Saturday, February 17, 2018

Newly Discovered Variants Of Meltdown/Spectre Exploit Cache Coherency Across Cores

Researchers created a new method of exploiting the Meltdown and Spectre vulnerabilities, which they’ve dubbed MeltdownPrime and SpectrePrime, that works by observing the effects of speculative execution on data shared between caches of different CPU cores. Existing software mitigations for Meltdown/Spectre are believed to be effective against the new variants.

Princeton and Nvidia researchers teamed up to produce a testing method that can generate code that represents the essence of an attack. More precisely, their method is CPU architecture-aware, so it emulates exactly what a software attack would translate into on the hardware level. According the the researchers, their tool can be used to quickly generate a set of “security litmus tests” for a class

In the process of their testing, they discovered that the speculative execution methods that are exploited by the Meltdown and Spectre vulnerabilities leave a trail that might not be observable in only a CPU’s shared cache, but in its cores’ individual caches as well. The explanation lies in the design of the invalidation-based cache coherence protocol of many CPUs.

CPU caches are a small snapshot of parts of the system memory. Because memory access only occurs for things that are not already in the cache, it’s actually the cache that holds the most up-to-date version of the memory. A multi-core CPU has shared caches, as well as per-core caches. Cores working with the same memory will each have their own snapshot of that memory in their individual cache. When one core modifies its cache, it’s the equivalent of it modifying the memory, so the other cores’ caches become out of date. The cache coherency protocol is the process by which the other cores are notified that their cache is invalid. 

The Meltdown/Spectre vulnerabilities break the principle of speculative execution being undetectable to software by modifying shared caches in a way that persists and is detectable across software process boundaries. What the researchers discovered is that, because certain caches might be partially mirrored across cores, the effects of speculative execution occurring on one core can be detectable on another core. Test cases exploiting this principle created by the researchers were able to recover hidden data at 99.95% accuracy. By comparison, their test cases of a traditional Spectre exploit only reached 97.9% accuracy.

Before you get too alarmed, the researchers said that current software-based Meltdown/Spectre mitigations seem successful in blocking their new exploits. However, these exploits will likely need their own distinct fix, different from those for traditional Spectre, if they are to be mitigated in hardware. It looks like Intel and AMD will have their work cut out for them in their next generation of CPUs.

IOS Text Field Bug

iPhone owners, brace yourself for yet another bug that pranksters and other ne'er-do-wells can use to crash your iPhone and block access to messaging apps like iMessage and even third-party apps like Facebook Messenger, WhatsApp, and Gmail.

The bug, spotted by the Italian blog Mobile World, involves sending an Indian language character (Telugu) to the victim. Once it is received, the iOS SpringBoard applicationimmediately crashes, and then the system prevents the application from loading.

This bug can cause iPhones to crash to the point where they require a DFU reset to recover.

The workaround for iMessage is to get someone else to send you a message, which allows you to open the application and delete the offending message, but for other third-party apps, the fix is dependent on the application, and it can range from simple to impossible if you don't have web access enabled for apps such as WhatsApp

Sunday, December 03, 2017

OSx Vulnerability ! Root Access

If you own a Mac computer and run the latest version of Apple's operating system, macOS High Sierra, then you need to be extra careful with your computer.

A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk.

Discovered by developer Lemi Orhan Ergin on Tuesday, the vulnerability only requires anyone with physical access to the target macOS machine to enter "root" into the username field, leave the password blank, and hit the Enter a few times—and Voila!

In simple words, the flaw allows an unauthorized user that gets physical access on a target computer to immediately gain the highest level of access to the computer, known as "root," without actually typing any password.

Needless to say, this blindingly easy Mac exploit really scary stuff.

This vulnerability is similar to one Apple patched last month, which affected encrypted volumes using APFS wherein the password hint section was showing the actual password of the user in the plain text.
Here's How to Login as Root User Without a Password
If you own a Mac and want to try this exploit, follow these steps from admin or guest account:

Open System Preferences on the machine.Select Users & Groups.Click the lock icon to make changes.Enter "root" in the username field of a login window.Move the cursor into the Password field and hit enter button there few times, leaving it blank.

With that (after a few tries in some cases) macOS High Sierra logs the unauthorized user in with root privileges, allowing the user to access your Mac as a "superuser" with permission to read and write to system files, including those in other macOS accounts as well.

This flaw can be exploited in several ways, depending on the setup of the targeted Mac. With full-disk encryption disabled, a rogue user can turn on a Mac that's entirely powered down and log in as root by doing the same trick.

At Mac's login screen, an untrusted user can also use the root trick to gain access to a Mac that has FileVault turned on to make unauthorized changes to the Mac System Preferences, like disabling FileVault.

All the untrusted user needs to do is click "Other" at the login screen, and then enter "root" again with no password.

Thursday, December 26, 2013

Avaya : Group Ringing

Ever wander that you want to make a group of extension ring at once without having to have the call do a round-robin forwarding ?

At your ASA look for an unused extension ( you can do so by at ASA -> General -> Find Unused Extension)

Go to GEDI ( ctrl+e on ASA )

1) Type in " add term-ext-group next"


2) Fill up to 4 extension and the group Extension just enter the unused extension number :)

3) Now at each station change the call forwarding to the group when there is incoming call.
     type in "change station XXX"  press next till you see the page where you can set the call forwarding.


4) Now when ever you call to Ext A it will forward the call to the term-ext-group which you have just set and all the phone in the group will ring !

Thursday, October 24, 2013

return to stock - galaxy ace (S5830)

was helping a friend to flash back stock rom to the phone (galaxy ace / S5830)

as always i do on my galaxy tab i thought will be just 

1) start in download mode 
2) start odin & flash with the firmware from http://www.sammobile.com/
3) done !

and I was so wrong :) 

I always getting the connection error / setup fail .. i've tried using various version of odin v1.85 - 4.38
And I first thought that it could be the usb driver is having issue or there is anti-virus blocking it !

After all it need is just the Cooper_v1.0.ops to be loaded and it work like charm :)

** For those who struggling to get Odin to work on your ACE / S5830 , please do download the ops file and load at the OPS section



Thursday, October 17, 2013

how to : psexec command line

have you ever wandered how do i pass command with spaces via psexec tool ?

just use the space :P

for e.g

psexec.exe \\ip-address cmd /c "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klmover.exe" -address SERVER

i run this command to have the remote pc to run the klmover.exe and point the current admin server to the new server

Wednesday, May 15, 2013

Google I/O 2013

It is the time of year again !

For those who cant make it as usual Google have it stream live us for us :D , do checkout the link for more info.

https://developers.google.com/events/io/

Thursday, February 28, 2013

Rebuilding Performance Index

Recently I having issue with the pslist tools, It would ask for please run the exctrlst tool from microsoft to reset performance index.


I've downloaded the tool and I've check the PrefOS & PerfProc are enable but I'm still return with the same error message that told me to reset the performance counter.

A quick search up google and it return me with this command lodctr.exe /R  (i run it at cmd, admin mode)
the file should be located c:\windows\system32 ; it took a while to complete and it is all good and I able to run pslist as usual :)