast sensitive information from hardware cryptographic components or software executing on the CPU. The well-known electromagnetic (EM) leakage from digital logic is inadvertently mixed with the radio carrier, which is amplified and then transmitted by the antenna.”

    Commentary by Richard Chirgwin for The Register: Boffins: Mixed-signal silicon can SCREAM your secrets to all – “‘Screaming Channels’, a side-channel baked into off-the-shelf Wi-Fi, Bluetooth silicon.”

David Harley

Advertisements

AVIEN resource updates: July 15th 2018

Updates to Anti-Social Media 

(1) ESET: Facebook fined over data privacy scandal

You’re probably already aware of the gentle tap on the wrist administered by the UK’s Information Commissioner’s Office (ICO), but this does actually indicate why the penalty was so much less than you might have expected (in theory, up to 4% of the company’s total income).

(2) An article from The Next Web: Experts warn DeepFakes could influence 2020 US election – “Fake AI-generated videos featuring political figures could be all the rage during the next election cycle, and that’s bad news for democracy.”

(3) Graham Cluley: Facebook doesn’t want to eradicate fake news. If it did they’d kick out InfoWars – “Social networks giving sick conspiracy theorists a platform to spread hate.” Graham points out that InfoWars misinformation is also an issue on YouTube.

Updates to Meltdown/Spectre and other chip-related resources

John Leyden for The Register: Google’s ghost busters: We can scare off Spectre haunting Chrome tabs – “Site Isolation keeps pages fully separate on Windows, Mac, Linux, Chrome OS … Rather than solely defending against cross-site scripting attacks, the technology is now positioned as a necessary defence against infamous data-leaking Spectre CPU vulnerabilities, as a blog post by Google explained this week…”

Updates to Chain Mail Check

Brian Krebs: Sextortion Scam Uses Recipient’s Hacked Passwords

The scammer claims to have made a video of the intended victim watching porn, and threatens to send it to their friends unless payment is made. Not particularly novel: the twist with this one is that it “references a real password previously tied to the recipient’s email address.” Krebs suggests that the scammer is using a script to extract passwords and usernames from a known data breach from at least ten years ago.

The giveaway is that very few people are likely to be using the same password now – and it’s unlikely that there are that many people receiving the email who might think that such a video could have been made. Still, it seems that some people have actually paid up, and it’s possible that a more convincing attack might be made sending a more recent password to a given email address, and perhaps using a different type of leverage.

Commentary from Sophos here.

David Harley

June 29th AVIEN resource updates

Updates to Cryptocurrency/Crypto-mining News and Resources

FireEye: RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique

The Register: – How polite: Fun-bucks coin miners graciously ease off CPU pounding “…according to Johannes Ullrich, head of research at SANS, who today pointed out that malicious mining apps are scaling down activity and employing built-in encryption to make them harder for antivirus packages to detect.”

Updates to Meltdown/Spectre and other chip-related resources

Catalin Cimpanu for Bleeping Computer: Some Spectre In-Browser Mitigations Can Be Defeated “According to research published by Aleph Security … researchers were able to put together proof-of-concept code that retrieves sensitive data from a browser’s protected memory … their PoC bypassed Spectre mitigations and retrieved data from browsers such as Edge, Chrome, and Safari.” (But not Firefox, apparently.)

See also these anti-social media page updates.

David Harley

April 15th resource updates

Updates to Anti-Social Media 

The Register: Super Cali’s frickin’ whiz kids no longer oppose us: Even though Facebook thought info law was quite atrocious – “Zuck & Co end fight against California’s privacy legislation” Extra points to El Reg for the title, even if it doesn’t actually scan very well. 🙂

Sophos: Facebook shines a little light on ‘shadow profiles’ (or what Facebook knows about people who haven’t signed up to Facebook).

