Perhaps Meltdown and Spectre CPU design weakness headache the IT guy this month. Sounds like the overall environment covered with mist! But the sunrise will be raised finally to get rid the dark. Can you remember that replay attack on WPA2 Wifi network last year? You did OS version upgrade and change the authentication method because of this incident. No matter hardware and software, the IT product life cycle is short today. In the meantime, Microsoft can help you to do the detection of this attack if your Wi-Fi network authentication integrate with Active Directory. You are able to verify the details on event viewer or make use of your SIEM Dashboard to review the details.  For more details, please see below url provided by Microsoft for reference.

4649(S): A replay attack was detected:

https://docs.microsoft.com/en-us/windows/device-security/auditing/event-4649

About 14 hours ago VMware official announce the products mitigation plan in regards to CPU design vulnerabilities (Spectre and Meltdown). Even though mitigation plan has been released. For recent chip design weakness, once the patches are applied, developers have to rewrite code to support the patch. Perhaps VMware programming team cannot address the problem in full scale. But you do not have choices if you are a VM users!

For more details, please see below url for reference:

VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown)

https://kb.vmware.com/s/article/52245

All the world perhaps unhappy with existing financial world. Cyyptocurrency became stronger and stronger. We seen last year the cypto currency market activities especially Ethererum, Bitcoin told the world they have market support. Kodak pioneer jump to this hot area. (KODK)’s stock surged as much as 125% in trading after the announcement. Apparently there are more cyber business opportunities coming to IT industry. AWS, Azure and Office 365 cloud platform provides flexibility assists technology firm resolves costing and labor which assists business doing the IT transformation. For more details about Kodak business strategic transformation, please refer below URL for reference.

http://money.cnn.com/2018/01/09/technology/kodakcoin/index.html

Reference: Information security perspective -Hyperledger (Blockchain Technology)

Overview of hyperledger (Blockchain Technology) security design

Microsoft release patch this week objectives Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. A problem encountered on AMD chip after patch installed. The system not boot. Microsoft suspected that the root causes by AV software. For  more details, please see below informative diagram for reference. The reference url shown as below:

Windows operating system security update block for some AMD based devices:

https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices

Important: Windows security updates released January 3, 2018, and antivirus software:

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

Take care man!

In order to avoid the effects of Spectre (CVE-2017-5753 and CVE-2017-5715), Apple announced solution (patching) to mitigate this vulnerabilities. It was surprise that the result looks different from the security analysis report findings. It looks that no significant performance slow down and not require to re-design CPU. However Apple computer address the problem this time is for Spectre attack. Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, it looks that it does not protect against Spectre till new design concept of idea found! It looks that the easy way is disable CPU L1 cache. But it will reduce the performance.  It surprise to me that Azuer and Apple apply the patch and did not encountered known performance issue?  Perhaps cloud base system platform is memory intensive instead of CPU intensive. Or the problem not been correctly address. For your reference: Apple patch announcement:

macOS High Sierra 10.13.2 Supplemental Update

https://support.apple.com/en-hk/HT208397

Safari 11.0.2 includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).

https://support.apple.com/en-hk/HT208403

iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).

https://support.apple.com/en-hk/HT208401

The Chinese mantra “time can tell” looks like a witness to modern hardware and software development industry. As we know IBM mainframe (s390) and Sun SPARC given the feeling to the world in last decase was that they are far away from modern technologies. Even though S390 contains LPAR function allow multuple OS platform operation includes Windows server , linux and 3rd party unix run in their box. The general comments feedback from IT world was that they are outdated. A rumours were true and Oracle laid off the core talent of the Solaris and SPARC teams last year. As a matter of fact, protect the IT world not only Cyber security services provider. (For example, the defense solution vendor headache because they do not have precise idea how to detect and defense such design limitation problem). In future may be the former giant will give you an assistance to you. Why?It was because SPARC and S390 support “Address Space Identifiers” (ASIs). In the sense that they did the Kernel page-table isolation already. They are not vulnerable to “meltdown and “Spectre” vulnerabilities.

Remark:

SPARC v8 privileged instructions shown as below:

• user mode instruction fetch is ASI 0x08,
• supervisor mode instruction fetch is ASI 0x09
• user mode normal data access is ASI 0x0A
• supervisor mode normal data access is ASI 0x0B

An urgent alert announced by US Homeland security urge computer user stay alerting of CPU design bug found this month. The victim firm Intel looks provides their comments that this know issue not encountered on their product only. As a matter of fact, this is true the side channel attack on mobile devices was happened early this year (reference url):

Tragedy – Android bugs, should we wait or we should take pre-emptive action?

I speculated that WAN acceleration solution vendor and Software defined network will be the next of the victims but now they are keep silent. Perhaps headline news article comment that no know cyber attacks deployed similar definition of theory utilization in past. But I’m in doubt? We all imagine that this is a nightmare. But a potential business opportunities are coming soon. From high level point of view, perhaps such CPU design limitation of cyber attack given by end-point. A tremendous business to enhance government and enterprise firm  endpoint especially mobile devices management in preventive and detective control. The managed security services and SIEM to enhance detective control. The truth is that this is the business opportunities. Below details of the url is the new announcement by Amazon.

https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

Below details better than what I say thousand of words.
Current status update in regards to CPU (Intel) design limitations.

AMD https://www.amd.com/en/corporate/speculative-execution

• AMD proud of it, they did not made this mistake! Seems it is a long run in development,It is hard to tell this moment. Stay tuned. Good luck to him!

ARM https://developer.arm.com/support/security-update

Intel https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Microsoft https://portal.msrc.microsoft.com/en-US/eula

Linux https://lkml.org/lkml/2017/11/22/956

F5 https://support.f5.com/csp/article/K91229003

It looks strange that similar vulnerability found on Aug 2017. I remember that my article posted here mentioned before (see below url for reference). In the meantime, I personally agree with Intel announcement that  based on the CPU features to date, many types of computing devices  with many different vendors’ processors and operating systems are susceptible to these exploits. And therefore Intel might not the only victim.

The enemy of ASLR (Address space layout randomization) – memory leak

Any other vendors especially virtual machine OS, they do not confirm yet and inform that they are not involve in this CPU design limitation vulnerability?

The cache side channel attack of this security incident on Intel side looks compatible to other chips vendor. The worst scenario is that similar channel attack will be happened once you have cache. So, foreseen that this is the prelude of new form of attack in this year!

Headline news today told the world of chip design hiccups given by CPU manufacturer (Intel).  You are easy to do a google search to find out the details.  During the first announcement of virtual machine design concept come to the world, security expert foreseen that a multiple vulnerabilities will be happen in future. It looks that the victims on this incident is cloud computing service provider. Since their operation fully compatible with virtual machine. In short below picture can simply to provide the idea. For more detail, please refer below url issued by Forbes.

Intel Processor Bug Leaves All Current Chips Vulnerable And Its Fix Saps Performance [Updated by forbes.com] – https://www.forbes.com/sites/davealtavilla/2018/01/03/intel-processor-bug-leaves-all-current-chips-vulnerable-and-its-fix-saps-performance/#75546002570a