Another day, another exploit. Or two. For now. News of Meltdown and Spectre is all around us...
Here are a few articles:
Meltdown and Spectre: How chip hacks work - BBC
A Critical Intel Flaw Breaks Basic Security for Most Computers - WIRED
Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk - eWeek
Critical Microprocessor Flaws Affect Nearly Every Machine - Dark Reading
So what are you - and your organization - doing to respond? Advice to share? Warnings?
Let us know!
Opinions are my own and not my employer
Would BIOS lock and Micro segmentation using VMware NSX work to isolate this threat (and future ones)
The National Institute of Standards and Technology (NIST) Special publication on BIOS protection guidelines stated the following:
Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization
NIST 800-17
BIOS locking and microsegmentation address other threats, not these.
These have to do separation of memory protection rings where, due to various performance optimizations in hardware and at the OS level, data can leak between boundaries (userland process gaining state knowledge of kernel-space memory, or one user process able to gain state knowledge of memory in a process running in a different context on the same os instance).
Microsegementation really addresses network traversal and lateral movement issues, particularly inside virtual environments. BIOS locking is important and you should do it, but isn't going to help you here.
Apply your OS patches and any firmware/microcode updates as may be appropriate; newer Intel processors which use PCID in the context switches shouldn't have the major (30%) performance impact that will be caused by KAISER-type mitigations (unmapping user virtual address space from TLB on entry to system call, then unmapping kernel virtual address space when leaving and returning to the userland process's execution context). Allegedly newer Intel processors should only have a 5% hit there, more or less, and depending on workload. AMD processor are allegedly not vulnerable to "Meltdown" because they made the sane choice of actually checking security context before going down the predictive execution rabbit hole.
I spent a good bit of time last year digging through FreeBSD kernel code, writing some, and having to get some major refreshers on "how computers work" at the low level, so the pump was primed to follow this issue with great interest 🙂
What do you think of this guidance from the University which disclosed the vulnerability to Intel?
These are 2018 vulnerabilities. Thanks for sharing this. This is a hot topic because it is new, recent and hot. Installing latest patches, using a good security solution, security awareness and avoiding insecure website are among the security tips that I recommend
Thanks for sharing
I think the more pressing question is "How are your service providers handling Meltdown and Spectre?" While the vulnerabilities could be exploited by something like a malicious web site (http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript,36221.html), I think the higher risk, higher target exploits will involve cloud based attacks where one malicious cloud users gets access to the data of all users sharing the same physical hardware. Conceivably, this could result in the compromise of a service provider's management plane and with it an entire data center. Really, this shows how one flaw - inspired by the desire to do more, faster - can undermine everything on top of it.