Uncategorized

Yuriy working on new HIPSEC Spectre test

Nice to see some recent CHIPSEC activity, given all the recent related CVEs…
…But this is not from the CHIPSEC team, it is from ex-CHIPSEC team member Yuriy of Eclypsium.

Added new module checking for Spectre variant 2
The module checks if system is affected by Speculative Execution Side Channel vulnerabilities. Specifically, the module verifies that the system supports hardware mitigations for Branch Target Injection a.k.a. Spectre Variant 2 (CVE-2017-5715)

See source comments for more info.

https://github.com/c7zero/chipsec/commit/b11bce8a0ed19cbe1d6319ef9928a297b9308840

 

Standard
Uncategorized

Bleeping Computer on OEM status of Meltdown/Spectre

Bleeping Computer has a nice list of OEMs and their Spectre/Meltdown update status:

https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/

 

Standard
Uncategorized

a bit more on Spectre and Meltdown

https://developer.arm.com/support/security-update

https://www.op-tee.org/security-advisories/

https://newsroom.intel.com/

https://ami.com/en/news/press-releases/american-megatrends-statement-in-response-to-meltdown-and-spectre-security-vulnerabilities/

https://kb.vmware.com/s/article/52345

Standard
Uncategorized

more on Spectre/Meltdown

https://www.amd.com/en/corporate/speculative-execution?sf178974629=1

https://blogs.technet.microsoft.com/surface/2018/01/10/updates-for-surface-devices-09-january-2018/

https://news.hitb.org/content/intel-says-patches-can-cause-reboot-problems-old-chips

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

https://www.gdatasoftware.com/blog/2018/01/30333-inside-meltdown-spectre

http://nymag.com/selectall/2018/01/why-it-took-22-years-to-discover-fundamental-chip-flaw.html

https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

Standard
Uncategorized

more on Spectre and Meltdown

https://www.enisa.europa.eu/publications/info-notes/meltdown-and-spectre-critical-processor-vulnerabilities
https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
https://github.com/xoreaxeaxeax/movfuscator/tree/master/validation/doom
https://xorl.wordpress.com/2018/01/10/thoughts-on-meltdown-spectre/

 

Standard
Uncategorized

more on Meltdown and Spectre

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://github.com/iaik/meltdown

https://www.endgame.com/blog/technical-blog/detecting-spectre-and-meltdown-using-hardware-performance-counters

https://github.com/GitMirar/meltdown-poc/blob/master/README.md

https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

https://blog.cloudflare.com/meltdown-spectre-non-technical/

https://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050

https://blogs.technet.microsoft.com/ralphkyttle/2018/01/05/verifying-spectre-meltdown-protections-remotely/

https://www.powershellgallery.com/packages/SpeculationControl/1.0.3

https://github.com/ionescu007/SpecuCheck/releases

https://github.com/lgeek/spec_poc_arm

https://github.com/Viralmaniar/In-Spectre-Meltdown

 

https://mspoweruser.com/hp-reportedly-starting-release-bios-fixes-meltdown-spectr-flaws/

https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU

Standard
Uncategorized

more on Meltdown and Spectre

http://nvidia.custhelp.com/app/answers/detail/a_id/4611/~/security-bulletin%3A-nvidia-gpu-display-driver-security-updates-for-speculative

https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

https://marc.info/?l=openbsd-tech&m=151521435721902&w=2

https://github.com/marcan/speculation-bugs/blob/master/README.md

https://github.com/raphaelsc/Am-I-affected-by-Meltdown

Standard