IT guys busy all the time even though at home and therefore sometimes they might forget somethings. There are 2 big things being happen at the end of this month. Heads up that PCI-DSS version 3.1 will be obsolete at the end of the month (31st Jan 2018). The version 3.2 will be effective on 1st Feb 2018.For more details, please refer below url for reference.
PCI DSS 3.2 – Important January 31, 2018 Deadline & Clarifications
On the other hand, an official announcement on 2017 told that China moves to block internet VPNs from 2018. Will China block access to all personal VPN services by Feb 2018? For more details, please refer below url for reference.
Article Claims China Will Block VPNs This Week, Causing Confusion
We heard that vendor recommend install the patch into your server, workstation and notebook within this month. In regards to meltdown and Spectre technical white paper. We known the design weakness are divided into 3 parts. This variant 2 – branch target injection flaw might the easy one to resolve in comparing the remains 2 items of vulnerabilities. That is Bounds check bypass and Rogue data cache load, memory access permission check performed after kernel memory read. Retpoline as a mitigation strategy which control indirect branches for returns, to avoid using predictions which come from the BTB (Branch Target Buffer). But Spectre vulnerability contained bounds check bypass vulnerability. In reality, security researchers comments that the vulnerabilities are difficult to exploit in practice. Perhaps big team might spend resources to re-engineering this flaw in future then transform as a APT attack tool. Since hacker is silent at this moment. At least no one exploit those vulnerability.However US Democratic looks with interest of this incident.
U.S. lawmaker asks Intel, others for briefing on chip flaws (see url below):
Perhaps Meltdown and Spectre CPU design weakness headache the IT guy this month. Sounds like the overall environment covered with mist! But the sunrise will be raised finally to get rid the dark. Can you remember that replay attack on WPA2 Wifi network last year? You did OS version upgrade and change the authentication method because of this incident. No matter hardware and software, the IT product life cycle is short today. In the meantime, Microsoft can help you to do the detection of this attack if your Wi-Fi network authentication integrate with Active Directory. You are able to verify the details on event viewer or make use of your SIEM Dashboard to review the details. For more details, please see below url provided by Microsoft for reference.
4649(S): A replay attack was detected:
About 14 hours ago VMware official announce the products mitigation plan in regards to CPU design vulnerabilities (Spectre and Meltdown). Even though mitigation plan has been released. For recent chip design weakness, once the patches are applied, developers have to rewrite code to support the patch. Perhaps VMware programming team cannot address the problem in full scale. But you do not have choices if you are a VM users!
For more details, please see below url for reference:
VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown)
All the world perhaps unhappy with existing financial world. Cyyptocurrency became stronger and stronger. We seen last year the cypto currency market activities especially Ethererum, Bitcoin told the world they have market support. Kodak pioneer jump to this hot area. (KODK)’s stock surged as much as 125% in trading after the announcement. Apparently there are more cyber business opportunities coming to IT industry. AWS, Azure and Office 365 cloud platform provides flexibility assists technology firm resolves costing and labor which assists business doing the IT transformation. For more details about Kodak business strategic transformation, please refer below URL for reference.
Reference: Information security perspective -Hyperledger (Blockchain Technology)
Overview of hyperledger (Blockchain Technology) security design
Microsoft release patch this week objectives Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. A problem encountered on AMD chip after patch installed. The system not boot. Microsoft suspected that the root causes by AV software. For more details, please see below informative diagram for reference. The reference url shown as below:
Windows operating system security update block for some AMD based devices:
Important: Windows security updates released January 3, 2018, and antivirus software:
Take care man!
In order to avoid the effects of Spectre (CVE-2017-5753 and CVE-2017-5715), Apple announced solution (patching) to mitigate this vulnerabilities. It was surprise that the result looks different from the security analysis report findings. It looks that no significant performance slow down and not require to re-design CPU. However Apple computer address the problem this time is for Spectre attack. Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, it looks that it does not protect against Spectre till new design concept of idea found! It looks that the easy way is disable CPU L1 cache. But it will reduce the performance. It surprise to me that Azuer and Apple apply the patch and did not encountered known performance issue? Perhaps cloud base system platform is memory intensive instead of CPU intensive. Or the problem not been correctly address. For your reference: Apple patch announcement:
macOS High Sierra 10.13.2 Supplemental Update
Safari 11.0.2 includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).
iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).
The Chinese mantra “time can tell” looks like a witness to modern hardware and software development industry. As we know IBM mainframe (s390) and Sun SPARC given the feeling to the world in last decase was that they are far away from modern technologies. Even though S390 contains LPAR function allow multuple OS platform operation includes Windows server , linux and 3rd party unix run in their box. The general comments feedback from IT world was that they are outdated. A rumours were true and Oracle laid off the core talent of the Solaris and SPARC teams last year. As a matter of fact, protect the IT world not only Cyber security services provider. (For example, the defense solution vendor headache because they do not have precise idea how to detect and defense such design limitation problem). In future may be the former giant will give you an assistance to you. Why?It was because SPARC and S390 support “Address Space Identifiers” (ASIs). In the sense that they did the Kernel page-table isolation already. They are not vulnerable to “meltdown and “Spectre” vulnerabilities.
SPARC v8 privileged instructions shown as below:
- user mode instruction fetch is ASI 0x08,
- supervisor mode instruction fetch is ASI 0x09
- user mode normal data access is ASI 0x0A
- supervisor mode normal data access is ASI 0x0B
An urgent alert announced by US Homeland security urge computer user stay alerting of CPU design bug found this month. The victim firm Intel looks provides their comments that this know issue not encountered on their product only. As a matter of fact, this is true the side channel attack on mobile devices was happened early this year (reference url):
Tragedy – Android bugs, should we wait or we should take pre-emptive action?
I speculated that WAN acceleration solution vendor and Software defined network will be the next of the victims but now they are keep silent. Perhaps headline news article comment that no know cyber attacks deployed similar definition of theory utilization in past. But I’m in doubt? We all imagine that this is a nightmare. But a potential business opportunities are coming soon. From high level point of view, perhaps such CPU design limitation of cyber attack given by end-point. A tremendous business to enhance government and enterprise firm endpoint especially mobile devices management in preventive and detective control. The managed security services and SIEM to enhance detective control. The truth is that this is the business opportunities. Below details of the url is the new announcement by Amazon.
Below details better than what I say thousand of words.
Current status update in regards to CPU (Intel) design limitations.
- AMD proud of it, they did not made this mistake! Seems it is a long run in development,It is hard to tell this moment. Stay tuned. Good luck to him!
It looks strange that similar vulnerability found on Aug 2017. I remember that my article posted here mentioned before (see below url for reference). In the meantime, I personally agree with Intel announcement that based on the CPU features to date, many types of computing devices with many different vendors’ processors and operating systems are susceptible to these exploits. And therefore Intel might not the only victim.
The enemy of ASLR (Address space layout randomization) – memory leak
Any other vendors especially virtual machine OS, they do not confirm yet and inform that they are not involve in this CPU design limitation vulnerability?
The cache side channel attack of this security incident on Intel side looks compatible to other chips vendor. The worst scenario is that similar channel attack will be happened once you have cache. So, foreseen that this is the prelude of new form of attack in this year!