Expect the Spectre....and Meltdown Soon

Discussion in 'HardForum Tech News' started by FrgMstr, Feb 1, 2018.

  1. FrgMstr

    FrgMstr Just Plain Mean Staff Member

    Messages:
    47,984
    Joined:
    May 18, 1997
    Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon. We all know this is coming, but just when has been the real question. As Intel is scrambling to get fixes out that do not cause more problems than those fix, we can be thankful that no actual real instances of Spectre or Meltdown have actually been found in the wild as of writing this. It has been confirmed by Mozilla that Spectre is deliverable through a simple JavaScript on a web page, so you might be a little extra careful when clicking. Thanks Joe!


    According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities.

    Researchers from AV-TEST have detected 119 malware samples that are related to the aforementioned CPU vulnerabilities.
     
  2. RogueTadhg

    RogueTadhg [H]ard|Gawd

    Messages:
    1,524
    Joined:
    Dec 14, 2011
    Makes finding our way through "DOWNLOAD NOW" buttons much more dangerous. Choose the correct button and win glorius prizes. Select any other wrong ones and you'll need to buy a new computer.
     
  3. Rahh

    Rahh [H]ard|Gawd

    Messages:
    1,608
    Joined:
    Jan 14, 2005
  4. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,441
    Joined:
    Aug 13, 2017
    Releasing exploit data before there is a real fix.. way to go.
     
  5. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    The nature of the this problem is so pervasive that getting fixes out across the board and doing adequate testing without the details of these issues being known simply isn't possible.
     
    thebufenator likes this.
  6. Schtask

    Schtask Limp Gawd

    Messages:
    436
    Joined:
    Nov 29, 2011
    Say what? The core principles and proof of concept code within the exploits themselves was released in a white paper as Spectre / Meltdown was announced. TBH I expected that we would see these in the wild already. Guess threat actors decided there are better ways to get this data (there are).
     
    LightsOut41 likes this.
  7. Kongar

    Kongar Gawd

    Messages:
    730
    Joined:
    Oct 25, 2004
    So this flu season sux - been out of the loop for a week. Where do we stand today with this nonsense? Last week it was "sorry Ivy Bridge users - no updates for you" Is that still the case, and if so, are we really facing a future where any misclick on a webpage could compromise the security of our PCs? It's just mind boggling to think about.
     
  8. Krenum

    Krenum [H]ardForum Junkie

    Messages:
    15,294
    Joined:
    Apr 29, 2005
    Is this spector / Meltdown fiasco known to kill SSD Drives? One of my 240gb drives just died :(
     
  9. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,441
    Joined:
    Aug 13, 2017
    And the release of this high Exploit did not draw the attention of hackers and accelerate hack development targeting this specific vulnerability?
     
  10. BSmith

    BSmith [H]ard|Gawd

    Messages:
    1,324
    Joined:
    Nov 9, 2017
    This just keeps getting better and better. Might as well just block all Javascript now. Oh wait, we can't without breaking most sites on the Internet. Wonderful.
     
    Nobu, c3k, Master_shake_ and 4 others like this.
  11. Eyeball Kid

    Eyeball Kid Gawd

    Messages:
    611
    Joined:
    Jan 31, 2002
    Will anti-virus software not catch this?
     
  12. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,375
    Joined:
    Mar 4, 2013
    Worse. A few days ago, Microsoft issued a patch to roll back the patches that Intel released because the Intel patches were breaking more stuff then they fixed. So if you have a fully updated system, you have no protection against this. At least on a Windows Intel system.

    Sad that script blockers are fast becoming the first and apparently the most effective line of defense against this crap.
     
  13. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    No doubt this disclosure did draw the attention of hackers. I'm just saying that there's no way to fix an problem this pervasive effectively before it being disclosed because of the level of testing involved. Trying to fix it under wraps effectively across all effected platforms simply isn't possible.
     
  14. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    As is always the case with anti-virus, maybe. But hackers do go to great lengths these days to bypass anti-virus.
     
