Recommend Products

Meltdown, Spectre, InSpectre

Meltdown and Spectre

Meltdown is an attack that breaks the isolation between user applications and the operating system, while Spectre breaks the isolation between applications. The performance of modern computers relies on a feature in the CPU called Branch Prediction. Branch prediction processes instructions in a non-linear stream. While this is an oversimplification, the goal of branch prediction is to make an educated guess of which instruction will be executed next, and as a result, the instructions can be executed out of order if there are no dependencies. The ability to execute instructions out of order dramatically increases the speed of the overall program execution. Meltdown (CVE 2017-5754) and Spectre (CVE 2017-5753 & 2017-5715) exploit critical vulnerabilities in modern CPU/processors. Meltdown exploits side effects of out of order execution. Spectre, on the other hand, induces a victim to speculatively perform operations that would not normally occur, which can reliably leak confidential information thru a side channel to the attacker.  The attacks involve stealing data from other processes currently running on the system.

How Well Do Meltdown and Spectre Work?

The short answer is that Meltdown and Spectre work extremely well. The implications of what a motivated individual could do cannot be oversold. We know that researchers have demonstrated of attack code, successfully intercepting targeted objects so it is safe to assume that weaponizing Meltdown and Spectre is underway (or even completed).  What kind of information can be stolen? Passwords, personal data, photos, documents, just about anything actually.

InSpectre: A Simple Testing Tool

It is not easy to test a Windows-based system to understand if the hardware or operating system is vulnerable to either Meltdown or Spectre based attacks since there are two Spectre variants and the mitigations available are currently evolving. Steve Gibson, of Gibson Research Corporation, released a zero-install utility called InSpectre.  InSpectre is an easy to understand utility to test all Windows-based computers for both Meltdown and Spectre. Best of all, InSpectre does not require installation.  Just run the utility.  Until manufacturers release updates, understanding if a system is vulnerable is important so a mitigation strategy can be chosen. For Linux and Mac based PC, InSpectre is Wine friendly.

Mitigations

Spectre: Harden User Applications

Microsoft, GCC, and other vendors who provide compilers have been busy updating their software to include a new switch to protect against Spectre (CVE 2017-5753). A developer need only to recompile the application with the necessary options enabled. Web browsers also need to be hardened to prevent javascript exploit code.

Spectre: Microcode Updates

Spectre (CVE 2017-5715) mitigation involves microcode updates to add new CPU instructions to eliminate branch speculation in some risky situations. Microcode changes are part of BIOS updates for most platforms, although Linux can load updated microcode in most circumstances. But it comes down to your vendor and if they’ll provide updated microcode.  If not, then Spectre will have earned its name, in that this vulnerability will be around to haunt us for a long time.

Meltdown: Patches and PCID

One mitigation involves patching and works by flushing the translation lookaside buffer (TLB) when switching between user and kernel space. However, this takes a huge bite out of the performance of the computer. Repopulation of the TLB is quite painful but the real pain comes from the actual cleaning of the buffer.

Another mitigation involves using Process-Context identifiers, which is supported in newer processors. The use of PCID tags eliminates the need to flush the TLB at context switches.  The context identifiers are in the TLB and lookups in the TLB will only succeed when the PCID matches that of the thread running in the processor.

Conclusion

Meltdown and Spectre pose a significant risk of reliably leaking confidential information using branch prediction which is baked into every modern processor. Because processors are not easy to change, and the mitigations to each of the CVE involve wholesale changes to applications and platforms, managing the vulnerability status of each system over time is essential.  GRC’s InSpectre provides a very easy to use utility to check the vulnerability status of a computer running Windows or Wine. It will be interesting to see how many system vendors will provide updates to their platforms and just how far back they go on previous models. This is an issue that is not going to go away and we can be sure of one thing; that Meltdown and Spectre is here to stay.

Resources

Meltdown and Spectre: More Information

KAISER: Hiding the Kernal from User Space

Spectre Mitigations in MSVC

Understanding the performance impacat of Spctre and Meltdown Migigations on Windows Systems

Meltdown – Cyberus Technology Blog

New Phones For a Doctor’s Office

We were recently approached by a local physician’s practice concerning the cost of their phone service.  They were currently using a KEY system that has no more room to grow and are completing adding additional staff.

After a short meeting to determine their requirements, we determined that their key requirement was the ability to push calls to an answering service at a given time of day automatically, as well as, the ability to enable the forward and cancel the forward at arbitrary times.

We proposed a SIP based solution, using a combination of Cisco SPA 525G2 phones and SPA 504G phones, placing a call server on premise, and through the use of call routing features in the cloud, we met all the objective.

One of the interesting features of the Cisco SPA 525G2 phone is the bluetooth connectivity to a cell phone.  I personally did not see the benefit of the feature until the phone was configured. When the office manager gets to work, the cell phone binds to the 525G2 and all incoming and  on the cell can now be answers on the 525G2, now that’s hot!

Outbound calls can also go out via cell or via VoIP, just by pressing the appropriate button.

Cisco SPA525G2 5-Line IP Phone

Product by Cisco More about this product


List Price: $430.00
Price: $217.99
You Save: $212.01 (49%)

via Amazon

Hard Drive Recovery & WD My Passport 1TB Portable External Hard Drive Storage USB 3.0

My office smells like smoke. No not the 420 kind or some musty old cigar, but the kind that comes when an object has been in a structure fire. A month ago, a client’s place of business was broken into and set on fire. The fire department saved what they could, but the fire had progressed considerably.  The client asked if there was anything we could do to recover the data. We made no guarantees and took the melted remains. After cutting away the housing, we discovered that the drive was scorched and covered in filth. Initially the hard drive did not even spin up. After some cleaning, we attached the drive to a StarTech external USB drive caddie and copied the contents to a safe place. Once the data was safe, the data was copied to a WD ‘My Passport’ 1Tb external USB 3.0 drive. This product was chosen because it had enough capacity, Western Digital is a quality manufacturer, and the price was right (at the time of this writing, about just shy of $90.00).  We are very happy this one went so easily.

Here’s the hard drive we used as well as the StarTech USB drive caddie.

via Amazon

OCZ Vertex 3 Max IOPS 240GB SATA 6Gb/s

Recently a friend called and asked for my thoughts on a solid state hard drive. I’ve used these in the past and have used these in the both servers and my own desktop. The price was attractive too: about $0.75 per gig and after having used anSSD for the first time, I really wish I had jumped on this bandwagon long ago.

via Amazon