System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre. My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite.
Transient Execution Attack Pot TEApot(Transient Execution Attack pot) is a project used to evaluate whether your system is affected by Meltdown and Spectre My goal is to build a easy-to-use(hard to implement) and configurable transient attack test suite This project is mainly based on project Transient Fail developed by IAIK More information will be found on their paper A Sy
Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber
Hardware and Firmware Security Guidance Table of Contents 1 About this repository 2 Side-channel attacks 21 Mitigations 211 Firmware patches 212 Software patches 213 Configuration changes 214 Disable Intel Hyper-Threading (Updated!) 215 Verification 22 Resources and Affected products 221 Hardware resources 222 Software resources 223 Advisory resources
Scripts to install and execute the Vuls vulnerability scanner running RHEL/CentOS on AWS EC2
rhel-centos-ec2-vuls Installation and execution scripts of the Vuls vulnerability scanner (vulsio) for RHEL/CentOS on AWS EC2 Description Vuls is an open-source, agent-less vulnerability scanner based on information from NVD, OVAL, etc Use these scripts to install Vuls and run vulnerability scans on your RHEL/CentOS instance on AWS EC2 Files instal
Microarchitectural exploitation and other hardware attacks.
Hardware attacks / State of the art Microarchitectural exploitation and other hardware attacks Contributing: Contributions, comments and corrections are welcome, please do PR Flaws: TPM-FAIL / TPM meets Timing and Lattice Attacks [CVE-2019-11090] For Intel fTPM [CVE-2019-16863] For STMicroelectronics TPM [CVE-2015-0565] Rowhammer based: [CVE-2016-6728] DRAMMER [CV
Also, make sure you update your Juniper kit quickly
Roundup This week, when we weren't watching the football and sobbing uncontrollably, we saw security headaches at NPM and Ticketmaster, and a priest in hot water with cybercrime charges.
But there's always more in the security world. Here are a few other bits of security news from recent days.
The US Senate is asking the Justice Department to look into the possibility that an Islamic extremist hacking group was actually the work of the Russian government.
Senators Ron Wyden (D-...
Oracle Linux and VM get their innoculations
Oracle has released fixes for Spectre v3a, Spectre v4, and the “Lazy FPU” vulnerability.
The two Spectre patches cover CVE-2018-3640 and CVE-2018-3640.
As Oracle's director of security assurance Eric Maurice explained, the patches apply to both Oracle Linux and Oracle VM and the associated Intel microcode.
The company was also busy on Friday with fixes for admins with systems that use its Ksplice no-reboot patches.
The one everyone was waiting for patches Oracle Linux...
Nasties on Cores, Xeons may lift computations, mitigations in place or coming
Updated A security flaw within Intel Core and Xeon processors can be potentially exploited to swipe sensitive data from the chips' math processing units.
Malware or malicious logged-in users can attempt to leverage this design blunder to steal the inputs and results of computations performed in private by other software.
These numbers, held in FPU registers, could potentially be used to discern parts of cryptographic keys being used to secure data in the system. For example, Intel's ...