The new flaw

Interestingly, the news of such a possible security flaw went out previously on a German magazine. However, the official statement and description came out very recently,

This new variant of Spectre infects processors from Intel, AMD, ARM and IBM. Companies like Intel, Microsoft, Ubuntu, Red Hat, IBM, ARM, AMD etc. have already published security advisories explaining the working method of this bug along with all the possible mitigation advices.

SpectreNG

This new variant of Spectre has also earned a nice name to call – SpectreNG. Both the researchers of Microsoft and Google identified the vulnerability independently. Both bug discovery have very similarities. That’s why they are classified as Spectre variant 3a and 4. The Spectre variant 3a is tagged as CVE-2018-3640 and variant 4 is tagged as CVE-2018-3639.

The variant 3a is a form of the Meltdown flaw whereas variant 4 is completely new attack from the Spectre family. As you may have already guessed, both of them are caused by speculative execution – a method that enables all the faster processing power of all the modern CPUs.

For understanding the working method of both of the vulnerabilities, take a look at this video that Red Hat published on YouTube.

According to Microsoft’s advisory, an attacker successfully exploiting the vulnerability can be able to read privileged data across trust boundaries. Such condition may break down the system of sandbox environment.

From Google’s part, Jann Horn, the man who was behind the invention of Meltdown and Spectre flaws, has also published the proof-of-concept code for the vulnerability. Unfortunately, a remove JavaScript code can successfully exploit the Spectre variant 4. According to Microsoft, there’s been no attempt recorded trying to exploit the vulnerability.

Additional patches

Intel’s general manager of Product Assurance and Security, Leslie Culbertson, said that the original patches for Meltdown and Spectre should be enough for mitigating the variant 4.

However, Intel has already released a new patch for the Spectre variant 4. It’s in the beta form and sent to OEMs.

The post The Ghost of Spectre Again – SpectreNG appeared first on Linux Windows and android Tutorials.

What is SGX?

The SGX (Intel Software Guard eXtension) is a feature of Intel processors allowing apps to create so-called enclaves that are hardware-isolated sections of the processor’s processing memory where apps run sensitive operations like encryption keys, passwords, user data etc. The Meltdown and Spectre flaws revealed last year shows that such information can be stolen from the processor’s memory due to the bugged system mechanism. However, the classic form of Meltdown or Spectre wasn’t enough to extract data from the SGX enclaves.

How SgxSpectre works

SgxSpectre is the perfect solution that can steal data from the Intel’s SGX enclaves. According to the researchers, the SgxSpectre is capable of doing so because of the specific code pattern in the software libraries that allowed devs to integrated SGX support in their apps. The vulnerable SGX SDKs include Rust-SGX, Graphene-SGX, and Intel SGX.

A hacker, in theory, and practice can leverage the patterns of repetitive code execution that these SDKs introduce in SGX enclaves. Thus, the hacker can watch small variations of cache size. This is the process named “classic side-channel attack” and it’s quite effective in the field.

According to the researchers, SgxSpectre compromises the confidentiality of SGX enclaves completely because of the vulnerable code execution patterns. As these are difficult to eliminate, SgxSpectre attack can be performed against any programs that use the SGX enclave facility.

It’s notable that the concept of SGX enclave is still in the early days. Because of the facilities, its adoption is also quite fast-paced including the public clouds. Almost all the present SGX libraries contain the flawed execution pattern and are extremely hard to remove.

Here’s how it works.

Security incoming

The recent fixes from Intel for Spectre didn’t prove their worth, as those were easy to work around. According to Intel’s reaction to this SgxSpectre, Intel SGX SDK is going to have an update on 16 March 2018. App developers must integrate the new SGX SDK libraries into their SGX-enabled apps and issue updates to the users.

According to the researchers, those apps who use Google’s Retpoline anti-Spectre coding techniques are safe from SgxSpectre. That’s a nice relief that Google’s apps aren’t vulnerable to the new Spectre exploit.

For staying secured, update all the apps in your system as soon as available. It’s important to defend against heinous attackers. The proof-of-concept code is publicly available on GitHub. Here’s also a demonstration that shows the practical usage of SgxSpectre.

Intel announced that they’ll be shipping processors free of Meltdown and Spectre in 2018. However, it’s still not 100% guaranteed that such exploits won’t be available. Take a look how more Meltdown and Spectre flaws may emerge.

