Recently, a serious vulnerability has been found in the Microsoft patch for Meltdown. For a quick reminder, meltdown removes the barrier of memory and allows access to other apps’ memory locations unauthorized. You can check out the original nature of Meltdown here.

According to Alex Ionescu, a security researcher from cyber-security firm Crowdstrike, the patch allowed bypassing the security barrier and take the advantage of the chipset flaws for stealing information. Almost all the Microsoft Windows 10 versions are infected with the vulnerability, except the latest Windows 10 Redstone 4 (v1803). It seems like Microsoft has fixed the vulnerability in the latest update.

Old Windows 10 systems are still running the bypass-able patch for Meltdown. Instead of backporting the update faster, Microsoft has released another new update for the Windows Host Computer Service Shim (hcsshim) library flaw (CVE-2018-8155) that allowed a hacker execute remote code in the vulnerable system. The updated version of the “hcsshim” is available on GitHub.

How to Stay Secured

If you’re a Windows 10 user, make sure to update to the latest version – v1803. Microsoft is already working with the backport updates. According to our assumption, the patch may arrive in May 2018 Patch Tuesday, but it’s just a speculation.

The post Microsoft Meltdown Patch Fatal Flaw – Work Ongoing appeared first on Linux Windows and android Tutorials.

Security experts from Princeton University and NVIDIA have currently authored a new research paper that explains the “MeltdownPrime” and “SpectrePrime”. These exploits use the side-channel timing attacks to leverage the modern processor flaws. The attacks are able to extract data from the processor’s cache memory that might contain confidential info like passwords.

According to the report of the Register, the proof-of-concept exploit “SpectrePrime” has been successfully used on a MacBook with Intel Core i7 processor. However, the MeltdownPrime hasn’t been successful to demonstrate the capability of an actual hardware. Note that Meltdown massively infects Intel chips.

The Risk

Fortunately, we don’t have to panic just yet. For security reason, the codes used for creating the exploits haven’t been released, ensuring no imminent risk for the time being. However, the security experts developed exploits in the lab, meaning that the real criminals are already on the brink of creating such exploits. The current system patches are able to protect from Meltdown and Spectre like MeltdownPrime, SpectrePrime, and other potential exploits. We’re now waiting for Intel to release an official patch for these bugs.

According to security researchers, processor manufacturers might be facing extreme difficulty in making hardware changes to ensure immunity from these bugs. The flaws are so deeply integrated with the current silicon processors that covering the Meltdown and Spectre along with all the possible flaws might be extremely difficult.

Flawless Processors

The easiest and the most effective solution now is to change the hardware that can be costly for most. Intel announced that they’ll release Meltdown and Spectre free processors will arrive later this year. AMD also announced that their Meltdown and Spectre free processor (Zen 2 architecture) will arrive market in 2019. Until then, we have to stick with the software patches that has become a real mess all around the world. It’s also a matter to consider whether those will be really free from these bugs.

Intel’s Bug Bounty

In the meantime, Intel has increased the price of ‘bug bounty’ to get more help from the community on different flaws. The scheme is currently offering $250,000 for side-channel bugs/flaws like Meltdown and Spectre. The bounty for other channels has become around $100,000.

This program is available for everyone. That means that now, any security researcher may contribute to processors whereas previously, Intel only allowed invited researchers. This ensures that more people are hunting down the bug(s) and hopefully, find them out faster before the world knows them.

The post Meltdown and Spectre Exploits are Available! appeared first on Linux Windows and android Tutorials.

The Meltdown and Spectre are the biggest security flaws till date. The core of the operating systems and flawed working method of modern CPUs allowed these bugs to be present for decades. They remained hidden until the end of 2017 when security researchers discovered them. The news shook the security platform, of course.

The very important thing is, Linux was the most vulnerable one of all. As Linux runs on the top level computers like servers, supercomputers etc. it’s important to keep them running for more productivity. However, when installing kernel patches, every device generally need to reboot to complete the action. With the help of KernelCare, it can complete without any reboot.

The kernel patch

Kernel patches can easily mitigate the vulnerability of a system to Meltdown and Spectre. The Meltdown can be disabled via the kernel, but Spectre is a difficult one. Yet, kernel patches will make them harder to exploit for hackers, a temporary solution. When installing them, the device must reboot to complete the process. Sure, it’s not big of an issue for general users like us. But when it’s a server or supercomputer we’re talking about huge business – any slight disturbance might cause unexpected situations.

