Apple updates security guide

January 13, 2018 ~ hucktech ~ Leave a comment

Apple has updated their security guide to cover changes in iOS 11, new iPhones, Face ID, and Apple Pay Cash at https://t.co/DU8FojKnms Here are some highlights

— Jay Little (@computerality) January 12, 2018

Click to access iOS_Security_Guide.pdf

a bit more on AMD PSP vuln

January 12, 2018 ~ hucktech ~ 1 Comment

No CVE(s) from US-CERT/NIST/MITRE/NVD.
No AMD tracking id or public response from AMD.
No response from AMD support on the below question on their support forums.

AFAICT, AMD does not have a security advisories page, just occasional announcements on the main PR site. Intel does. Then again, AFAICT, neither does ARM.

Researcher clarifies original statement a bit:

http://seclists.org/fulldisclosure/2018/Jan/21

“I would like to clarify that here “remote” means remote code execution on
the TPM component. To mount the attack, local host access is still required.
Sorry if it caused any confusion.”

A code exec bug in AMD PSP module implementing TPM. PSP is similar to #IntelME. Key Qs:
1. Does PSP/fTPM have access to host memory?
2. How well is fTPM module isolated from the rest of the PSP?
3. How asynchronous is PSP execution with regards to the host? https://t.co/cSD1lzt3Kb

— Joanna Rutkowska (@rootkovska) January 8, 2018

https://community.amd.com/thread/224328

https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/

http://www.amd.com/en/technologies/security

Intel updates microcode for Linux

January 12, 2018 ~ hucktech ~ 1 Comment

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
https://downloadcenter.intel.com/product/873/Processors
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886367#17
https://www.dragonflydigest.com/2018/01/09/20710.html
https://launchpad.net/ubuntu/+source/intel-microcode/3.20180108.0~ubuntu16.04.2
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1742364
http://ftp.us.debian.org/debian/pool/non-free/i/intel-microcode/

see-also:

Update: the Intel, AMD & VIA CPU Microcode Repositories are now found at Github. https://t.co/xDIvoVxiW5

— Plato Mavropoulos (@platomaniac) January 10, 2018

https://github.com/platomav/CPUMicrocodes

http://inertiawar.com/microcode/

https://www.cyberciti.biz/faq/install-update-intel-microcode-firmware-linux/

https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#summary

https://firmwaresecurity.com/tag/microcode/

https://news.ycombinator.com/item?id=16111433

more on Spectre/Meltdown

January 12, 2018January 18, 2018 ~ hucktech ~ Leave a comment

An update on AMD processor security from Mark Papermaster, Senior Vice President and Chief Technology Officer. https://t.co/jpWXWdcyrQ

— AMD (@AMD) January 11, 2018

https://www.amd.com/en/corporate/speculative-execution?sf178974629=1

Updates for Microsoft #Surface Devices. These updates include updated Surface UEFI firmware to address potential security vulnerabilities, including Microsoft security advisory 180002 #Meltdown #Spectre https://t.co/IZoztC19CJ

— Francesco Molfese (@FrancescoMolf) January 10, 2018

https://blogs.technet.microsoft.com/surface/2018/01/10/updates-for-surface-devices-09-january-2018/

Intel says patches can cause reboot problems in old chips https://t.co/E53NGGb0xG via @InfoSecHotSpot

— Sean Harris (@InfoSecHotSpot) January 12, 2018

https://news.hitb.org/content/intel-says-patches-can-cause-reboot-problems-old-chips

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

https://twitter.com/aionescu/status/949090063920504833

Interview with Anders Fogh: https://t.co/Jj8Jf42c9v

— Halvar Flake (@halvarflake) January 11, 2018

The research of @anders_fogh laid the ground for what is considered the worsest vulnerability in computer history. We asked him some questions about #Meltdown and #Spectre https://t.co/AK3Arhwi82

— Ralf Benzmüller (@rb_gdata) January 11, 2018

https://www.gdatasoftware.com/blog/2018/01/30333-inside-meltdown-spectre

http://nymag.com/selectall/2018/01/why-it-took-22-years-to-discover-fundamental-chip-flaw.html

https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

F-Secure: new Intel AMT security issue

January 12, 2018 ~ hucktech ~ Leave a comment

NEW RESEARCH: Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptopshttps://t.co/gYJrFoyxL1 https://t.co/Z8oJhpoBc7

— WithSecure™ (@WithSecure) January 12, 2018

https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/

Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops
Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to backdoor almost any corporate laptop in a matter of seconds.

