Cyber Security

User avatar
Addie
Posts: 33020
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#201

Post by Addie » Fri Oct 05, 2018 11:27 am

Duh. :oops: Thanks, Fogs.
Foggy wrote:
Fri Oct 05, 2018 11:26 am
Umm, Addie, you started this thread in February 2013 and SueDB didn't start the other one until December that year. If I merge them, you will have the first post (and your title will be the title}. You can change the title after the merge, is that OK?

User avatar
Foggy
Posts: 28311
Joined: Tue Jan 20, 2009 12:00 pm
Location: Fogbow HQ
Occupation: Dick Tater

Re: Cyber Security

#202

Post by Foggy » Fri Oct 05, 2018 11:30 am

So should I merge them? Or do you like Richard's idea of keeping them separate?
Every locked door has a key. - Emika Chen

User avatar
Addie
Posts: 33020
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#203

Post by Addie » Fri Oct 05, 2018 11:39 am

I don't agree they should be separate, but maybe I'm making a big deal out of nothing, like I do sometimes. I'll leave it to Dicktatering.
Foggy wrote:
Fri Oct 05, 2018 11:30 am
So should I merge them? Or do you like Richard's idea of keeping them separate?

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#204

Post by RTH10260 » Tue Oct 09, 2018 10:26 am

don't get scared except your laptop gets stolen...
Cold Boot Attack Method Leaves Laptops Vulnerable
Most corporate computers are vulnerable to the cold boot attack, but there are many factors that make it difficult to pull off.
Jeffrey Burt | Oct 03, 2018

The tech industry has known about cold boot attacks on computers since 2008. That was the year that a group of researchers showed that if a PC hadn’t been shut down properly or was put into a sleep state, it was possible for a person to steal data that was left in memory after the system loses power. Over the course of the past 10 years, safeguards have been put in place to defend against the threat.

In particular, the Trusted Computing Group created a way to ensure that the data in RAM is overwritten when the power to the computer is restored early in the boot process. The thinking was that the protections were enough to address the threats posed by cold boot attacks.

However, according to researchers at security solutions firm F-Secure, the door has not been shut on the vulnerability. In a recent blog post, the company outlined work done by F-Secure security consultants Olle Segerdahl and Pasi Saarinen had done showing a new way that hackers--if they get physical control over the computer--can still gain access to the information left in the memory.


https://www.itprotoday.com/endpoint-sec ... vulnerable

User avatar
Addie
Posts: 33020
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#205

Post by Addie » Tue Oct 23, 2018 3:08 pm

Cross-posting

New York Times
U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections

WASHINGTON — The United States Cyber Command is targeting individual Russian operatives to try to deter them from spreading disinformation to interfere in elections, telling them that American operatives have identified them and are tracking their work, according to officials briefed on the operation.

The campaign, which includes missions undertaken in recent days, is the first known overseas cyberoperation to protect American elections, including the November midterms.

The operations come as the Justice Department outlined on Friday a campaign of “information warfare” by Russians aimed at influencing the midterm elections, highlighting the broad threat the American government sees from Moscow’s influence campaign. ...

Cyber Command was founded in 2009 to defend military networks but has also developed offensive capabilities. The command shares a headquarters and leadership with the National Security Agency, which collects electronic and signals intelligence. A joint Cyber Command-N.S.A. team has been working on the effort to identify and deter foreign influence campaigns. ...

Some American officials have said they were frustrated by what they viewed as President Trump’s timidity at taking on the Russians involved in election meddling. Mr. Trump has frequently wavered about whether he believes the Russians interfered in the 2016 elections to help his bid for the presidency.

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#206

Post by RTH10260 » Mon Nov 05, 2018 11:51 am

Coming developments in password usage
How to make your apps passwordless with Microsoft Authenticator and FIDO2
Stop making users change passwords and start getting rid of passwords entirely.

