SMLR Episode 278 Will The Zip Slip Cause a TL Bleed?
Podcast: Play in new window
Subscribe: Apple Podcasts | RSS
Downloads:
Contact Us:
show (at) smlr.us or the Contact us page
Intro:
Tony Bemus, Tom Lawrence, Phil Porada and Mary Tomich
Sound bites by Mike Tanner
Phils GitHub
The LawrenceSystems YouTube Channel Where videos
https://www.youtube.com/user/TheTecknowledge
Tech News:
The Linux Foundation and Dice.com’s 2018 Open Source Jobs Report shows the demand for open-source savvy employees is stronger than ever.
https://www.zdnet.com/article/linux-and-open-source-jobs-are-in-more-demand-than-ever/
Google Becomes Platinum Member of Linux Foundation
New Data Exposure: 100 Million Sensitive Data Records
http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability
Gentoo GitHub organization hacked – partially resolved
https://infra-status.gentoo.org/notice/20180629-github
Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn’t worry about
How to extract 256-bit keys with 99.8% success
https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/
Lazy FP state restore
a security vulnerability affecting Intel Core CPUs.[1][2] The vulnerability is caused by a flaw in the speculative execution
https://en.wikipedia.org/wiki/Lazy_FP_state_restore
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
Andrew S. Tanenbaum(minix) Ken Thompson (designed and implemented the original Unix)
Don`t get me wrong, I am not unhappy with LINUX. It will get all the people
who want to turn MINIX in BSD UNIX off my back. But in all honesty, I would
suggest that people who want a **MODERN** “free” OS look around for a
microkernel-based, portable OS, like maybe GNU or something like that.
https://groups.google.com/forum/m/#!topic/comp.os.minix/wlhw16QWltI%5B1-25%5D
Security Roundup
https://www.theregister.co.uk/2018/06/30/security_roundup/
Exactis doxxes pretty much all of America
340 million people are now a bit more in the public eye, thanks to a screw-up by marketing company Exactis.
The Florida-based outfit was caught out by researcher Vinny Troia, who dug up an unencrypted ElasticSearch database that held about two terabytes of details on the personal interests of “pretty much every US citizen”.
In addition to personal interests (things like your hobbies or pets), the database contained names, addresses, age, and gender information on hundreds of millions of people. Troia says the database has since been taken down.
At least social security numbers weren’t included (looking at you, Equifax).
Wyden stumps for Wireguard
The Wireguard VPN service got a new champion this week after powerful US Senator Ron Wyden pitched it as the next government security tech of choice.
The Oregon Democrat issued the dreaded “open letter” (PDF) to National Institute of Standards and Technology Director Walter Copan asking that that he consider making the open source Wireguard the official VPN for government use.
“Two aging technologies, IPsec and OpenVPN, are currently used for most government VPNs,” Wyden tells Copan. “Cybersecurity researchers now know that the complexity of these old technologies can completely undermine their security.”
Wyden stops short of demanding Wireguard be adopted as the replacement, but he does list the tech as one of the “appropriate replacements” to be considered for IPSec and OpenVPN.
https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/
- It aims to be as easy to configure and deploy as SSH.
- It is capable of roaming between IP addresses (especially useful to prevent dropped connections when you have flaky internet).
- Uses state-of-the-art cryptography.
- It is meant to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities.
- A combination of extremely high speed cryptographic primitives and the fact that WireGuard lives inside the Linux kernel means that secure networking can be very high-speed.
- Stealth – does not respond to any unauthenticated packets and both peers become silent when there’s no data to be exchanged.
NSA admits massive call slurp
So, the bad news is that Uncle Sam has been hoarding your phone records. The worse news is that those government agencies are now racing to delete the evidence.
This according to the Daily Beast, who says the NSA is now wholesale deleting records of people’s phone calls and text message that it had illegally harvested. According to the report, the government security bod is blaming “technical irregularities” for the unauthorized data collection.
Apparently, the government cock-up meant hundreds of millions of phone records made their way into NSA hands without any review or authorization
“Despite the sweeping remedy for the overcollection, the NSA did not estimate how many records it had purged, let alone how many Americans were affected,” the not at all concerning Daily Beast Report https://www.thedailybeast.com/nsa-admits-it-improperly-collected-a-huge-amount-of-americans-call-records reads.
“The scale is certain to be massive.”
TLBleed
TLBleed is exploited through the implementation of symmetric multithreading (SMT), otherwise marketed as Hyper-Threading by Intel. TLBleed which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache. With this enabled, a single core can execute multiple (generally two) threads simultaneously, sharing resources inside that core, including TLB.
The side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs. Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve “a ton of work to mitigate (mostly app recompile).”
But de Raadt was not so sanguine. “There are people saying you can change the kernel’s process scheduler,” he told iTWire on Monday. “(It’s) not so easy.”
He said that Williams was lacking all the details and not thinking it through.
“They actually have sufficient detail to think it through: the article says the TLB is shared between hyperthreading CPUs, and it is unsafe to share between two different contexts. Basically you can measure evictions against your own mappings, which indicates the other process is touching memory (you can determine the aliasing factors).”
Gaming corner
https://www.reddit.com/r/linux_gaming/comments/8v8tar/lutris_blizzard_games_update_2_july_by_dox/
Wine now has better hyperthreading support…hooray TLBleed
DXVK driver support
DXVK https://github.com/doitsujin/dxvk
Vulkan-based D3D11 implementation for Linux / Wine
Vulkan is a low-overhead, cross-platform 3D graphics
This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.
1 Comment
I was upset that the ogg on Distrowatch didn’t work last week so I was glad to find this page so I could listen to your broadcast.