Helsinki, Finland – January 12, 2018: F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists within Intel’s Active Management Technology (AMT) and potentially affects millions of laptops globally. The security issue “is almost deceptively simple to exploit, but it has incredible destructive potential,” said Harry Sintonen, who investigated the issue in his role as Senior Security Consultant at F-Secure. “In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”[…]

ARM assembly resources from Azeria Labs

January 10, 2018 ~ hucktech ~ Leave a comment

Exactly. Here’s all you need to get started with Arm assembly:

Assembly Basics: https://t.co/N9UWzkTH3i

Readymade Lab VM: https://t.co/vuDtWsXCse

Cute Vulnerable Binaries: https://t.co/w1etsn8j1w

GDB Cheat Seet: https://t.co/k3DB0J2EKe https://t.co/IOgwWQA9Ur

— Azeria (@Fox0x01) January 7, 2018

To make it a little easier for you to get started with ARM exploitation, I compiled some small buffer overflow challenges to play around with and created a quick guide. All you need to do is follow the instructions and start tinkering around. Have fun 🖤 https://t.co/w1etsn8j1w pic.twitter.com/CuPvINKN0c

— Azeria (@Fox0x01) November 27, 2017

Writing ARM Assembly (Part 1)

ARM Lab (VM)

Part 3: Stack Overflow Challenges

Debugging with GDB Introduction

more on Spectre and Meltdown

January 10, 2018January 18, 2018 ~ hucktech ~ Leave a comment

https://www.enisa.europa.eu/publications/info-notes/meltdown-and-spectre-critical-processor-vulnerabilities
https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
https://github.com/xoreaxeaxeax/movfuscator/tree/master/validation/doom

Thoughts on Meltdown & Spectre

Yes, privsec _within_ ME, exactly this!

Remember ME's Dynamically Loaded Applications (DAL)? They are essentially JVM for semi-untrusted code (provided by 3rd parties) – how about trying Meltdown/Spectre from there to steal secrets from the ME's TCB? https://t.co/8rDUkp3V1O

— Joanna Rutkowska (@rootkovska) January 10, 2018

Also, since Intel essentially controls the whole toolchain (i.e. the compiler) for building SGX enclaves, I expect SGX code will be first to get protection against Specre attacks, and best coverage also…?

/cc @lavados @tehjh @misc0110 @anders_fogh

— Joanna Rutkowska (@rootkovska) January 10, 2018

Awesome demo of #Meltdown and how it is mitigated in CentOS 7 #kpti #KAISER https://t.co/w0QwiGtknC

— Daniel Gruss (@lavados) January 10, 2018

This video shows a #Meltdown attack on *uncached* data. The data is not in L1, not in L2, and not in L3 cache. That's what clflush does, it throws the data out of all caches. #Meltdown exploits a race condition and even for uncached data this race can be won. https://t.co/W2CQRS9zmt

— Daniel Gruss (@lavados) January 10, 2018

DBXtool has support for Microsoft dbxupdate.bin

January 9, 2018 ~ hucktech ~ Leave a comment

DBXtool[1] is a tool by Peter Jones of Red Hat. So it works with Fedora, and perhaps other versions of Linux. It is an interesting tool in that it is one of the few tools that look at the UEFI SecureBoot PKI list of blacklisted keys, that UEFI Forum occassionally updates[2]. Last year there was the Microsoft leaks Golden Keys” story, which was overblown, watch Jeremiah’s video on Youtube from the Fall 2016 UEFI Plugfest for more details. I just noticed that DBXtool has support[3] for a dbxupdate.bin file from Microsoft, separate from the UEFI.org-hosted DBX file, related to this Microsoft Golden Keys incident.