  15. drescherjm

    drescherjm [H]ardForum Junkie

    Messages:
    14,213
    Joined:
    Nov 19, 2008

    No. That is very unlikely.
     
  16. drescherjm

    drescherjm [H]ardForum Junkie

    Messages:
    14,213
    Joined:
    Nov 19, 2008
    AV always is in catch up mode.
     
  17. ChadD

    ChadD 2[H]4U

    Messages:
    3,683
    Joined:
    Feb 8, 2016
    We'll when you tell companies about it months before you release it and they mostly put their fingers in their ears what are you to do... well they didn't just put their fingers in their ears. As I understand it some CEOs sold all their stock instead of driving the fixes out the door. lol
     
    Sulphademus, Simmonz and SvenBent like this.
  18. drescherjm

    drescherjm [H]ardForum Junkie

    Messages:
    14,213
    Joined:
    Nov 19, 2008
    I don't think everyone would want to use a raspberry pi to replace their desktop PC. AMD and Intel are both vulnerable and have been so to Spectre for every CPU sold in at least the last 2 decades. That is except for a few low power CPUs that don't use out of order execution.
     
    Last edited: Feb 1, 2018
  19. ChadD

    ChadD 2[H]4U

    Messages:
    3,683
    Joined:
    Feb 8, 2016
    Considering that these use legit features of your CPU.. unless your Anti virus is intercepting everything and preventing code from using those CPU funcitons. No no AV will not catch this. Perhaps they can catch some specific bits of web script but I doubt there is much they can do outside the most common recycled type of malware. I believe heuristic type scanning would be useless.
     
    defaultluser likes this.
  20. BSmith

    BSmith [H]ard|Gawd

    Messages:
    1,324
    Joined:
    Nov 9, 2017
    You do know the cryptocrazies will be the first ones to take advantage of this? Everyone's computer will be minng for someone,

    Just freaking awesome! Yes, I have firmly affixed my tin foil hat to me noggin, but now I wonder if the aluminum can be hacked!
     
    c3k, Verado and mynamehere like this.
  21. ChadD

    ChadD 2[H]4U

    Messages:
    3,683
    Joined:
    Feb 8, 2016
    Only if you bought Intel brand foil.
     
  22. Kongar

    Kongar Gawd

    Messages:
    730
    Joined:
    Oct 25, 2004
    Thanks for the update - crazy stuff. Sucks that the patches were causing problems - but they'll get that sorted out. The real issue I can't come to grips with is that there's no fix coming for many modern-ish systems like my ivy bridge. I can't see my script blocker and my safe browsing habits being effective here. Every once and a while you have to turn scripts on because a website requires it, and if you're paranoid you'd do that in a virtual machine. But that doesn't even work in this case.

    It's like my computers are destined to become part of a botnet no matter what I do. To fix, I just have to open up my wallet and buy a new gaming rig, a new laptop for the wife, a new HTPC for the home theater, and I can't do the old "hand me down" approach that works for so many families. Strange times indeed.
     
  23. kju1

    kju1 2[H]4U

    Messages:
    3,031
    Joined:
    Mar 27, 2002
    Ever heard of a forcing function? Also Intel was informed before Spectre/Meltdown was publicized so I am not sure what your point is.

    Your brain has already been hacked. Deal with it.
     
  24. Chebsy

    Chebsy Gawd

    Messages:
    524
    Joined:
    Jan 24, 2013
    Quote "Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon"

    Couldn't you fit any more "soon's" in that sentence Kyle ?? ;);)
     
    ncjoe likes this.
  25. Schtask

    Schtask Limp Gawd

    Messages:
    436
    Joined:
    Nov 29, 2011
    Nah. Definitely not due to this.
     
    heatlesssun likes this.
  26. kju1

    kju1 2[H]4U

    Messages:
    3,031
    Joined:
    Mar 27, 2002
    Soon he will be able to. Soon.
     