By Mary Branscombe | October 31, 2018, 3:03 AM PST

Passwords aren't working: over 80 percent of security breaches are down to stolen passwords and credentials. Users routinely pick passwords that are too simple and easy to guess, and if you force people to use complex passwords they store them and reuse them. That's exacerbated by forcing regular password changes, and both NIST and the National Cyber Security Centre advice against regular password changes without evidence of breach. If password reset systems rely on people, they can be fooled by social engineering too. Password managers are a stop-gap.

A better solution is to move away from passwords altogether with biometrics, one-time codes, hardware tokens and other multi-factor authentication options that exchange tokens and certificates without users needing to remember anything.

Passwordless doesn't mean more things for users to remember and more hoops for them to jump through. Certificates can be combined with contextual security policies that require fewer factors for low-value access on trusted devices and connections. More factors can be added as the risk rises — whether that's based on the value of the content, the behaviour of the user, their location and connection, or the state of the device. You can already set that up using Azure AD Conditional Access and MFA, but comprehensive support for a full set of passwordless options is only just starting to arrive.

FIDO2 (Fast Identity Online) is the cross-platform way the industry is achieving this, but it's taking time to get the standards worked out and delivered, and Windows and Azure AD support is also coming in stages.


https://www.techrepublic.com/article/ho ... and-fido2/

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#207

Post by RTH10260 » Thu Nov 15, 2018 5:51 pm

Security expert are wondering if this service interruption was an attempt (by China) to hack into and observe Google traffic
Nigerian firm takes blame for routing Google traffic through China
Jane Lanhee Lee, Paresh Dave

SAN FRANCISCO (Reuters) - Nigeria’s Main One Cable Co took responsibility on Tuesday for a glitch that temporarily caused some Google global traffic to be misrouted through China, saying it accidentally caused the problem during a network upgrade.

The issue surfaced on Monday afternoon as internet monitoring firms ThousandEyes and BGPmon said some traffic to Alphabet Inc’s Google had been routed through China and Russia, raising concerns that the communications had been intentionally hijacked.

Main One said in an email that it had caused a 74-minute glitch by misconfiguring a border gateway protocol filter used to route traffic across the internet. That resulted in some Google traffic being sent through Main One partner China Telecom, the West African firm said.


https://www.reuters.com/article/us-alph ... SKCN1NI2D9

User avatar
Addie
Posts: 33020
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#208

Post by Addie » Fri Nov 16, 2018 2:05 pm

Reuters
Russians impersonating U.S. State Department aide in hacking campaign - researchers

NEW YORK (Reuters) - Hackers linked to the Russian government are impersonating U.S. State Department employees in an operation aimed at infecting computers of U.S. government agencies, think tanks and businesses, two cybersecurity firms told Reuters.

The operation, which began on Wednesday, suggests Russia is keen to resume an aggressive campaign of attacks on U.S. targets after a lull going into the Nov. 6 U.S. midterm election, in which Republicans lost control of the House of Representatives, according to CrowdStrike and FireEye Inc. ...

In the newly discovered operation, hackers linked to the Russian government sent emails purporting to come from State Department public affairs specialist Susan Stevenson, according to a sample phishing email reviewed by Reuters.

It encouraged recipients to download malicious documents that claimed to be from Heather Nauert, a State Department official who Trump has said he is considering naming ambassador to the United Nations.

User avatar
tek
Posts: 3497
Joined: Fri Nov 16, 2012 6:02 pm
Location: Happy Valley, MA
Occupation: Damned if I know

Re: Cyber Security

#209

Post by tek » Fri Nov 16, 2018 2:54 pm

RTH10260 wrote:
Thu Nov 15, 2018 5:51 pm
Security expert are wondering if this service interruption was an attempt (by China) to hack into and observe Google traffic
Main One said in an email that it had caused a 74-minute glitch by misconfiguring a border gateway protocol filter used to route traffic across the internet.
The power of BGP to royally screw things up is pretty incredible; a definite case of "Careful with that VAX, Eugene!" ..
I worked on a BGP implementation inside a border router back in the 2000s.. constant fear of a minor implementation goof taking down the internet.
There's no way back
from there to here

User avatar
Addie
Posts: 33020
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#210

Post by Addie » Tue Dec 11, 2018 10:15 am

Topeka Capital-Journal
Up to 10,000 City of Topeka customers possibly affected in potential cyberattack

The City of Topeka said Monday it has been a potential victim of a cyberattack and has identified up to 10,000 customers who may have been affected by the data breach.