Peter’s comment from that checkin:

Add a new dbxupdate.bin
This is the dbxupdate.bin referenced in CVE-2016-3320 and
https://support.microsoft.com/en-us/kb/3179577
It’s for their bootloaders, not ours.

[1] https://github.com/rhboot/dbxtool
https://github.com/rhboot/dbxtool/commits/master
[2] http://uefi.org/revocationlistfile
http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
[3] https://github.com/rhboot/dbxtool/commit/1e9334f1287c4703e7dfb40121e00d16d109e903
https://support.microsoft.com/en-us/kb/3179577
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-100
https://support.microsoft.com/en-us/help/3172729/ms16-100-description-of-the-security-update-for-secure-boot-august-9

more on Microsoft UEFI Secure Boot golden key news

Microsoft UEFI Secure Boot key problem

WordPress mangles Github Gist URLs, so remove the spaces from the next URL to make it work:
https://gist. github.com/acepace/ df34b5213f1e0fae6529eb703d947187

Some more background on UEFI SB DBX:
https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html
https://habrahabr.ru/post/273497/
https://translate.google.com/translate?hl=en&sl=ru&u=https://habrahabr.ru/post/273497/&prev=search (English translation above Russian document)
https://blog.fpmurphy.com/2012/11/list-secure-boot-certificates.html
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance

The Meaning of all the UEFI Keys

http://www.linuxjournal.com/content/take-control-your-pc-uefi-secure-boot
https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Configuring_Secure_Boot
https://www.insyde.com/press_news/blog/uefi-24-review-part-13-hash-certificates-used-secure-boot-revocation
https://lwn.net/Articles/706610/
http://wiki.osdev.org/UEFI#Secure_Boot

Besides Peter’s DBXtool, I’m not aware of many other tools that use the DBX file. There’s this PowerShell script:
Again, WordPress mangles Gist URLs, remove spaces to make this work:
https://gist. github.com/mattifestation/ 991a0bea355ec1dc19402cef1b0e3b6f

I wish I could point to a tool avaialble in each OS/distro that your firmware has the latest blacklist applied…

PS: Peter also works on the Shim. And he’s updated his canary:
https://blog.uncooperative.org/blog/2018/01/08/shim-info/
https://blog.uncooperative.org/shim-info-2018-01-08.txt.asc

more on Meltdown and Spectre

January 9, 2018January 18, 2018 ~ hucktech ~ Leave a comment

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Releasing our PoC implementations for #Meltdown – https://t.co/M99UwQ1XhS – More to follow /cc @misc0110 @lavados @StefanMangard #intelbug #kaiser #kpti

— Moritz Lipp (@mlqxyz) January 9, 2018

https://github.com/iaik/meltdown

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance https://t.co/jZWEuaJATS

— CISA Cyber (@CISACyber) January 4, 2018

I just posted some initial work into detecting Spectre, Meltdown, and cache side channels attacks using hardware performance counters. https://t.co/iYCbsjfZ1w

— codypierce (@codypierce) January 8, 2018

https://www.endgame.com/blog/technical-blog/detecting-spectre-and-meltdown-using-hardware-performance-counters

meltdown-poc
A PoC implementation of the meltdown attack described in https://t.co/cfaeKowR78 by @ReleasePreview
Repohttps://t.co/rrJtQpHK3p pic.twitter.com/yzhBHuLLCk

— Florian Roth (@cyb3rops) January 8, 2018

https://github.com/GitMirar/meltdown-poc/blob/master/README.md

CPU vulnerability guidance for Azure customers https://t.co/3UWD2neW5M

— Azure Support (@AzureSupport) January 4, 2018

Securing Azure customers from CPU vulnerability

P. Kocher et al., “Spectre Attacks: Exploiting Speculative Execution” (arXiv version) https://t.co/7yZmjTnpI8

— Arrigo Triulzi (@cynicalsecurity) January 9, 2018

M. Lipp et al., “Meltdown” (yes, this is the arXiv version of the Meltdown vulnerability paper) https://t.co/N0n7JPljev

— Arrigo Triulzi (@cynicalsecurity) January 9, 2018

An Explanation of the #Meltdown & #Spectre Bugs for a Non-Technical Audience – https://t.co/MD2roxbfqj pic.twitter.com/Z9JVNzWjkw

— Cloudflare (@Cloudflare) January 8, 2018

https://blog.cloudflare.com/meltdown-spectre-non-technical/

https://twitter.com/aionescu/status/949732198118080513

https://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050

Verifying Spectre / Meltdown protections remotelyhttps://t.co/2lnakXrERS

In this post we will take a look at the SpeculationControl PowerShell module that was recently released by the Microsoft Security Response Center to help with verifying Spectre / Meltdown protections.