KernelCare features

That’s where KernelCare comes in handy. According to CloudLinux, KernelCare is now capable of applying the Meltdown and Spectre patches for RHEL 7, CentOS 7 & 7+, Promox Virtual Environment 3.10 and CloudLinxu 7 series OS.

For using the service of KernelCare, the subscription charge is $2.25 per server per month. If you have any doubt about the product, you can also take a trial for 30 days. Moreover, CloudLinux also promises to bring support for more GNU/Linux distributions very soon. The list includes Ubuntu, Debian, CloudLinux 6, RHEL 6, Virtuozzo 6 series and CentOS 6. However, a fact CloudLinux covered is Xen PV – they won’t support it. Xen PV is widely used by enterprises and cloud providers.

Ubuntu LTS series seeming comes up with a similar service like KernelCare, but that patching service (Canonical Livepatch Service) isn’t able of live patching the Meltdown and Spectre vulnerabilities. So, until the Canonical Livepatch Service comes up with the Meltdown and Spectre patches, you can go with KernelCare for your business. Take a look at KernelCare.

If you’re not interested in KernelCare, you can also use tools that will identify any attempt of exploiting Meltdown. The tool will cover Spectre in the future. The tool is available for Linux. Check out the Linux tool.

The post KernelCare from CloudLinux – Promise to Fix Meltdown and Spectre without Reboot appeared first on Linux Windows and android Tutorials.

The Spectre patch

The Meltdown was relatively easy to resolve using software patches. A few kernel tweaks and changes are enough to mitigate exploitation of the Meltdown. The kernel is the core software of any OS. It works in-between the hardware and software. However, the Spectre is a harder one.

Microsoft has published a Windows update for disabling microcode patches released earlier for the Spectre variant 2 – Branch Target Injection (CVE-2017-5715) vulnerability. Microsoft released this counter patch after a week Intel asked customers and OEMs to stop deploying the buggy security patches. According to Intel, those patches might introduce more reboots than expected and unpredictable system behavior.

The reason

Why is Microsoft disabling the patch? The answer from Microsoft was quite logical. Unstable systems will eventually cause data loss or corruption. Think of a scenario like this: you’re working hard on your next day assignment or in the middle of an ongoing project, then your system reboots out of nowhere (unexpected reboots). This is more annoying than Spectre, I believe.

However, you don’t need to worry about the Meltdown and Spectre right now. These security flaws are, by their nature, is very hard to pull off. The Meltdown is relatively easier to pull off compared to Spectre. The Spectre requires a deeper knowledge of the victim’s programs’ inner workings. As you guessed, not every hacker is that much good. Moreover, there has been no report of using Spectre variant 2 (CVE-2017-5715) to exploit a system.

What to do

Windows will automatically download and install the update via Windows Update. The update is also available to download from the Microsoft Catalog. The update ID is KB4078130 and size is 24KB. For advanced users, Microsoft also describes a method to disable the Spectre variant 2 patch using Windows Registry. Two guides are available – for desktops and servers.

It’s mostly Intel to blame for the issues. Intel has earned a really bad reputation in the press and the community for their inability to provide necessary & flawless security fix for the speculative execution bugs. Speculative execution is such a blazing technique that boosts the performance far ahead. However, Intel’s CEO Brian Krzanich said that we may see new Intel processors free of these bugs within 2018. If you’re interested in learning more about the Meltdown and Spectre bug, check out the complete details.

If you’re a Windows user, you already know how much time + bandwidth consuming process is Windows Update. Using a 3^rd-party tool, you can cut this short several times! Check out how to use WSUS Offline Update.

The post Windows Update to Kill Spectre Patch appeared first on Linux Windows and android Tutorials.

Hackers are never falling behind the trend of the present. They’re also trying hard to use these flaws to exploit systems. In this series of attempts, they’re now releasing fake update packages in the name of system patches. That package contains a heinous malware to take over your system.

Smoke Loader

Malwarebytes spotted that fake package. The firm has also identified a new domain that contains a whole bunch of info on how Meltdown and Spectre affect CPUs. Apparently, the website also contains some content from the German Federal Office for Information Security (BSI). The fake package is a ZIP archive link. The file name was “Intel-AMD-SecurityPatch-10-1-v1.exe”.