The post SgxSpectre – Improved Spectre Exploit Revealed appeared first on Linux Windows and android Tutorials.

Security experts from Princeton University and NVIDIA have currently authored a new research paper that explains the “MeltdownPrime” and “SpectrePrime”. These exploits use the side-channel timing attacks to leverage the modern processor flaws. The attacks are able to extract data from the processor’s cache memory that might contain confidential info like passwords.

According to the report of the Register, the proof-of-concept exploit “SpectrePrime” has been successfully used on a MacBook with Intel Core i7 processor. However, the MeltdownPrime hasn’t been successful to demonstrate the capability of an actual hardware. Note that Meltdown massively infects Intel chips.

The Risk

Fortunately, we don’t have to panic just yet. For security reason, the codes used for creating the exploits haven’t been released, ensuring no imminent risk for the time being. However, the security experts developed exploits in the lab, meaning that the real criminals are already on the brink of creating such exploits. The current system patches are able to protect from Meltdown and Spectre like MeltdownPrime, SpectrePrime, and other potential exploits. We’re now waiting for Intel to release an official patch for these bugs.

According to security researchers, processor manufacturers might be facing extreme difficulty in making hardware changes to ensure immunity from these bugs. The flaws are so deeply integrated with the current silicon processors that covering the Meltdown and Spectre along with all the possible flaws might be extremely difficult.

Flawless Processors

The easiest and the most effective solution now is to change the hardware that can be costly for most. Intel announced that they’ll release Meltdown and Spectre free processors will arrive later this year. AMD also announced that their Meltdown and Spectre free processor (Zen 2 architecture) will arrive market in 2019. Until then, we have to stick with the software patches that has become a real mess all around the world. It’s also a matter to consider whether those will be really free from these bugs.

Intel’s Bug Bounty

In the meantime, Intel has increased the price of ‘bug bounty’ to get more help from the community on different flaws. The scheme is currently offering $250,000 for side-channel bugs/flaws like Meltdown and Spectre. The bounty for other channels has become around $100,000.

This program is available for everyone. That means that now, any security researcher may contribute to processors whereas previously, Intel only allowed invited researchers. This ensures that more people are hunting down the bug(s) and hopefully, find them out faster before the world knows them.

The post Meltdown and Spectre Exploits are Available! appeared first on Linux Windows and android Tutorials.

The Meltdown and Spectre are the biggest security flaws till date. The core of the operating systems and flawed working method of modern CPUs allowed these bugs to be present for decades. They remained hidden until the end of 2017 when security researchers discovered them. The news shook the security platform, of course.

The very important thing is, Linux was the most vulnerable one of all. As Linux runs on the top level computers like servers, supercomputers etc. it’s important to keep them running for more productivity. However, when installing kernel patches, every device generally need to reboot to complete the action. With the help of KernelCare, it can complete without any reboot.

The kernel patch

Kernel patches can easily mitigate the vulnerability of a system to Meltdown and Spectre. The Meltdown can be disabled via the kernel, but Spectre is a difficult one. Yet, kernel patches will make them harder to exploit for hackers, a temporary solution. When installing them, the device must reboot to complete the process. Sure, it’s not big of an issue for general users like us. But when it’s a server or supercomputer we’re talking about huge business – any slight disturbance might cause unexpected situations.

KernelCare features

That’s where KernelCare comes in handy. According to CloudLinux, KernelCare is now capable of applying the Meltdown and Spectre patches for RHEL 7, CentOS 7 & 7+, Promox Virtual Environment 3.10 and CloudLinxu 7 series OS.

For using the service of KernelCare, the subscription charge is $2.25 per server per month. If you have any doubt about the product, you can also take a trial for 30 days. Moreover, CloudLinux also promises to bring support for more GNU/Linux distributions very soon. The list includes Ubuntu, Debian, CloudLinux 6, RHEL 6, Virtuozzo 6 series and CentOS 6. However, a fact CloudLinux covered is Xen PV – they won’t support it. Xen PV is widely used by enterprises and cloud providers.

Ubuntu LTS series seeming comes up with a similar service like KernelCare, but that patching service (Canonical Livepatch Service) isn’t able of live patching the Meltdown and Spectre vulnerabilities. So, until the Canonical Livepatch Service comes up with the Meltdown and Spectre patches, you can go with KernelCare for your business. Take a look at KernelCare.

