1

SMLR Episode 278 Will The Zip Slip Cause a TL Bleed?

Posted by Tom Lawrence on July 9, 2018 in Show-mp3, Show-ogg |
Play

http://smlr.us

Downloads:

Show 278

Contact Us:

show (at) smlr.us or the Contact us page


Intro:

Tony Bemus, Tom Lawrence, Phil Porada and Mary Tomich

Sound bites by Mike Tanner

Phils GitHub

https://github.com/pgporada

The LawrenceSystems YouTube Channel Where videos
https://www.youtube.com/user/TheTecknowledge

Tech News:

 

The Linux Foundation and Dice.com’s 2018 Open Source Jobs Report shows the demand for open-source savvy employees is stronger than ever.
https://www.zdnet.com/article/linux-and-open-source-jobs-are-in-more-demand-than-ever/

 

Google Becomes Platinum Member of Linux Foundation

https://www.linuxfoundation.org/press-release/google-becomes-platinum-member-of-linux-foundation-demonstrating-its-commitment-to-the-open-source-community/

 

New Data Exposure: 100 Million Sensitive Data Records

http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability

 

Gentoo GitHub organization hacked – partially resolved

https://infra-status.gentoo.org/notice/20180629-github

 

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn’t worry about

How to extract 256-bit keys with 99.8% success

https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/

 

Lazy FP state restore

a security vulnerability affecting Intel Core CPUs.[1][2] The vulnerability is caused by a flaw in the speculative execution

https://en.wikipedia.org/wiki/Lazy_FP_state_restore

 

Zip Slip Vulnerability

https://snyk.io/research/zip-slip-vulnerability

 

Andrew S. Tanenbaum(minix) Ken Thompson (designed and implemented the original Unix)

Don`t get me wrong, I am not unhappy with LINUX.  It will get all the people

who want to turn MINIX in BSD UNIX off my back.  But in all honesty, I would

suggest that people who want a **MODERN** “free” OS look around for a

microkernel-based, portable OS, like maybe GNU or something like that.

https://groups.google.com/forum/m/#!topic/comp.os.minix/wlhw16QWltI%5B1-25%5D

 

Security Roundup

https://www.theregister.co.uk/2018/06/30/security_roundup/

 

Exactis doxxes pretty much all of America

340 million people are now a bit more in the public eye, thanks to a screw-up by marketing company Exactis.

 

The Florida-based outfit was caught out by researcher Vinny Troia, who dug up an unencrypted ElasticSearch database that held about two terabytes of details on the personal interests of “pretty much every US citizen”.

 

In addition to personal interests (things like your hobbies or pets), the database contained names, addresses, age, and gender information on hundreds of millions of people. Troia says the database has since been taken down.

 

At least social security numbers weren’t included (looking at you, Equifax).

 

Wyden stumps for Wireguard

The Wireguard VPN service got a new champion this week after powerful US Senator Ron Wyden pitched it as the next government security tech of choice.

 

The Oregon Democrat issued the dreaded “open letter” (PDF) to National Institute of Standards and Technology Director Walter Copan asking that that he consider making the open source Wireguard the official VPN for government use.

 

“Two aging technologies, IPsec and OpenVPN, are currently used for most government VPNs,” Wyden tells Copan. “Cybersecurity researchers now know that the complexity of these old technologies can completely undermine their security.”

 

Wyden stops short of demanding Wireguard be adopted as the replacement, but he does list the tech as one of the “appropriate replacements” to be considered for IPSec and OpenVPN.

 

https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/

  • It aims to be as easy to configure and deploy as SSH.
  • It is capable of roaming between IP addresses (especially useful to prevent dropped connections when you have flaky internet).
  • Uses state-of-the-art cryptography.
  • It is meant to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities.
  • A combination of extremely high speed cryptographic primitives and the fact that WireGuard lives inside the Linux kernel means that secure networking can be very high-speed.
  • Stealth – does not respond to any unauthenticated packets and both peers become silent when there’s no data to be exchanged.

 

NSA admits massive call slurp

So, the bad news is that Uncle Sam has been hoarding your phone records. The worse news is that those government agencies are now racing to delete the evidence.

This according to the Daily Beast, who says the NSA is now wholesale deleting records of people’s phone calls and text message that it had illegally harvested. According to the report, the government security bod is blaming “technical irregularities” for the unauthorized data collection.

 

Apparently, the government cock-up meant hundreds of millions of phone records made their way into NSA hands without any review or authorization

“Despite the sweeping remedy for the overcollection, the NSA did not estimate how many records it had purged, let alone how many Americans were affected,” the not at all concerning Daily Beast Report https://www.thedailybeast.com/nsa-admits-it-improperly-collected-a-huge-amount-of-americans-call-records reads.

 

“The scale is certain to be massive.”

 

TLBleed

TLBleed is exploited through the implementation of symmetric multithreading (SMT), otherwise marketed as Hyper-Threading by Intel. TLBleed which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache. With this enabled, a single core can execute multiple (generally two) threads simultaneously, sharing resources inside that core, including TLB.

 

The side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs. Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve “a ton of work to mitigate (mostly app recompile).”

 

But de Raadt was not so sanguine. “There are people saying you can change the kernel’s process scheduler,” he told iTWire on Monday. “(It’s) not so easy.”

 

He said that Williams was lacking all the details and not thinking it through.

“They actually have sufficient detail to think it through: the article says the TLB is shared between hyperthreading CPUs, and it is unsafe to share between two different contexts. Basically you can measure evictions against your own mappings, which indicates the other process is touching memory (you can determine the aliasing factors).”

 

Gaming corner

https://www.reddit.com/r/linux_gaming/comments/8v8tar/lutris_blizzard_games_update_2_july_by_dox/

 

Wine now has better hyperthreading support…hooray TLBleed

DXVK driver support

 

DXVK https://github.com/doitsujin/dxvk

Vulkan-based D3D11 implementation for Linux / Wine

Vulkan is a low-overhead, cross-platform 3D graphics

 

This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2011-2018 Sunday Morning Linux Review All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.