How it works

A victim trying to download and deploy the file installs Smoke Loader malware without any knowledge. Moreover, the installed malware downloads several more payloads by connecting to various domains and start sending encrypted data to servers. The website was also sending fake phishing emails. Here’s a screenshot of the website.

Here is the file that contains the malware. Note that Smoke Loader is capable of loading other bunches of malware additionally to wreak havoc on your system.

The identifier of the malware, Malwarebytes already contacted with CloudFlare and Comodo on such abuse. Even if this attack is diminished, hackers are already on the edge of inventing other methods.

How to stay protected

To stay protected, it’s always necessary to stay vigilant and aware of such spoofing. You need to use the best antivirus or internet security software to prevent any malware injection into your system. You’re also recommended to take a look at the top antivirus software 2018.

Because of the Meltdown and Spectre, Linux is the most vulnerable to these attacks. Linux is the most used OS in the top level of cyber world – supercomputers, servers etc. all run on it. Fortunately, there’s a tool that will take care of any Meltdown attack, allowing system admins not to install the buggy Meltdown patch that slowed down the system. Learn more about the tool.

The post Fake Meltdown and Spectre Patch – Beware of Malware appeared first on Linux Windows and android Tutorials.

The new tool developed by SentinelOne is named Blacksmith. It’s a free tool for everyone. Get Blacksmith from SentinelOne. However, Blacksmith tool isn’t open-source. SentinelOne decided to save time by expediting its development in-house, according to Raj Rajamani, vice president of project management at SentinelOne. He also informed that the tool is free for everyone in hope of securing Linux systems while devs create reliable system patches.

Why use Blacksmith

At the end of 2017, security researchers identified the horrible & terrible bug in most of the modern processors. All these processors used a method called “speculative execution” that allowed these 2 heinous bugs to be possible. Intel, AMD, and ARM – all are affected by them, mostly Intel. The Meltdown flaw is a design flaw of all the Intel chips. The flaw was in the kernel that controlled the chip performance. It’s possible to defend using software patches. However, the Spectre is a lot more difficult to defend against. Learn more about the Meltdown and Spectre.

With the help of SentinelOne’s Blacksmith, Linux users now will be defending Meltdown attacks successfully. The company is working on a similar tool for defense against Spectre as well.

The tool works beyond all the other tools offer today. Some tools only tell you whether you’re exposed or not. Security researcher Dor Danker at SentinelOne used behavioral detection methods to develop Blacksmith that’s capable of catching any Meltdown exploit & attempts. Danker and his fellow researchers took several weeks to prepare the tool. The process required gathering data from industry partners, chip makers, and Microsoft.

Why on Linux

The reason this tool is made for Linux is pretty obvious. First of all, Linux is more susceptible to Meltdown attacks with no extensive available solution. An important note, the top computers – servers, supercomputers etc. all use Linux as their OS. These 2 reasons are very lucrative for hackers to target Linux as an easy, valuable hunt.

According to Migo Kedem, SentinelOne’s director of product management said that the reasons make it clear why Linux needs effective protection as quickly as possible.

The currently available patches slow down the system. It’s not so much visible for home users. However, the influence is huge when we talk about enterprises. It’s the main reason why IT organizations may decide to resist the patches or wait for further patches. That’s where this tool will be really handy without any performance changes.

How Blacksmith works

The tool influences the feature of performance counting on modern chipsets. Using this method, Blacksmith can monitor malicious caching behavior. According to Danker, the Meltdown creates different patterns during exploitation.

Here’s the official demonstration of Blacksmith.

On modern chipsets, Blacksmith uses the built-in Linux mechanism “perf evennts”. It collects info about running processes. Kedem said that in case of virtual environments and older processors, Blacksmith looks for a specific type of page fault, indicating Meltdown exploitation attempts.

When the tool identifies any attempt, Blacksmith reports to “Syslog” locally. If the “Syslog” is on a remote server, Blacksmith sends the report via email. Checking on that, system admins can take necessary measures to clean up the exploitation.

The post The Meltdown Defense – Linux Tool by SentinelOne appeared first on Linux Windows and android Tutorials.