If you’re not interested in KernelCare, you can also use tools that will identify any attempt of exploiting Meltdown. The tool will cover Spectre in the future. The tool is available for Linux. Check out the Linux tool.

The post KernelCare from CloudLinux – Promise to Fix Meltdown and Spectre without Reboot appeared first on Linux Windows and android Tutorials.

The Spectre patch

The Meltdown was relatively easy to resolve using software patches. A few kernel tweaks and changes are enough to mitigate exploitation of the Meltdown. The kernel is the core software of any OS. It works in-between the hardware and software. However, the Spectre is a harder one.

Microsoft has published a Windows update for disabling microcode patches released earlier for the Spectre variant 2 – Branch Target Injection (CVE-2017-5715) vulnerability. Microsoft released this counter patch after a week Intel asked customers and OEMs to stop deploying the buggy security patches. According to Intel, those patches might introduce more reboots than expected and unpredictable system behavior.

The reason

Why is Microsoft disabling the patch? The answer from Microsoft was quite logical. Unstable systems will eventually cause data loss or corruption. Think of a scenario like this: you’re working hard on your next day assignment or in the middle of an ongoing project, then your system reboots out of nowhere (unexpected reboots). This is more annoying than Spectre, I believe.

However, you don’t need to worry about the Meltdown and Spectre right now. These security flaws are, by their nature, is very hard to pull off. The Meltdown is relatively easier to pull off compared to Spectre. The Spectre requires a deeper knowledge of the victim’s programs’ inner workings. As you guessed, not every hacker is that much good. Moreover, there has been no report of using Spectre variant 2 (CVE-2017-5715) to exploit a system.

What to do

Windows will automatically download and install the update via Windows Update. The update is also available to download from the Microsoft Catalog. The update ID is KB4078130 and size is 24KB. For advanced users, Microsoft also describes a method to disable the Spectre variant 2 patch using Windows Registry. Two guides are available – for desktops and servers.

It’s mostly Intel to blame for the issues. Intel has earned a really bad reputation in the press and the community for their inability to provide necessary & flawless security fix for the speculative execution bugs. Speculative execution is such a blazing technique that boosts the performance far ahead. However, Intel’s CEO Brian Krzanich said that we may see new Intel processors free of these bugs within 2018. If you’re interested in learning more about the Meltdown and Spectre bug, check out the complete details.

If you’re a Windows user, you already know how much time + bandwidth consuming process is Windows Update. Using a 3^rd-party tool, you can cut this short several times! Check out how to use WSUS Offline Update.

The post Windows Update to Kill Spectre Patch appeared first on Linux Windows and android Tutorials.

Hackers are never falling behind the trend of the present. They’re also trying hard to use these flaws to exploit systems. In this series of attempts, they’re now releasing fake update packages in the name of system patches. That package contains a heinous malware to take over your system.

Smoke Loader

Malwarebytes spotted that fake package. The firm has also identified a new domain that contains a whole bunch of info on how Meltdown and Spectre affect CPUs. Apparently, the website also contains some content from the German Federal Office for Information Security (BSI). The fake package is a ZIP archive link. The file name was “Intel-AMD-SecurityPatch-10-1-v1.exe”.

How it works

A victim trying to download and deploy the file installs Smoke Loader malware without any knowledge. Moreover, the installed malware downloads several more payloads by connecting to various domains and start sending encrypted data to servers. The website was also sending fake phishing emails. Here’s a screenshot of the website.

Here is the file that contains the malware. Note that Smoke Loader is capable of loading other bunches of malware additionally to wreak havoc on your system.

The identifier of the malware, Malwarebytes already contacted with CloudFlare and Comodo on such abuse. Even if this attack is diminished, hackers are already on the edge of inventing other methods.

How to stay protected

To stay protected, it’s always necessary to stay vigilant and aware of such spoofing. You need to use the best antivirus or internet security software to prevent any malware injection into your system. You’re also recommended to take a look at the top antivirus software 2018.

Because of the Meltdown and Spectre, Linux is the most vulnerable to these attacks. Linux is the most used OS in the top level of cyber world – supercomputers, servers etc. all run on it. Fortunately, there’s a tool that will take care of any Meltdown attack, allowing system admins not to install the buggy Meltdown patch that slowed down the system. Learn more about the tool.