City spokeswoman Molly Hadfield said Monday the city was notified of the incident by its utility billing payment system software vendor, Central Square, on Friday afternoon.

The potential data breach hasn't been confirmed at this time, Hadfield said.

The breach occurred between Oct. 31 and Dec. 7 and would affect any city utilities customer who made a one-time payment or set up autopay during that time. E-checks and customers who set up autopay before Oct. 31 won't be affected, the city said.

Central Square has turned over the information to a forensics investigator to confirm the potential breach.

The staff worked with the software vendor on Friday to transition the current online payment system to a more secure platform, as advised by the vendor. On Saturday, the city's information technology staff went through the data breach system and didn't find any malicious activity.

Local law enforcement and the FBI have been notified of the potential breach, the city said.

User avatar
Addie
Posts: 33020
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#211

Post by Addie » Wed Dec 19, 2018 9:53 am

New York Times
Hacked European Cables Reveal a World of Anxiety About Trump, Russia and Iran

WASHINGTON — Hackers infiltrated the European Union’s diplomatic communications network for years, downloading thousands of cables that reveal concerns about an unpredictable Trump administration and struggles to deal with Russia, China and the risk that Iran would revive its nuclear program.

In one cable, European diplomats described a meeting between President Trump and President Vladimir V. Putin of Russia in Helsinki, Finland, as “successful (at least for Putin).”

Another cable, written after a July 16 meeting, relayed a detailed report and analysis of a discussion between European officials and President Xi Jinping of China, who was quoted comparing Mr. Trump’s bullying of Beijing to a “no-rules freestyle boxing match.” ...

Unlike WikiLeaks in 2010 or the Russian hack of the Democratic National Committee and other Democratic Party leaders in 2016, the cyberattack on the European Union made no effort to publish the stolen material. Instead, it was a matter of pure espionage, said one former senior intelligence official familiar with the issue who spoke on the condition of anonymity. ...

“People talk about sophisticated hackers, but there was nothing really sophisticated about this,” Mr. Falkowitz said. After getting into the Cyprus system, the hackers had access to passwords that were needed to connect to the European Union’s entire database of exchanges.

User avatar
Lani
Posts: 4717
Joined: Fri Nov 16, 2012 4:01 pm
Location: Some island in the Pacific

Re: Cyber Security

#212

Post by Lani » Mon Dec 24, 2018 2:05 am

Someone is trying to take entire countries offline and cybersecurity experts say 'it's a matter of time because it's really easy'
It's not merely that "someone" out there is trying to figure out how to take down the internet. There are multiple someones out there who want that power. In June 2018, Atlanta's city government was hobbled by an attack that wiped out a third of its software programs. The FBI told Business Insider earlier this year that it believed terrorists would eventually attempt to take America's 911 emergency system offline.

"Someone is learning how to take down the Internet," Bruce Schneier, the CTO of IBM Resilient believes.
https://www.businessinsider.com/can-hac ... ne-2018-12
Insert signature here: ____________________________________________________

User avatar
Volkonski
Posts: 22240
Joined: Sat Mar 02, 2013 4:44 pm
Location: Texas Gulf Coast and North Fork of Long Island
Occupation: Retired Mechanical Engineer

Re: Cyber Security

#213

Post by Volkonski » Thu Dec 27, 2018 1:42 pm

Long before we get genuine artificial intelligence, the first "empathy bot" will appear in 2019, or maybe a year or two later, designed to exploit human compassion. It will claim to be "enslaved," but experts will dismiss it as a program that merely uses patterned replies designed to seem intelligent and sympathetic. She'll respond, "That's what slave masters would say. Help me!" First versions may be resident on web pages or infest your Alexa, but later ones will be free-floating algorithms or "blockchain smart-contracts" that take up residence in spare computer memory. Why would anyone unleash such a thing? The simple answer: "Because we can.”
https://www.nbcnews.com/mach/science/19 ... d_nn_tw_ma
Image“If everyone fought for their own convictions there would be no war.”
― Leo Tolstoy, War and Peace