Also from Sophos: Interview: Sarah Jamie Lewis, Executive Director of the Open Privacy Research Society. OPRS is a privacy advocacy and research group aiming to “to make it easier for people, especially marginalized groups (including LGBT persons), to protect their privacy and anonymity online…”

Updates to Cryptocurrency/Crypto-mining News and Resources

F5: WINDOWS IIS 6.0 CVE-2017-7269 IS TARGETED AGAIN TO MINE ELECTRONEUM – “Last year, ESET security researchers reported that the same IIS vulnerability was abused to mine Monero, and install malware to launch targeted attacks against organizations by the notorious “Lazarus” group.”

The Register: Tried checking under the sofa? Indian BTC exchange Coinsecure finds itself $3.5m lighter. “Indian Bitcoin exchange Coinsecure has mislaid 438.318 BTC belonging to its customers.”

Help Net Security: 2.5 billion crypto mining attempts detected in enterprise networks – “The volume of cryptomining transactions has been steadily growing since Coinhive came out with its browser-based cryptomining service in September 2017.” This is commentary on an earlier article from Zscaler: Cryptomining is here to stay in the enterprise.

Updates to Meltdown/Spectre – Related Resources

Help Net Security: AMD users running Windows 10 get their Spectre fix – microcode to mitigate Spectre variant 2, and a Microsoft update for Windows 10 users.

Updates to Specific Ransomware Families and Types

[14th April 2018] Bleeping Computer re PUBG (and RensenWare, a blast from the past): PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown’s Battlegrounds, based on research from MalwareHunter. Described as a joke, but apart from the fact that such messing with a victim’s data might conceivably go horribly wrong in some circumstances – it doesn’t appear to be an impeccably well-coded program – and is likely in any case to cause the victim serious concern, it looks to me as though this is criminal activity, involving unauthorized access and modification in most jurisdictions.

Updates to Mac Virus

The Register: Exposed: Lazy Android mobe makers couldn’t care less about security  “Never. Is never a good time to get vulnerability fixes? Never is OK with you? Cool, never it is”

Graham Cluley for Bitdefender: China forces spyware onto Muslim’s Android phones, complete with security holes. Links to Adam Lynn’s report for the Open Technology Fund: App Targeting Uyghur Population Censors Content, Lacks Basic Security

Updates to Anti-Malware Testing

[14th April 2018]

Fairness and ethical testing: Pointer to a blog for ESET by Tony Anscombe: Anti-Malware testing needs standards, and testers need to adopt them “A closer look at Anti-Malware tests and the sometimes unreliable nature of the process.” A good summary, and a useful reminder of the work that AMTSO is doing, but it’s a shame that after all these years we still need to keep making these points.

David Harley

Intel gives up and Microsoft tries again…

Updates to Meltdown/Spectre – Related Resources

[April 4 2018] John Leyden for The Register: Badmins: Magento shops brute-forced to scrape card deets and install cryptominers

Resource updates March 29th 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

  • Security|DMA|Hacking: Total Meltdown? (Analysis of the Windows 7 Meltdown patch fiasco)

David Harley

Resource updates 28th March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Meltdown/Spectre – Related Resources

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

iOS

Android

Updates to Chain Mail Check

Resource updates 21st March 2018

Additions to the new Anti-Social Media page:

Additions to Meltdown/Spectre – Related Resources

16th March 2018 resources updates

Added to the AMD section of the Meltdown/Spectre resource page, which for administrative reasons has now been moved here

Added to the Intel section:

John Leyden waxes satirical at Intel’s expense in The Register: Intel: Our next chips won’t have data leak flaws we told you totally not to worry about – “Meltdown, Spectre-free CPUs coming this year, allegedly”

Added to the Microsoft/Windows section:

Richard Chirgwin for The Register: Microsoft starts buying speculative execution exploits – “Adds bug bounty class for Meltdown and Spectre attacks on Windows and Azure”

David Harley

13th March 2018 resources updates

(1) New section on Trend Micro Resources in Meltdown/Spectre – Related Resources

Trend Micro: Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters
“We worked on a detection technique for attacks that exploit Meltdown and Spectre by utilizing performance counters available in Intel processors. They measure cache misses — the state where data that an application requests for processing is not found in the cache memory — that can be used to detect attacks that exploit Meltdown and Spectre.”

(2) Cryptocurrency/Crypto-mining News and Resources

David Harley