The post Fake Meltdown and Spectre Patch – Beware of Malware appeared first on Linux Windows and android Tutorials.

If you don’t know how Meltdown and Spectre works, here’s a summary. Every modern processor uses a method called “speculative execution”. This method makes the processor function blazingly faster. Using the method, a hacker can execute such a program that can disclose sensitive info from other apps. Learn in-depth about the Meltdown and Spectre bug here.

For Windows users, there’s a tool called InSpectre. This tool will analyze your system and tell if you’re vulnerable to these bugs. Get InSpectre. However, for Linux users, this type of tool wasn’t available. Thankfully, Linux Lite developers created such a tool for every Linux distro. Linux Lite is a Linux distro based on Ubuntu.

How to use

The tool is very simple to use. It’s a CLI tool, so please be focused.

• Download the Spectre Meltdown Checker Automated from GitHub.
• Extract the ZIP archive in a folder.
• Open a terminal in that directory and run the following command:
• Double-click on “sm-start” or run the following command:

chmod +x sm-*

If you’re using XFCE with Thunar, use the following command:

xfconf-query --channel thunar --property /misc-exec-shell-scripts-by-default --create --type bool --set true

It’ll show an output like in the GIF shown below.

If this tool seems a bit difficult, there’s another similar tool. It’s a very simple, plain shell script to check out for the vulnerabilities. Get the script Spectre & Meltdown Checker. When you run the script, you can see the following result. It’s a sample one.

What to do now

After running this tool, you’ll know whether you’re vulnerable to any of the flaws. If you’re not, congratulations! In case your system is vulnerable, you need to think about it.

Whatever your system’s status is, it’s the best to run a system update. Different Linux distros follow different rules to manage and update the system. Here’s a detailed guide to update & upgrade your Linux.

Here’s a caution – don’t install Intel’s latest microcode. Different specialists are criticizing the buggy and troublesome patch from Intel. Many computers simply started reboot unexpectedly along with some other issues. So, for now, it’s the best to stay out of that microcode update.

For Linux users, Linux Lite can make a big change to your perspective and a refreshing desktop. It’s based on Ubuntu, the most popular Linux distro ever. It’s mostly focused on simplicity and faster performance. Check out Linux Lite today!

Have you checked your system? If not, do it now. The Meltdown and Spectre is a result of faulty processors, mostly Intel processors. These flaws can’t be removed completely without hardware replacement. However, using software upgrades, we can mitigate the danger.

The post Automated Tool from Linux Lite Devs – Check for Meltdown and Spectre appeared first on Linux Windows and android Tutorials.

Using the Meltdown and Spectre flaws, a hacker could theoretically pull out sensitive info out of the system. As we know how these bugs work, we can fix them despite the cost. However, Simon Segars tells us that more flaws are yet to be found out in the systems. In an interview at CES 2018, he said, “The reality is there are probably other things out there like it that have been deemed safe for years. Somebody whose mind is sufficiently warped toward thinking about security threats may find other ways to exploit systems which had otherwise been considered completely safe.”

The cause of Meltdown and Spectre

The reason why Meltdown and Spectre grew up is the speculative execution. It’s a hardware technique that allows a processor to perform significantly faster. If we are to avoid the exploits, we have to get rid of the “speculative execution”. This is way too much to give up. Segars said that the speed boost is too significant to remove it from advanced chipsets.

Cybersecurity

Simon Segars also puts force on cybersecurity, “cybersecurity is a mess”. Cyberspace needs 100% security as AI and IoT are getting more and more traction in the cyber world. Flaws like Meltdown and Spectre will simply put everything at a great risk in these scenarios.

“It really is mind-bending what people have done to exploit this side effect”, Simon Segars said. “Nobody thought of it before. Like all discoveries, they’re only obvious after the point they’re discovered.” It’s true that companies are adopting speculative execution for years, and none thought about the potential of vulnerability. According to Segars, “But what you’ll see is [that] the end system is a combination of software and hardware. How it’s written and tested — all of that will evolve to make sure the risks of using that approach are well understood.”

ARM hasn’t decided to change their processor’s architecture or software yet for preventing any future security risks. Segars ensured that ARM will continue examining similar potential vulnerabilities while making processor tweaks.

Why didn’t ARM find the flaw itself? Segars answered, “What this demonstrates is that the world of security is a moving target. Just when you think you’ve got things under control, something else comes along.” The same statement is true for all other processor manufacturers.