If you don’t know how Meltdown and Spectre works, here’s a summary. Every modern processor uses a method called “speculative execution”. This method makes the processor function blazingly faster. Using the method, a hacker can execute such a program that can disclose sensitive info from other apps. Learn in-depth about the Meltdown and Spectre bug here.

For Windows users, there’s a tool called InSpectre. This tool will analyze your system and tell if you’re vulnerable to these bugs. Get InSpectre. However, for Linux users, this type of tool wasn’t available. Thankfully, Linux Lite developers created such a tool for every Linux distro. Linux Lite is a Linux distro based on Ubuntu.

How to use

The tool is very simple to use. It’s a CLI tool, so please be focused.

• Download the Spectre Meltdown Checker Automated from GitHub.
• Extract the ZIP archive in a folder.
• Open a terminal in that directory and run the following command:
• Double-click on “sm-start” or run the following command:

chmod +x sm-*

If you’re using XFCE with Thunar, use the following command:

xfconf-query --channel thunar --property /misc-exec-shell-scripts-by-default --create --type bool --set true

It’ll show an output like in the GIF shown below.

If this tool seems a bit difficult, there’s another similar tool. It’s a very simple, plain shell script to check out for the vulnerabilities. Get the script Spectre & Meltdown Checker. When you run the script, you can see the following result. It’s a sample one.

What to do now

After running this tool, you’ll know whether you’re vulnerable to any of the flaws. If you’re not, congratulations! In case your system is vulnerable, you need to think about it.

Whatever your system’s status is, it’s the best to run a system update. Different Linux distros follow different rules to manage and update the system. Here’s a detailed guide to update & upgrade your Linux.

Here’s a caution – don’t install Intel’s latest microcode. Different specialists are criticizing the buggy and troublesome patch from Intel. Many computers simply started reboot unexpectedly along with some other issues. So, for now, it’s the best to stay out of that microcode update.

For Linux users, Linux Lite can make a big change to your perspective and a refreshing desktop. It’s based on Ubuntu, the most popular Linux distro ever. It’s mostly focused on simplicity and faster performance. Check out Linux Lite today!

Have you checked your system? If not, do it now. The Meltdown and Spectre is a result of faulty processors, mostly Intel processors. These flaws can’t be removed completely without hardware replacement. However, using software upgrades, we can mitigate the danger.

The post Automated Tool from Linux Lite Devs – Check for Meltdown and Spectre appeared first on Linux Windows and android Tutorials.

Using the Meltdown and Spectre flaws, a hacker could theoretically pull out sensitive info out of the system. As we know how these bugs work, we can fix them despite the cost. However, Simon Segars tells us that more flaws are yet to be found out in the systems. In an interview at CES 2018, he said, “The reality is there are probably other things out there like it that have been deemed safe for years. Somebody whose mind is sufficiently warped toward thinking about security threats may find other ways to exploit systems which had otherwise been considered completely safe.”

The cause of Meltdown and Spectre

The reason why Meltdown and Spectre grew up is the speculative execution. It’s a hardware technique that allows a processor to perform significantly faster. If we are to avoid the exploits, we have to get rid of the “speculative execution”. This is way too much to give up. Segars said that the speed boost is too significant to remove it from advanced chipsets.

Cybersecurity

Simon Segars also puts force on cybersecurity, “cybersecurity is a mess”. Cyberspace needs 100% security as AI and IoT are getting more and more traction in the cyber world. Flaws like Meltdown and Spectre will simply put everything at a great risk in these scenarios.

“It really is mind-bending what people have done to exploit this side effect”, Simon Segars said. “Nobody thought of it before. Like all discoveries, they’re only obvious after the point they’re discovered.” It’s true that companies are adopting speculative execution for years, and none thought about the potential of vulnerability. According to Segars, “But what you’ll see is [that] the end system is a combination of software and hardware. How it’s written and tested — all of that will evolve to make sure the risks of using that approach are well understood.”

ARM hasn’t decided to change their processor’s architecture or software yet for preventing any future security risks. Segars ensured that ARM will continue examining similar potential vulnerabilities while making processor tweaks.

Why didn’t ARM find the flaw itself? Segars answered, “What this demonstrates is that the world of security is a moving target. Just when you think you’ve got things under control, something else comes along.” The same statement is true for all other processor manufacturers.