  27. Schtask

    Schtask Limp Gawd

    Messages:
    436
    Joined:
    Nov 29, 2011
    Umm.... Yes. That's the point. From the beginning. Please believe that they wouldn't have publicly released the details if they thought it wasn't already being looked at by advanced threat actors. It's not like spectre / meltdown are the first iteration of this kind. AnC uses similar (but different) principles and that's almost two years old. Breaking ASLR and KASLR has always been a target. A big one. Spectre / Meltdown does this in a big way...but so do others.

    All this being said... There are better methods out there that allow for credential harvesting. TAs know this...and will take the path of least resistance (usually).

    In general, public release forces vendors to get their shit together and fix it. That's why it is done.
     
    Last edited: Feb 1, 2018
  28. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    But Kyle's a Texan, how could he be a Sooner?
     
    JMccovery, Saturn_V and otherweeb like this.
  29. Schtask

    Schtask Limp Gawd

    Messages:
    436
    Joined:
    Nov 29, 2011
    Depends on the AV. If the exploits are deployed client side in a specific payload that has other functions...maybe. The raw script itself...Probably not since it exists in the lower rings.
     
  30. Schtask

    Schtask Limp Gawd

    Messages:
    436
    Joined:
    Nov 29, 2011
    The type of attack you mentioned would gain very little if no benefit from Spectre / Meltdown. If you want to look at crypto mining based attacks, I would suggest starting with Adylkuzz.
     
  31. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,441
    Joined:
    Aug 13, 2017
    Because Intel was informed, the hacker community was therefore informed? Intel / Google / AMD have less than zero motivation to do anything but keep it under wraps. Plus the story breaking six months down the road shows that.
     
  32. Lunas

    Lunas [H]ardForum Junkie

    Messages:
    9,749
    Joined:
    Jul 22, 2001
    No but it does give an attacker full undetectable access to do whatever they wish...
     
  33. Schtask

    Schtask Limp Gawd

    Messages:
    436
    Joined:
    Nov 29, 2011
    From memory. Bandwidth is pretty low on these attacks, so it could take forever for them to find what they are looking for to begin with. That might improve over time though. Just too man unknowns right now to be absolutely sure.
     
  34. BSmith

    BSmith [H]ard|Gawd

    Messages:
    1,324
    Joined:
    Nov 9, 2017
    "Java" is now reached 4 letter word status with me.
     
  35. Gigus Fire

    Gigus Fire 2[H]4U

    Messages:
    2,275
    Joined:
    Oct 14, 2004
    ad blockers just became needed.
     
  36. WhoBeDaPlaya

    WhoBeDaPlaya 2[H]4U

    Messages:
    2,485
    Joined:
    Dec 16, 2002
    How else am I going to see Paris Hilton / <favorite fap bait> naked?
     
    RogueTadhg likes this.
  37. kju1

    kju1 2[H]4U

    Messages:
    3,031
    Joined:
    Mar 27, 2002
    Paris? Puhleeze shes on like every porn site out there...

    Why does the hacker community need to be informed before a fix is in place? You specifically bitched about how the data was released before a fix. The vendors are responsible for the fixes not the "hacker community".

    Also it "breaking six months down the road" shows nothing besides the individuals/companies that found it giving vendors 6 months of a head start to fix it.
     
  38. WhoBeDaPlaya

    WhoBeDaPlaya 2[H]4U

    Messages:
    2,485
    Joined:
    Dec 16, 2002
    Okay then. How else am I going to see Kyle naked? Bone closet?
     
    kju1 likes this.
  39. Khahhblaab

    Khahhblaab Limp Gawd

    Messages:
    481
    Joined:
    Apr 23, 2017
    Yeah. Here is another place that is checking on the overall progress: https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help

    Looks like microcode is buggy and browser updates dont remove all possibilities. Gonna take a while longer. Sucks that performance will take a hit.
     
    drescherjm likes this.
  40. kju1

    kju1 2[H]4U

    Messages:
    3,031
    Joined:
    Mar 27, 2002
    Try asking..but be careful what you ask for.
     
    WhoBeDaPlaya likes this.