— Ralph Kyttle (@ralphkyt) January 5, 2018

https://blogs.technet.microsoft.com/ralphkyttle/2018/01/05/verifying-spectre-meltdown-protections-remotely/

https://www.powershellgallery.com/packages/SpeculationControl/1.0.3

A lot of VMs are experience a higher-than-expected performance hit with the Meltdown patch. That's simply because PCID is turned off:https://t.co/iWQqghyaDQ

— Robᵉʳᵗ Graham 𝕏 (@ErrataRob) January 8, 2018

https://github.com/ionescu007/SpecuCheck/releases

https://twitter.com/aionescu/status/948954595358752768

https://github.com/lgeek/spec_poc_arm

https://github.com/Viralmaniar/In-Spectre-Meltdown

https://twitter.com/daniel_bilar/status/950332477800898561

https://mspoweruser.com/hp-reportedly-starting-release-bios-fixes-meltdown-spectr-flaws/

https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU

Intel MeshCommander (AMT tool): now available for Mac and Linux (not just Windows)

January 9, 2018 ~ hucktech ~ Leave a comment

Meshcommander is an Intel AMT tool from Intel. Previously, I thought it was a Windows-only thing, but the current release has Linux and Mac support as well as Windows!

https://software.intel.com/en-us/blogs/2018/01/08/meshcommander-for-npm-linux-osx-windows

http://www.meshcommander.com/meshcentral2

http://www.meshcommander.com/meshcommander

https://www.npmjs.com/package/meshcommander

microcode

January 8, 2018January 9, 2018 ~ hucktech ~ 1 Comment

[Someone just asked me a microcode question, I was digging up some pointers to a microcode tool for someone, ended up cleaning out my browser’s microcode-related bookmarks, and thought I mine as well post a blog entry of the links…]

Intel, AMD & VIA CPU Microcode Repositories! A community assisted project aimed to collect all the latest PRD CPU microcodes since 1995 from the three main vendors in order to help people understand what they need to update, to research how they work etc. https://t.co/WtdUWtVoEi

— Plato Mavropoulos (@platomaniac) January 6, 2018

https://github.com/platomav/MCExtractor
https://www.win-raid.com/t3355f47-Intel-AMD-amp-VIA-CPU-Microcode-Repositories.html#msg45883

https://github.com/RUB-SysSec/Microcode
http://syssec.rub.de/research/publications/microcode-reversing/
see below video:

https://github.com/torvalds/linux/blob/master/Documentation/x86/microcode.txt
https://github.com/torvalds/linux/tree/master/arch/x86/kernel/cpu/microcode

https://community.amd.com/thread/216246
https://en.wikipedia.org/wiki/Microcode
https://linux.die.net/man/8/microcode_ctl
http://manpages.ubuntu.com/manpages/zesty/man8/iucode_tool.8.html
http://manpages.ubuntu.com/manpages/precise/en/man8/microcode_ctl.8.html
http://manpages.ubuntu.com/manpages/precise/en/man8/update-intel-microcode.8.html
https://askubuntu.com/questions/545925/how-to-update-intel-microcode-properly

How to update CPU microcode in Linux

http://www.linuxfromscratch.org/blfs/view/svn/postlfs/firmware.html

Updating microcodes

https://support.mozilla.org/en-US/kb/microcode-update
https://lists.debian.org/debian-security/2016/03/msg00084.html

https://wiki.debian.org/Microcode
https://wiki.gentoo.org/wiki/Intel_microcode
https://wiki.archlinux.org/index.php/microcode

http://blog.fpmurphy.com/2016/12/python-3-utilities-for-parsing-intel-microcode.html