Check your system with InSpectre

Is your system vulnerable to Meltdown and Spectre? You can now check using InSpectre tool. It’s a very small (<1MB) tool for Windows PCs to check out your system’s status. Get InSpectre.

All we can do now is stay alert for any malware and keeping all our software and OS up-to-date. Until the systems are bug-free for good, we have to wait a long time (maybe years).

The post More Meltdown and Spectre Flaws Incoming! appeared first on Linux Windows and android Tutorials.

The Meltdown exploit was discovered by three teams – a team at Cyberus Technology, Jann Horn at Google Project Zero and a team at the Graz University of Technology. They discovered and reported the flaw independently.

The Spectre exploit was discovered by a team led by Paul Kocher along with representatives from the University of Pennsylvania, University of Adelaide, Data61, University of Maryland and Rambus. The flaw was identified and reported independently.

Why are these threats so dangerous? They allow a hacker to simply use the hardware resource to steal information while leaving no trace in the traditional log file! Even traditional antivirus software is unlikely to detect illegal access to programs using the exploit.

Why these bugs are serious

Unlike other heinous bugs found previously, these two bugs are more serious to date. The truth is, these bugs not only affects desktops & laptops but also virtually all the company’s processors produced since 1995 with a few exception.

Both of these bugs allow unauthorized access to the processing data. Generally, a program isn’t allowed to read other apps’ data and is ensured by the hardware. Unfortunately, these bugs allow such action to perform.

How the Meltdown and Spectre work

Meltdown: This one mainly affects most of the Intel processors. This bug works by breaking the barrier that prevents apps from getting access to arbitrary locations in the kernel memory. The kernel segregates and protects memory for every single process and keeps a barrier so that one can’t interfere with another’s data. However, the meltdown bug now makes this serious procedure unreliable. This flaw mostly makes desktops & laptops vulnerable.

This flaw even allows anyone in the cloud to retrieve the data without any permission and privilege. Virtually, this affects every user of a personal computer. Intel’s “speculative execution” method used in the processors doesn’t fully segregate processes by low-privilege and high-privilege that are meant to be in the computer’s kernel memory.

Spectre: Intel, AMD and ARM processors are affected by this bug. The working method is different than meltdown bug, however. This flaw tricks applications into disclosing the secured data inside their protected memory area. This exploit is harder to pull off. However, this bug affects even mobile devices, thus making it even harder to patch up and fix.

This is a set of attacks that involve unexpected and incorrect execution of the victim program that leaks the victim’s confidential data via a side channel. Unlike Meltdown, this affects virtually every device.

Intel processors are the most vulnerable to these bugs. AMD and ARM processors seem to be largely immune to the Meltdown bug. However, the Spectre affects everyone.

The bug fix

These two monstrous bugs work on the hardware level. When there’s a bug with the software, it’s much easier to find out and fix. Like the major bugs the popular software (OpenSSL – Heartbleed, Linux – Shellshock etc.), these hardware bugs are harder to fix.

In the case of Meltdown, it’s easier to temporarily patch the software system. Linux, Windows, OS X etc. have already released a patch for this one. However, the work on Spectre is still ongoing.

How to stay secure

These bugs are pretty difficult to exploit. Unfortunately, these are hard to fix and hackers will always try to use these exploits to their advantages.

For end users, it’s pretty difficult but several steps will surely slow down any hacker.

• Update all your software to the latest version.
• Whenever available, update your device drivers.
• Update your anti-malware tool and scan your system for any malicious tool. You can check out for the best antimalware tools.
• Apply any system patch if available.

All the tech giants are already working to fix these flaws. AMD believes that they’re on the least. Microsoft relied heavily on Intel processors. They’re going to have a patch very soon. Linux devs already released a fix. Apple’s patch for macOS, iOS, tvOS is on the way. Google has already safeguarded their products and services from the flaw.

In the case of Intel processors, the current fix ensures security in the cost of performance. However, we need to wait quite a long time until every single hardware is patched up. It’s a reminder for the future technologies not to ignore any single bit to test for any security threat. We hope that all the new upcoming processors won’t have these flaws anymore.

Until everything’s alright, just stay tight and alerted!

The post The Meltdown and Spectre – All Computers at Stake appeared first on Linux Windows and android Tutorials.