Having a #meltdown over #spectre

The world is at unrest. Google’s project zero rocked the boat by announcing #meltdown and #spectre as real world – https://googleprojectzero.blogspot.fr/2018/01/reading-privileged-memory-with-side.html

Two exploits were announced today that have the impact of a sledgehammer to the face. This is some serious shit.. no playing. This hardware level exploit allows for memory to be accessed by applications not supposed to have access to it. This is like me telling you what you have in the fridge by looking inside the washing machine. In comparable impact terms – this is the Chernobyl of computing. This is an exploit by design initiated some 20 years ago. An exploit that has now become the heart of CPU performance as we know it. Software applications almost now depend on the type of shared memory access that CPUs are supposed to provide securely.

The concept is well explained so I won’t bother trying to reiterate.. instead lets focus on the Doom and Gloom side of things because, well, it’s more fun.

The danger of this exploit is that now a shitty advert embedded on a shitty website has the power to leak ALL of your stored passwords from within your browser. “How?!” you might ask.. well.. easy actually. Let me share this example:


Entering that master password should be visible to ONLY the application providing the interaction. In this case a browser is providing an obfuscated password input field to unlock the primary database of stored Username/Password combinations.. you know.. the details you use to access your email, online banking, social media, work intranet, shopping sites the lot. It’s all leakable.

For corporates this is potentially catastrophic. People like Amazon and Google are sweating as it potentially means that anyone using a virtual machine has access to dump the contents from the entirety of the physical memory within the host which would include all the memory accessed by other VMs on the same host. It’s serious.

So serious that Homeland Security state the fix is “replace CPU hardware..” – https://www.kb.cert.org/vuls/id/584653

Intel made the following statement.. trying to play it down as we know they would – https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
AMD are less effected but still required to take action – https://www.amd.com/en/corporate/speculative-execution

This could be the end of x86 architecture as we know it. Maybe we’ll see x87 as a replacement. Maybe we wont. One thing is certain though.. this is the most serious hardware level exploit identified and it spans back to all Intel machines produced since 1995!!! 19 fucking 95! Millions of potentially exploitable, insecure machines in use everywhere. Planes, Trains and Automobiles are not exceptions. It’s come about as a direct result of attempting to squeeze as much performance out of a CPU as is possible. Enabling a CPU to make guesses regarding the future instructions it will receive effectively allows it to anticipate the request and action before it’s requested.

Assertion/Assumption based predictions. Unfortunately – the means of gating memory ranges from each other has been felled. It’s now known how to do it. It’s spreading like wildfire and the first patch isn’t likely to be seen in the wild until 9/01/2017 – Microsoft Patch Tuesday (https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892). Linux is soon to follow, and MacOS has been covered since 10.3.2 (apparently).

I’m hoping this is actually a CIA backdoor that’s now been shut as opposed to a gaping security hole either ignored or covered over to provide performance at the lowest cost.

Whatever the reason – the outcome will be a new architecture. Let’s hope we’re all still online to see the news when it’s releasedÂ đŸ™‚

They’re trying all the doors and all the windows..

Originally – I wasn’t looking for evidence of abuse or brute force attempts to my web server but through analysis of log files – I’ve found some.

A lot in fact. 100K+ HITs per day to particular parts of my site, the majority of which is brute force.

Screen Shot 2016-02-11 at 14.28.08

I’ve noticed weirdness in firewall logs too which I’m beginning to trawl through and start closing off doors because of. Thank the lord for iptables and a decent policy.

I’m now in a state of closing ports, rebinding services to IPs and setting up rate-limiting to thwart repetition. Blocking will now occur and prevent hammering of pages. Next is to start black-holeing IPs that persist.