Everything you want to know about x86 microcode, but might have been afraid to askhttps://t.co/CQrtJoVL1q https://t.co/yq2fKADJ7r
Slides: https://t.co/P7HAP9cnmB https://t.co/bTF9ifKb8Z
Benjamin Kollenda & Philipp Koppe #34C3

— Matt (@matt_dz) December 29, 2017

AMD Updates Programmer’s Manual

January 8, 2018 ~ hucktech ~ Leave a comment

AMD64 Architecture
Programmer’s Manual
Volume 2:
System Programming

Revision Date: December 2017

Click to access 24593.pdf

Here’s the complete changelog for this update:

Modified Sections 7.10.1 and 7.10.4.
Modified Sections 15.34.1, 15.34.7.
Added new Section 15.34.10.
Modified Section 15.35.10.
Modified Appendix A, Table A-7.

Not too useful, I wish I could diff PDFs better. I wish the writers would spend a few moments more on the changelog. Here’s the titles of the above sections:

7.10.1 Determining Support for Secure Memory Encryption
7.10.4 Page Table Support
15.34.1 Determining Support for SEV
15.34.7 Restrictions
15.34.10 SEV_STATUS MSR
15.35.10 Control Register Write Traps
Table A-7: Secure Virtual Machine MSRs

Torito C Library

January 8, 2018 ~ hucktech ~ 1 Comment

Joaquin Cono Bolillo has created the Torito C Library, a Standard C Library for UEFI x86-64 target platform for Microsoft Visual Studio 2017.

“torito C Library” is an implementation targeting the ANSI/ISO C Standard Library compatibility to create applications for different operating systems using design –and debug– infrastructure provided by Microsoft Visual Studio 2017 VS2017.

Goal: The “torito C Library” is designed to enable the developer to create Standard C programs for UEFI Shell, Windows NT and Linux (in future releases) running in x86-64 mode. Standard C compliant source code shall be easily portable to operating systems supported by “torito C Library”.

The “torito C Library” shall provide full library compatibility with: ANSI X3.159-1989 (“ANSI C”), ISO/IEC 9899 First edition 1990-12-15 (“C90”), ISO/IEC 9899 First edition 1990-12-15, Amendment 1, 1995-04-01 (“C95”)

Status:
The “torito C Library” is still in state of EVALUATION
Field tests are urgently required.
Feedback is very WELCOME.
A non-EVALUATION-library will be provided for helpful supporters for free.
The functions below are already implemented and carefully tested, every single one of them:

_ModuleEntryPoint, _iob, _setjmp, _snprintf, _vsnprintf, abs, asctime, atexit, atoi, atol, calloc, clearerr, clock, ctime, difftime, div, exit, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fopen, fprintf, fputc, fputs, fread, free, freopen, fscanf, fseek, fsetpos, ftell, fwrite, gets, gmtime, isalnum, isalpha, iscntrl, isdigit, isgraph, islower, isprint, ispunct, isspace, isupper, isxdigit, labs, ldiv, localtime, longjmp, main(argc, argv), malloc, memcmp, memcpy, memmove, memset, mktime, nprintf, perror, printf, putc, putchar, puts, rand, realloc, rewind, scanf, setbuf, setvbuf, snprintf, sprintf, srand, sscanf, strcat, strchr, strcmp, strcpy, strcspn, strefierror, strerror, strftime, strlen, strncat, strncmp, strncpy, strpbrk, strspn, strstr, strtok, strtol, strtoul, swprintf, time, tolower, toupper, ungetc, vfprintf, vfscanf, vprintf, vscanf, vsnprintf, vsprintf, vswprintf, wcscat, wcschr, wcscmp, wcscpy, wcscspn, wcslen, wcsncat, wcsncmp, wcsncpy, wcspbrk, wcsrchr, wcsspn, wcsstr, wcstok, wmemcmp, wmemcpy, wmemmove, wprintf.

https://github.com/JoaquinConoBolillo/torito-C-Library

S3EuroCom seeks firmware security PhD students

January 8, 2018 ~ hucktech ~ Leave a comment

PSA: we (@s3eurecom @aurelsec @balzarot) are looking for state-of-the-art PhD students to work on mobile security, firmware & binary analysis, and similar topics. Details: https://t.co/vpJkhLCAHr Ping us with any questions & spread the word! 🙂

