Jump to content

Photo

InSpectre - New Steve Gibson utility

security now meltdown spectre steve gibson inspectre

  • Please log in to reply
18 replies to this topic

#11
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,204 posts

InSpectre has been updated to release #7 : https://www.grc.com/...tem=18254&utag=

 

 

 

 

Everyone,

As I discussed on the podcast yesterday, Microsoft will be
taking some responsibility for patching Intel (and eventually
perhaps AMD?) processor microcode on-the-fly when Windows boots.

That's TERRIFIC news! But it's going to create confusion...

As Microsoft's current page shows, they will be incrementally
releasing microcode by specific processor, keyed to the CPUID.
Since this will create a HUGE DEMAND for people to know what
their own CPUID is, and since it's not obvious, I have updated
GRC's InSpectre app to release #7 to include a report of this:

https://www.grc.com/dev/InSpectre.exe

The internal text is also updated to aim people whose processors
are not yet updated, to the Microsoft knowledgebase page by
searching the Internet for the string "KB4090007":

> https://support.micr...crocode-updates

I have not yet updated the InSpectre homepage to discuss this,
nor have I made release #7 public. I wanted to give everyone
here the opportunity to check it out first. If anything appears
to be wrong with it... I'm all ears! Thanks everyone!!

 

 

Since that news group post was made the release has been uploaded at the link in the first post here.

 

 

ScOmdxp.png


Edited by alt3rn1ty, 09 March 2018 - 08:01 AM.


#12
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,204 posts
A bit off topic but a heads up ..
 
AMD chipset users who escaped the Meltdown vulnerabilities (but some still need a bit of attention for the Spectre vulnerabilities apparently) have a new thing to be concerned with.
 
If you have Ryzen or EPYC then there are some serious flaws (4 types including back doors implanted by a contracted company outside of AMD) which have been revealed (well not just revealed, the security firm made a dedicated website for it, and only gave AMD 1 days notice)
 
 
If you want to know why so little notice was given have a read here http://www.tomshardw...epyc,36660.html


#13
Erik005

Erik005

    Old hand

  • Members
  • PipPipPip
  • 510 posts

 

A bit off topic but a heads up ..
 
AMD chipset users who escaped the Meltdown vulnerabilities (but some still need a bit of attention for the Spectre vulnerabilities apparently) have a new thing to be concerned with.
 
If you have Ryzen or EPYC then there are some serious flaws (4 types including back doors implanted by a contracted company outside of AMD) which have been revealed (well not just revealed, the security firm made a dedicated website for it, and only gave AMD 1 days notice)
 
 
If you want to know why so little notice was given have a read here http://www.tomshardw...epyc,36660.html

 

If you had read just a little bit into the cts-labs you would know it is absolute nonsense, they flashed a custom bios on the system.

 


Edited by Erik005, 15 March 2018 - 10:18 AM.


#14
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,204 posts

 

If you had read just a little bit into the cts-labs you would know it is absolute nonsense, they flashed a custom bios on the system.

 

 

Go to 7 mins and 30 seconds in your video you are presenting as a backup to your claim that this is nonsense, and he says words to the effect of "even if all of this is possible" .. Thats not refuting the claims of CTS, his personal opinion is just making this seem unlikely because CTS have not provided any proof of concept code, which they have also stated

 

 

Q&A: Doesn't this publication put users at risk?

 

No. All technical details that could be used to reproduce the vulnerabilities have been redacted
from this publication. CTS has shared this information with AMD, Microsoft, and a small number
of companies that could produce patches and mitigations.
 

 

Flashing the custom chip among the chipset is only one of the things they claim to have done, which in itself is not insignificant if it is true, it still represents a bad security risk, which imho is not to be sneezed at.

 

Here's a video from someone who's opinion I trust .. Some of it may well turn out to be bogus or not so much of a concern, the company doing this may have some kind of grudge, but I dont think we can just put this down as nonsense ..

 

Go to about 20 mins in on the Security Now podcast

 

https://twit.cachefl...864x480_500.mp4

 

 

Lets see what AMD have to say about this in due course

 

Edit : Just found someone else seems to be sceptical too, suspecting stock manipulation https://www.theinqui...s-torvalds-fake

 

But note that report ends with the following :

 

 

All that being said, CTS-Labs did get Dan Guido, founder of security firm Trail of Bits, to independently review its findings.

 
Guido noted that each flaw does exist and works in the way CTS-Labs claims it does: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works."
 
The security researcher highlighted that while all the flaws do indeed need admin access, they pose a threat by allowing hackers to spread malware from machine to machine or carry out espionage with the use of undetectable malware installed directly on a chip's firmware.

Edited by alt3rn1ty, 15 March 2018 - 01:11 PM.


#15
Erik005

Erik005

    Old hand

  • Members
  • PipPipPip
  • 510 posts

I don't doubt that there might me some bugs, but the whole thing seems off especially the report that says AMD stock is worth $0 and the should file for bankruptcy.

 

They also paid Dan Guido $16.000 for the peer review which is fishy.

 

Also both reports used so many buzzwords to get to investors like espionage and national security.

 

The fixes for Spectre are out, apparently Intel has decided to patch up to sandy bridge, I hope they patch up to the C2D 8xxx/ C2Q 9xxx


Edited by Erik005, 15 March 2018 - 04:06 PM.


#16
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,204 posts

o_O the microsoft fix list for Spectre has grown quicker than expected https://support.micr...crocode-updates

 

When I posted that link 6 days ago they only had two processors covered with that Microsoft boot fix, so it is as they say expanding with more coverage the more Intel adds Spectre Microcode fixes to it.

 

Shouldn't be too long before they have the majority of them done and we can all use that update. Though I think if my machine vendor comes out with the BIOS update I will probably still use that.



#17
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,204 posts

InSpectre has been updated

 

  • Release #8 — Now shows whether an Intel microcode patch is (ever) available for Spectre.
    Intel has finished designing microcode update patches for its processors. On April 2nd, 2018, they announced that processors that have not yet been patches will never be patched. Their full statement is available in this PDF document. In that document, Intel specifies which of their many processors do have patches and which of their more recent processors will never receive updated firmware. Now that the industry has this information, this 8th release of InSpectre incorporates that list of CPUIDs and displays whether microcode firmware updates exist for the system's Intel CPU.


#18
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,204 posts

AMD Spectre mitigation update news https://www.amd.com/...aragraph-290416



#19
TheMastersSon

TheMastersSon

    Old hand

  • Members
  • PipPipPip
  • 890 posts
Two words: Microsoft Detours. Code injection has been legitimized even by Microsoft, Nvidia and others in their drivers, thus computer users have zero confidence that their own machines are ever doing what they appear or claim to be doing. It's legitimized and forced malware, and one of many intentional corruptions of Windows ("TrustedInstaller" etc etc) that have eliminated admin control from Windows end users. So please don't confuse these microcode updates with computer security. CPU manufacturers can release all the firmware updates they wish, the underlying problem imo is this now legitimized code injection concept. It's precisely how much or most malware works, and it may be efficient but the cost is absolute unreliability.

Edited by TheMastersSon, 18 April 2018 - 05:21 PM.






Also tagged with one or more of these keywords: security now, meltdown, spectre, steve gibson, inspectre

Page loaded in: 0.783 seconds