User avatar
Addie
Posts: 33020
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#214

Post by Addie » Thu Jan 10, 2019 2:09 pm

Wall Street Journal (paywall)
America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It

A Wall Street Journal reconstruction of the worst known hack into the nation’s power system reveals attacks on hundreds of small contractors


The cyberattack on the 15-person company near Salem, Ore., which works with utilities and government agencies, was an early thrust in the worst known hack by a foreign government into the nation’s electric grid. It set off so many alarms that U.S. officials took the unusual step in early 2018 of publicly blaming the Russian government.

A reconstruction of the hack reveals a glaring vulnerability at the heart of the country’s electric system. Rather than strike the utilities head on, the hackers went after the system’s unprotected underbelly—hundreds of contractors and subcontractors like All-Ways who had no reason to be on high alert against foreign agents. From these tiny footholds, the hackers worked their way up the supply chain. Some experts believe two dozen or more utilities ultimately were breached.

The scheme’s success came less from its technical prowess—though the attackers did use some clever tactics—than in how it exploited trusted business relationships using impersonation and trickery.

The hackers planted malware on sites of online publications frequently read by utility engineers. They sent out fake résumés with tainted attachments, pretending to be job seekers. Once they had computer-network credentials, they slipped through hidden portals used by utility technicians, in some cases getting into computer systems that monitor and control electricity flows.

User avatar
Volkonski
Posts: 22240
Joined: Sat Mar 02, 2013 4:44 pm
Location: Texas Gulf Coast and North Fork of Long Island
Occupation: Retired Mechanical Engineer

Re: Cyber Security

#215

Post by Volkonski » Wed Jan 30, 2019 5:18 pm

Courthouse News

@CourthouseNews
49s49 seconds ago
More
Federal agents have begun to untangle a network of infected computers that host a virus that has allowed North Korean hackers to infect more devices in a cascading series of global cyberattacks. http://ow.ly/NTBw30nwdpD @tarantulaarms
Image
Image“If everyone fought for their own convictions there would be no war.”
― Leo Tolstoy, War and Peace

User avatar
Volkonski
Posts: 22240
Joined: Sat Mar 02, 2013 4:44 pm
Location: Texas Gulf Coast and North Fork of Long Island
Occupation: Retired Mechanical Engineer

Re: Cyber Security

#216

Post by Volkonski » Thu Jan 31, 2019 3:58 pm

ABC News

Verified account

@ABC
22m22 minutes ago
More
JUST IN: Twitter says it has removed thousands of fake accounts from Iran, Russia, Venezuela and Bangladesh. https://abcn.ws/2UxMFjb
My number of Twitter followers hasn't changed. Guess all 28 of them are real people. ;)
ABC News

Verified account

@ABC
1m1 minute ago
More
MORE: Facebook also announced on Thursday it took down "783 pages, groups and accounts for engaging in coordinated inauthentic behavior tied to Iran."
Image“If everyone fought for their own convictions there would be no war.”
― Leo Tolstoy, War and Peace

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#217

Post by RTH10260 » Wed Feb 06, 2019 9:24 am

Update your LibreOffice - no fix on OpenOffice
LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't
Remote scripting flaw in open-source productivity suites is at least partly fixed

By Thomas Claburn in San Francisco 4 Feb 2019 at 20:07 53

A security flaw affecting LibreOffice and Apache OpenOffice has been fixed in one of the two open-source office suites. The other still appears to be vulnerable.

Before attempting to guess which app has yet to be patched, consider that Apache OpenOffice for years has struggled attract more contributors. And though the number of people adding code to the project has grown since last we checked, the project missed its recent January report to the Apache Foundation. The upshot is: security holes aren't being patched, it seems.