— Yanick Fratantonio (@reyammer@infosec.exchange) (@reyammer) January 8, 2018

Engineer position(s) in firmware analysis
We are looking for a research and software development engineer with experience and interest in software development (python, C…) applied to embedded device firmware analysis. In particular, the project will involve working with Avatar2 and/or Angr. The work will take place at EURECOM and will involve some external collaboration. The candidate is expected to have experience in software development and experience, interest in, or willingness to learn, embedded devices analysis, firmware analysis, reverse engineering. This position is flexible, it may be suitable for a Post doc as well as for a freshly graduated master student. If the collaboration is successful, the position may also be changed to a PhD after one year.

http://www.s3.eurecom.fr/open-positions.html

Defensive firmware talks in Seattle: SASAG and BSides Seattle

January 6, 2018January 6, 2018 ~ hucktech ~ Leave a comment

There are two presentations in Seattle area on firmware security in January and February, in case you’re in the area.

1) On January 11th, PreOS Security CEO Paul English speaking on enterprise firmware defensive tools and techniques, for a SysAdmin target audience, at SASAG, the Seattle Area SysAdmin Guild (monthly user group).

https://www.meetup.com/Seattle-Area-Systems-Administrators-Guild-SASAG/events/246043346/

2) On February 3rd, I’ll be speaking at BSides Seattle, on similar topic, but for a target audience of DFIR/blue teams.

http://www.securitybsides.com/w/page/121128486/BsidesSeattle2018#2018Presentations

Disclaimer: Paul and I both work at PreOS Securty.

http://preossec.com/

more on Meltdown and Spectre

January 6, 2018January 18, 2018 ~ hucktech ~ Leave a comment

NVIDIA GPU Display Driver Security Updates for Speculative Side Channels https://t.co/tTqLEeTNZd https://t.co/HDiepvzu8P

— Alex Matrosov (@matrosov) January 6, 2018

http://nvidia.custhelp.com/app/answers/detail/a_id/4611/~/security-bulletin%3A-nvidia-gpu-display-driver-security-updates-for-speculative

CPU vulnerability guidance for Azure customers https://t.co/3UWD2neW5M

— Azure Support (@AzureSupport) January 4, 2018

Securing Azure customers from CPU vulnerability

https://marc.info/?l=openbsd-tech&m=151521435721902&w=2

https://github.com/marcan/speculation-bugs/blob/master/README.md

https://github.com/raphaelsc/Am-I-affected-by-Meltdown

Meltdown and Spectre https://t.co/W76ta4VrSs https://t.co/EtLeEes1hA pic.twitter.com/vqQ3FgkTIH

— XKCD Comic (@xkcdComic) January 5, 2018

New daily reminder: you have a far higher chance to be hacked with the PDF downloads of the meltdown & spectre papers than from the vulns themselves¹.

__
¹ yes, this includes you at the back convinced Mossad is after you.

— Arrigo Triulzi (@cynicalsecurity) January 6, 2018

Punchdrum: macOS GUI for bootoption

January 6, 2018 ~ hucktech ~ Leave a comment

GUI wrapper for bootoption that creates a bootable (systemd-boot) flash drive for the sole purpose of adding a loader to the firmware menu.

https://github.com/vulgo/Punchdrum

Punchdrum screenshot

AMD PSP vuln: fTPM remote code execution

January 6, 2018January 6, 2018 ~ hucktech ~ Leave a comment

Busy year for processor security so far…

http://seclists.org/fulldisclosure/2018/Jan/12

AMD-PSP: fTPM Remote Code Execution via crafted EK certificate

From: Cfir Cohen via Fulldisclosure <fulldisclosure () seclists org>
Date: Wed, 3 Jan 2018 09:40:40 -0800

AMD PSP is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isolated execution environment for sensitive and privileged tasks, such as main x86 core startup. [..] The fTPM trustlet code was found in Coreboot’s git repository [5] and in several BIOS update files. […] This research focused on vendor specific code that diverged from the TCG spec. […] As far as we know, general exploit mitigation technologies (stack cookies, NX stack, ASLR) are not implemented in the PSP environment. […] Credits: This vulnerability was discovered and reported to AMD by Cfir Cohen of the Google Cloud Security Team.

