One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 457970 |
| Date de publication | 2018-01-11 02:53:00 (vue: 2018-01-11 02:53:00) |
| Titre | Improve Your Readiness To Defeat Meltdown & Spectre |
| Texte |
You were just getting back into the swing of things after bringing in the New Year, and it happened. Like a huge firework exploding with a thump that you can feel through your body, the news of Meltdown and Spectre hit the media on January 3, 2018.
Since the official disclosure of Meltdown and Spectre, there has been a flurry of news articles, as well as activity by the major processor and operating system vendors, and the community at large, to address these significant flaws. But, just what are these flaws, how are you impacted, and what should you do about them?
About Spectre and Meltdown
Discovered by researchers that include the Google Project Zero, several academic institutions, and some private companies, Spectre and Meltdown exploit design flaws existing in nearly all processors manufactured since 1995 that enable exfiltration of data within the CPU cache. Without getting into ‘too’ much detail:
Meltdown (outlined in CVE-2017-5754) impacts Intel and Apple processors, and exploits the Intel Privilege Escalation and Speculative Escalation processor functions to read any memory on the system and execute code on the system.
Spectre (outlined in CVE-2017-5715 and CVE-2017-5753) affects chips manufactured by Intel, Apple, ARM and AMD, and exploits the Branch Prediction and Speculative Execution processor functions to allow access to another user’s data within the same application, or even data from another application.
But, “What is speculative execution and branch prediction?” I hear you ask. The quick explanation is that these are functions that were designed to increase the performance of the chip by predicting what the application or system needs next. If it predicts correctly, then the processed information becomes immediately available. It’s similar in concept to a fast food restaurant that prepares your food before you arrive, so that you don’t have to wait in line while they cook it. Of course, if you want a deeper explanation of the technology and the exploits, you can read the technical papers published on Meltdown and Spectre.
A quick summary of the attacks can be seen in the following table, based on information from Daniel Miessler.
Am I At Risk?
More than likely you are at risk, given that the flaws affect nearly every processor manufactured from 1995 through to today. However, both exploits require that code be executed directly on the system, requiring access as a local administrator or user. This typically makes it difficult to exploit these vulnerabilities, although the Spectre flaw was able to be exploited through a JavaScript-based attack though unpatched browsers (noting that patches for many popular browsers have already been issued, so be sure to update them!).
Are There Any Known Attacks That Use Meltdown or Spectre?
So far, Meltdown and Spectre are not known to have been used to steal data. That said, compromise can be difficult to detect. The AlienVault Labs |
| Envoyé | Oui |
| Condensat | “what a although and online 000 1995 2017 2018 5715 5753 5754 ability able about academic access across activities activity added addition address administrator affect affects after against ahead alienvault all allow already also amd another any anywhere anywhere unifies app apple application applied apply approach architect are arm arrive articles ask assessment asset assets attack attacks attempting attempts automatically available aware aws azure back backup backups based become becomes been before behavioral behind best body both branch bringing browsers business but but you cache can cases centralized check chip chips chris cloud code combat communicating community companies compelled complete compromise concept console context contributors cook correctly could course cpu crashing currently customers cve daniel data date deeper defeat defend delivered demo demo of deploy design designed detail: detect detecting detection determine development different difficult directly disable disclosure discovered discovery doman don’t earlier easily effective effects emerging enable end ensure environment environments escalation evaluate even every exchange execute executed execution exfiltration existing expected explanation exploding exploit exploited exploiting exploits explore far fast feel felt find findings firework fixes flaw flaws flurry follow following food forensics from fully functions general getting github given gives giving glass google guarantees happened hard hardware has have hear help here hit how however huge hybrid identify identifying immediately impacted impacts implement improve include including including: increase indicate infected information inquisitive institutions integrated intel intelligence intrusion intrusions investigate issued issuing it’s january javascript just knowledge known labs large latest lead learn least leveraged leverages like likely limit line linux live local log look major makes malicious malware management manufactured manufacturers many may media meltdown memory methods microsoft miessler minds model monitoring more more: most mounting much nearly need needs network new news next not noting number official offline one ones open operating optimization organization other otx out outlined over pane papers participants patched patches patching performance phishing place plan platform popular possible potential power powershell practices predicting prediction predicts premises prepares pressure private privilege processed processor processors project protect protections provided public publish published put questioned quick ransomware read readiness receive recommendation recording related relates released report reputable require required requiring research researchers respond response restaurant risk room run said same samples scanning script security see seen segmentation sense services set several should side siem significant similar simplifies since single slowing smb some soon specifically spectre spectre: speculative started stays steal steps such summary sure surface swing system systems table team teams technical technology test than them then these they’ve things think those though threat threat—all threats through thump time today towards tracking traffic train traverse typically ultimately unified unpatched update updates updating use used user user’s using usm variants vendors visibility vulnerabilities vulnerability vulnerable wait want watch way webcast weigh well what when whenever where whether who wild will window windows within without work year you: your yourself zero |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.