Check your system with InSpectre

Is your system vulnerable to Meltdown and Spectre? You can now check using InSpectre tool. It’s a very small (<1MB) tool for Windows PCs to check out your system’s status. Get InSpectre.

All we can do now is stay alert for any malware and keeping all our software and OS up-to-date. Until the systems are bug-free for good, we have to wait a long time (maybe years).

The post More Meltdown and Spectre Flaws Incoming! appeared first on Linux Windows and android Tutorials.

The Meltdown exploit was discovered by three teams – a team at Cyberus Technology, Jann Horn at Google Project Zero and a team at the Graz University of Technology. They discovered and reported the flaw independently.

The Spectre exploit was discovered by a team led by Paul Kocher along with representatives from the University of Pennsylvania, University of Adelaide, Data61, University of Maryland and Rambus. The flaw was identified and reported independently.

Why are these threats so dangerous? They allow a hacker to simply use the hardware resource to steal information while leaving no trace in the traditional log file! Even traditional antivirus software is unlikely to detect illegal access to programs using the exploit.

Why these bugs are serious

Unlike other heinous bugs found previously, these two bugs are more serious to date. The truth is, these bugs not only affects desktops & laptops but also virtually all the company’s processors produced since 1995 with a few exception.

Both of these bugs allow unauthorized access to the processing data. Generally, a program isn’t allowed to read other apps’ data and is ensured by the hardware. Unfortunately, these bugs allow such action to perform.

How the Meltdown and Spectre work

Meltdown: This one mainly affects most of the Intel processors. This bug works by breaking the barrier that prevents apps from getting access to arbitrary locations in the kernel memory. The kernel segregates and protects memory for every single process and keeps a barrier so that one can’t interfere with another’s data. However, the meltdown bug now makes this serious procedure unreliable. This flaw mostly makes desktops & laptops vulnerable.

This flaw even allows anyone in the cloud to retrieve the data without any permission and privilege. Virtually, this affects every user of a personal computer. Intel’s “speculative execution” method used in the processors doesn’t fully segregate processes by low-privilege and high-privilege that are meant to be in the computer’s kernel memory.

Spectre: Intel, AMD and ARM processors are affected by this bug. The working method is different than meltdown bug, however. This flaw tricks applications into disclosing the secured data inside their protected memory area. This exploit is harder to pull off. However, this bug affects even mobile devices, thus making it even harder to patch up and fix.

This is a set of attacks that involve unexpected and incorrect execution of the victim program that leaks the victim’s confidential data via a side channel. Unlike Meltdown, this affects virtually every device.

Intel processors are the most vulnerable to these bugs. AMD and ARM processors seem to be largely immune to the Meltdown bug. However, the Spectre affects everyone.

The bug fix

These two monstrous bugs work on the hardware level. When there’s a bug with the software, it’s much easier to find out and fix. Like the major bugs the popular software (OpenSSL – Heartbleed, Linux – Shellshock etc.), these hardware bugs are harder to fix.

In the case of Meltdown, it’s easier to temporarily patch the software system. Linux, Windows, OS X etc. have already released a patch for this one. However, the work on Spectre is still ongoing.

How to stay secure

These bugs are pretty difficult to exploit. Unfortunately, these are hard to fix and hackers will always try to use these exploits to their advantages.

For end users, it’s pretty difficult but several steps will surely slow down any hacker.

• Update all your software to the latest version.
• Whenever available, update your device drivers.
• Update your anti-malware tool and scan your system for any malicious tool. You can check out for the best antimalware tools.
• Apply any system patch if available.

All the tech giants are already working to fix these flaws. AMD believes that they’re on the least. Microsoft relied heavily on Intel processors. They’re going to have a patch very soon. Linux devs already released a fix. Apple’s patch for macOS, iOS, tvOS is on the way. Google has already safeguarded their products and services from the flaw.

In the case of Intel processors, the current fix ensures security in the cost of performance. However, we need to wait quite a long time until every single hardware is patched up. It’s a reminder for the future technologies not to ignore any single bit to test for any security threat. We hope that all the new upcoming processors won’t have these flaws anymore.

Until everything’s alright, just stay tight and alerted!

The post The Meltdown and Spectre – All Computers at Stake appeared first on Linux Windows and android Tutorials.