Timeline
========
09-28-17 – Vulnerability reported to AMD Security Team.
12-07-17 – Fix is ready. Vendor works on a rollout to affected partners.
01-03-18 – Public disclosure due to 90 day disclosure deadline.

Jesus Christ https://t.co/y9KLZgdK06

— Matthew Garrett (@mjg59@nondeterministic.computer) (@mjg59) January 5, 2018

more on Meltdown and Spectre

January 5, 2018January 17, 2018 ~ hucktech ~ Leave a comment

We’re seeing browser and OS updates. The Microsoft Surface is the only firmware update I’ve seen so far…

Surface line gets UEFI update to mitigate Meltdown and Spectre security bugs https://t.co/bFdWkfvvWV pic.twitter.com/YvohcNAEIe

— Mauro Huculak (@Pureinfotech) January 5, 2018

New blog post [Semi-technical]: Behind the scenes of a bug collision: https://t.co/CzEvMqFMfa

— Anders Fogh (@anders_fogh) January 5, 2018

Behind the scenes of a bug collision

Regarding Spectre and Meltdown impact on iOS, macOS and Safari/WebKit: https://t.co/b9DtiFAr3N

— Ivan Krstić (@radian) January 5, 2018

https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://support.apple.com/en-us/HT208394

Securing Azure customers from CPU vulnerability

https://lwn.net/Articles/741878/

https://lkml.org/lkml/2018/1/4/602

CVE-2017-5754 (a.k.a #Meltdown) POC / Checker (Linux) https://t.co/wrmtqhJ5xQ

— Zuk (@ihackbanme) January 5, 2018

Norman Feske (founder of @GenodeLabs OS framework) discusses impact of #Meltdown & #Spectre attacks:https://t.co/tXtmU9V7Kd

— Joanna Rutkowska (@rootkovska) January 5, 2018

https://sourceforge.net/p/genode/mailman/message/36178974/

I just finished doing my own first hand tests to evaluate the performance impact of the Meltdown fix in the case of Redis. Here are the initial findings: https://t.co/I2QAfiV1HB

— antirez (@antirez) January 5, 2018

ARM published a really nice whitepaper about the CPU issues, with explanations of how the variants work, info on a new conditional speculation barrier; includes snippets of ARM assembly; coins the term "speculation gadgets": https://t.co/r6UCo3m0Cl

— Jann Horn – jann@infosec.exchange (@tehjh) January 5, 2018

You can use this powershell tool to query the status of Windows mitigations for CVE-2017-5715 (branch target injection) and CVE-2017-5754 (rogue data cache load), more information here (Server: https://t.co/9MaLQqVq61, Client: https://t.co/P6vmSamsOn) pic.twitter.com/K0LmM3PYFP

— Matt Miller (@epakskape) January 4, 2018

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

https://erc.europa.eu/news/Cybersecurity-ERC-grantee-behind-discovery-of-major-hardware-bugs

https://forums.opensuse.org/showthread.php/528926-security-announce-openSUSE-SU-2018-0026-1-important-Security-update-for-kernel-firmware?s=9b3628026a7a7d45c7c4e77b68a62da6&p=2850099#post2850099

Oh hello. 😱 pic.twitter.com/kvkTySHJAg

— Stephen Diehl (@smdiehl) January 4, 2018

DPTFExtract – Linux DPTF Extract Utility

January 4, 2018 ~ hucktech ~ Leave a comment

WTF Intel wrote a *binary* tool that parses an ACPI table and turns it into XML? https://t.co/2yEjl8HE5y

— Matthew Garrett (@mjg59@nondeterministic.computer) (@mjg59) January 4, 2018

This is a companion tool to Linux Thermal Daemon (thermald). This tool tries to reuse some of the tables used by “Intel ® Dynamic Platform and Thermal Framework (Intel® DPTF)” by converting to the thermal_conf.xml format used by thermald.

https://github.com/intel/dptfxtract