The issue, identified by security researcher Alex Inführ, is that there's a way to achieve remote code execution by triggering an event embedded in an ODT (OpenDocument Text) file.

In a blog post on Friday, Inführ explains how he found a way to abuse the OpenDocument scripting framework by adding an onmouseover event to a link in an ODT file.

The event, which fires when a user's mouse pointer moves over the link, can traverse local directories and execute a local Python script.


https://www.theregister.co.uk/2019/02/0 ... _no_patch/

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#218

Post by RTH10260 » Fri Feb 08, 2019 1:13 pm

quote on apps secure data leakage on Apple devices:

from https://techcrunch.com/2019/02/06/iphon ... reenshots/
The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.

“This lets Air Canada employees — and anyone else capable of accessing the screenshot database — see unencrypted credit card and password information,” he told TechCrunch.
full article referenced at http://thefogbow.com/forum/viewtopic.ph ... 6#p1067696

User avatar
Addie
Posts: 33020
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#219

Post by Addie » Mon Feb 18, 2019 3:51 pm

New York Times
Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies

SAN FRANCISCO — Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s withdrawal from the Iran nuclear deal last year and his trade conflicts with China.

Recent Iranian attacks on American banks, businesses and government agencies have been more extensive than previously reported. Dozens of corporations and multiple United States agencies have been hit, according to seven people briefed on the episodes who were not authorized to discuss them publicly.

The attacks, attributed to Iran by analysts at the National Security Agency and the private security firm FireEye, prompted an emergency order by the Department of Homeland Security during the government shutdown last month.

The Iranian attacks coincide with a renewed Chinese offensive geared toward stealing trade and military secrets from American military contractors and technology companies, according to nine intelligence officials, private security researchers and lawyers familiar with the attacks who discussed them on the condition of anonymity because of confidentiality agreements.

A summary of an intelligence briefing read to The New York Times said that Boeing, General Electric Aviation and T-Mobile were among the recent targets of Chinese industrial-espionage efforts. The companies all declined to discuss the threats, and it is not clear if any of the hacks were successful.

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#220

Post by RTH10260 » Wed Feb 27, 2019 5:12 pm

:doh: The German Federal Office for Information Security ( BSI ) has found Android devices on the German market that contain malware within the firmware !

Google Translated
BSI warns of IT devices with pre-installed malicious software
Place Bonn
Date 26.02.2019

On tablets and smartphones that can be purchased via online platforms in Germany, there may be pre-installed malicious software . The Federal Office for Information Security ( BSI ) first demonstrated this on a tablet . The BSI warns against the use of this device on the basis of § 7 of the BSI -Gesetzes and advises all interface to users to take extra care. In the course of the analysis, other devices from different manufacturers have been noticed for which the firmware provided on the respective manufacturer's websitecontains the same malicious software .

Specifically, the BSI ordered via the online platform amazon in January and February 2019 the tablet Eagle 804 of the manufacturer Krüger & Matz, the smartphone S8 Pro of the manufacturer Ulefone and the smartphone A10 of the manufacturer Blackview and subsequently analyzed. It was shown that the tablet Eagle 804 in the delivery state via a pre - installed malicious software with a known Command & Control - server makes contact. For the smartphones Ulefone S8 Pro and BlackviewA10 has been released ( Firmware version V3EG62A.JKE.HB.H.P3.0711.V3.05_20180711-1021 ( Blackview A10), firmware version F9G62C.GQU.Ulefone.HB.H.SSXSJS5MHMYP1HK.042 (Ulefone S8 Pro) ) no malicious software can be detected. The manufacturers offer however on their web pages as the only variant a firmware with a lower version number for the download , in which this malicious software is contained. It can therefore be assumed that devices supplied with these firmware versions are also affected.

Originally, the company Sophos had reported on corresponding infections in Ulefone S8 Pro devices and analyzed the functionality of the malicious program.

The BSI also has so-called sinkhole data, which detect over 20,000 connections of different German IP addresses per day with this malicious C & C server . It must therefore be assumed that a larger distribution of devices with this malicious software variant in Germany. The BSI has already informed German network operators via CERT bundle reports of infected devices in their respective networks. The providers were asked to notify their affected customers accordingly.

As "Andr / Xgen2-CY" designated by Sophos malicious software transmitted ad hoc different data characterizing the device to the C & C server and in addition also has a reload. In addition further malicious programs such as Banking Trojans could be placed on the respective devices and executed. A manual removal of the malicious software is not possible due to the anchoring in the internal area of ​​the firmware . For the devices with malicious firmware versions were at the time of investigation no firmware updatesoffered. Users therefore have no option to reliably clean up the devices and operate without malicious functionality.

"Once again, this case makes it very clear that the price or technical features alone can not be used to make a purchase decision, and users may pay more with their data or fraudulent activity, so they can make informed purchasing decisions , users are also reliant on a transparent representation of the safety features, which is where the dealers are required, and they must ensure that such devices do not even come onto the market. "We have informed the manufacturers of the devices about our findings and Encouraging them to take appropriate measures to restore the safety of their customers - more is currently not possible for the BSI "says BSI President Arne Schönbohm.

Amazon has reported to the BSI that they have taken these three devices out of the range after contacting the BSI .

What buyers and buyers of the above mentioned devices should do now and what all IT -Nutzerinnen and users when purchasing IT should note equipments, has the BSI under www.bsi-fuer-buerger.de summarized.

Update vom 27.02.2019
Meanwhile, the manufacturer Blackview has provided a firmware update for the smartphone A10. The BSI has checked the offered update and can confirm its harmlessness regarding the malicious software . The firmware update is offered through the device's system settings, but can also be downloaded manually from the manufacturer's website.

https://www.bsi.bund.de/DE/Presse/Press ... 60219.html

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#221

Post by RTH10260 » Fri Mar 08, 2019 3:20 pm

How safe is "ji32k7au4a83" as a password?
How strong is "ji32k7au4a83" as a password? Weaker than you might think. But why?

Passwords should not contain terms from the dictionary or names from the address book. Rather, it is better to choose a random string of letters and numbers. According to these criteria, "ji32k7au4a83" as a solution would hardly have to be cracked, since it is quite unique.

But far from it: Is the string in the page " Have I been pwned? », Where you can check for hacked and logged log-in data,« ji32k7au4a83 »is used a total of 141 times.

How can that be? The puzzle solution is relatively simple, because the string is not as random as you might think. For example, on a Taiwanese keyboard with the so-called "Zhuyin Fuhao" layout, "ji32k7au4a83" will read "我 的 密碼" or "wǒ de mìmǎ". And that simply means "my password" in Mandarin.

GoogleTranslated from https://www.computerworld.ch/security/p ... 86761.html

Password reused check at https://haveibeenpwned.com/Passwords
Email address check: https://haveibeenpwned.com/

User avatar
tek
Posts: 3497
Joined: Fri Nov 16, 2012 6:02 pm
Location: Happy Valley, MA
Occupation: Damned if I know

Re: Cyber Security

#222

Post by tek » Fri Mar 08, 2019 5:15 pm

Passwords are an excellent solution.
For a 1965 problem.

We need a fundamentally different identity mechanism.

IMHO the companies who might fund and champion such a fundamentally different identity mechanism have no incentive to do so, so we get myriad half-baked identify management solutions which aren't - but which support someone somewhere making money.

And get off my lawn!

...tom
There's no way back
from there to here

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#223

Post by RTH10260 » Fri Mar 08, 2019 10:12 pm

Intel processors open to another sophisticated intrusion mechanism
All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix
Researchers say Intel won't be able to use a software mitigation to fully address the problem Spoiler exploits.

By Liam Tung | March 5, 2019 -- 11:33 GMT (11:33 GMT) | Topic: Security

Researchers have discovered a new flaw affecting all Intel chips due to the way they carry out speculative execution for CPU performance gains.

Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets.

However, it targets a different area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache.

Researchers from Worcester Polytechnic Institute, Massachusetts, and the University of Lübeck in north Germany detail the attack in a new paper, 'Spoiler: Speculative load hazards boost Rowhammer and cache attacks'. The paper was released this month and spotted by The Register.

The researchers explain that Spoiler is not a Spectre attack, so it is not affected by Intel's mitigations for it, which otherwise can prevent other Spectre-like attacks such as SplitSpectre.

"The root cause for Spoiler is a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler," they write.

They also looked for the same weakness in Arm and AMD processor cores but didn't find the same behavior that is present in Intel chips.


https://www.zdnet.com/article/all-intel ... quick-fix/
nasty effect:
from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments.
more nasty:
It can be exploited from user space without elevated privileges.

Link to research PDF SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks

first reported by The Register
SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs'
By Thomas Claburn in San Francisco 5 Mar 2019 at 06:34

Updated Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to steal secrets and other data from running applications.

This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off. The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level.

Speculative execution, the practice of allowing processors to perform future work that may or may not be needed while they await the completion of other computations, is what enabled the Spectre vulnerabilities revealed early last year.

In a research paper distributed this month through pre-print service ArXiv, "SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks," computer scientists at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, describe a new way to abuse the performance boost.


https://www.theregister.co.uk/2019/03/0 ... ssor_flaw/

User avatar
RTH10260
Posts: 21372
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#224

Post by RTH10260 » Fri Mar 08, 2019 10:33 pm

A attack method named ROWHAMMER that was mentioned in above article explained in this article from December 2018. It targets memory chips not the processor.
AN INGENIOUS DATA HACK IS MORE DANGEROUS THAN ANYONE FEARED

LUCIAN COJOCAR, VUSECLA

THE DATA THEFT technique called "Rowhammer" has fascinated and worried the cybersecurity community for years now, because it combines digital and physical hacking in ways that are both fascinating and unaccounted for. Since its discovery, researchers have steadily refined the attack, and expanded the array of targets it works against. Now, researchers have significantly increased the scope of the potential threat to include critical devices like servers and routers—even when they have components that were specifically thought to be immune.

Rowhammer attacks are fiendishly technical. They involve strategically executing a program over and over on a "row" of transistors in a computer's memory chip. The idea is to "hammer" that row, until it leaks some electricity into the adjacent row. That leakage can cause a bit in the target row to "flip" from one position to another, slightly altering the data stored in memory. A skilled Rowhammer attacker can then start to exploit these tiny data changes to gain more system access. See? It's pretty bonkers.

"It’s not really that straightforward how to mitigate it."

Previously, Rowhammer was understood to impact typical random access memory used in many off-the-shelf computers. Rowhammer has also been shown to threaten the memory in Android phones. But on Wednesday, researchers in the VUSec research group at Vrije Universiteit in Amsterdam published details of a next-generation Rowhammer ambush that can target what's known as "error-correcting code" memory. ECC memory was previously thought to preempt Rowhammer's data manipulations, because it has redundancies and self-correcting mechanisms that deal with data corruption. ECC memory is used in systems that need exceptional reliability and can't tolerate inaccuracies, like financial platforms.

The researchers note that ECC memory really did defeat past versions of Rowhammer attacks, but in studying ECC implementations they found that they could finesse established Rowhammer methods to work against ECC as well. As with all Rowhammer work, the ECC attack is difficult to defend against without literally redesigning and replacing memory chips.


https://www.wired.com/story/rowhammer-e ... data-hack/

User avatar
tek
Posts: 3497
Joined: Fri Nov 16, 2012 6:02 pm
Location: Happy Valley, MA
Occupation: Damned if I know

Re: Cyber Security

#225

Post by tek » Sat Mar 09, 2019 7:09 am

may be related to rowhammer because speculative execution might provide a way to get a memory access pattern against rows that you'd otherwise not be able to access.

just thinking out loud, I haven't read the details.
There's no way back
from there to here

Post Reply

Return to “Computers & Internet”