Will on 7 Jan 2018 19:29:23 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] It's the final meltdown!! (Security vulnerabilies)

The story of the grad students discussing the attack vector and then trying to get some code working after going to a pub means this vulnerability was not leaked by a state. As far as the parallel discovery, the exploits are related and it wouldn't take to look in related areas of exploits. 

If you have been on our IRC channel in the past week, apparently there was a related bug to these exploits on a BSD mailing list (can't remember which one) in 2007. One of the people were complaining about a similar issue with regards to their 2007 Intel Core2Duo. I have a feeling people are getting enough information now with take kernel security for granted that it's time to review the code like this again. 

FYI, all of this was loosely hinted at by Eric Raymond when he gave his talk on NTP-sec. Aging code and everything developed based on concepts that are respected and trusted may all be subject to vulnerabilities. Also note that the Linux kernel in mid life started a new security initiative. After hearing some of these exploits, it looks like there are some fundementals of processor design that will need to be re-evaluated. 

I do have one question, has Spectre been seen out in the wild yet or not? From what I have been reading is that only security in process is questionable which means it's attack scope is still fairly limited. 

-Will C 

On Jan 7, 2018 10:14 PM, "Christopher Barry" <christopher.r.barry@gmail.com> wrote:
Good points. See inline.

On Jan 4, 2018 11:27 AM, "John Von Essen" <john@quonix.net> wrote:
I know people are freaking out about this, and its a big deal, but…. the thing I dont fully understand is why cant antivirus detect the “act” of grabbing leaked memory data? Also, what are the uneffected CPUs?

Many/most Linux users do not wear antivirus. This is PLUG, right?  The CPU list is very long. Most likely, yours is on it.


Even if antivirus cant detect the reading of CPU memory, the attack still requires a piece of software to implement, most hackers will ultimately end up using and distributing the same or similar software, so that can be tagged by anti-virus. I mean do you think every hacker will write their own custom malware.


Could States and other actors already have tools, probably. Could leaks of those tools recently be playing a role in this 'discovery'? Good point, don't know.



Lastly, you still need to get the malware on your PC, so if you are very careful, behind a firewall, and only install “approved” or “signed” apps, you should be good. On my work PC, for the past 10 years, I have never gotten infected by anything, the only software I install is commercial products like Office, etc.,. and I never download random apps, I mainly download PDFs, and misc content.

So with good self control, this shouldn’t be too bad.

The real threat is cloud computing, where a hacker can just buy a VM, run their malware, and read all the contents of the cloud platforms CPU. Hence another reason not to use the cloud for critical stuff or sensitive data. Cloud is great for little web sites of content, but super sensitive data should be on your own hardware.

-John



 

On Jan 4, 2018, at 12:49 AM, Will <staticphantom@gmail.com> wrote:

Thank you to Keith Perry and Rich Mingin. 

The security issues broken down from their more proper CVE's can be seen here: https://meltdownattack.com

The website discussed the bugs found in hardware as well as their scope. Ladies and Gentlemen we maybe witnessing a defining moment of security this year as the impact may reach heart bleed level press in the next few days. 

-Will C
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug