Expect the Spectre....and Meltdown Soon

[FrgMstr]

Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon. We all know this is coming, but just when has been the real question. As Intel is scrambling to get fixes out that do not cause more problems than those fix, we can be thankful that no actual real instances of Spectre or Meltdown have actually been found in the wild as of writing this. It has been confirmed by Mozilla that Spectre is deliverable through a simple JavaScript on a web page, so you might be a little extra careful when clicking. Thanks Joe!


According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities.

Researchers from AV-TEST have detected 119 malware samples that are related to the aforementioned CPU vulnerabilities.

 

[RogueTadhg]

Makes finding our way through "DOWNLOAD NOW" buttons much more dangerous. Choose the correct button and win glorius prizes. Select any other wrong ones and you'll need to buy a new computer.

 

[Rahh]

 

[Mega6]

Releasing exploit data before there is a real fix.. way to go.

 

[heatlesssun]

Releasing exploit data before there is a real fix.. way to go.

The nature of the this problem is so pervasive that getting fixes out across the board and doing adequate testing without the details of these issues being known simply isn't possible.

 

[Schtask]

Releasing exploit data before there is a real fix.. way to go.

Say what? The core principles and proof of concept code within the exploits themselves was released in a white paper as Spectre / Meltdown was announced. TBH I expected that we would see these in the wild already. Guess threat actors decided there are better ways to get this data (there are).

 

[Kongar]

So this flu season sux - been out of the loop for a week. Where do we stand today with this nonsense? Last week it was "sorry Ivy Bridge users - no updates for you" Is that still the case, and if so, are we really facing a future where any misclick on a webpage could compromise the security of our PCs? It's just mind boggling to think about.

 

[Krenum]

Is this spector / Meltdown fiasco known to kill SSD Drives? One of my 240gb drives just died

 

[Mega6]

The nature of the this problem is so pervasive that getting fixes out across the board and doing adequate testing without the details of these issues being known simply isn't possible.

Say what? The core principles and proof of concept code within the exploits themselves was released in a white paper as Spectre / Meltdown was announced. TBH I expected that we would see these in the wild already. Guess threat actors decided there are better ways to get this data (there are).

And the release of this high Exploit did not draw the attention of hackers and accelerate hack development targeting this specific vulnerability?

 

[BSmith]

This just keeps getting better and better. Might as well just block all Javascript now. Oh wait, we can't without breaking most sites on the Internet. Wonderful.

 

[Eyeball Kid]

Will anti-virus software not catch this?

 

[Dead Parrot]

So this flu season sux - been out of the loop for a week. Where do we stand today with this nonsense? Last week it was "sorry Ivy Bridge users - no updates for you" Is that still the case, and if so, are we really facing a future where any misclick on a webpage could compromise the security of our PCs? It's just mind boggling to think about.

Worse. A few days ago, Microsoft issued a patch to roll back the patches that Intel released because the Intel patches were breaking more stuff then they fixed. So if you have a fully updated system, you have no protection against this. At least on a Windows Intel system.

Sad that script blockers are fast becoming the first and apparently the most effective line of defense against this crap.

 

[heatlesssun]

And the release of this high Exploit did not draw the attention of hackers and accelerate hack development targeting this specific vulnerability?

No doubt this disclosure did draw the attention of hackers. I'm just saying that there's no way to fix an problem this pervasive effectively before it being disclosed because of the level of testing involved. Trying to fix it under wraps effectively across all effected platforms simply isn't possible.

 

[heatlesssun]

Will anti-virus software not catch this?

As is always the case with anti-virus, maybe. But hackers do go to great lengths these days to bypass anti-virus.

 

[drescherjm]

Is this spector / Meltdown fiasco known to kill SSD Drives? One of my 240gb drives just died

No. That is very unlikely.

 

[drescherjm]

Will anti-virus software not catch this?

AV always is in catch up mode.

 

[ChadD]

Releasing exploit data before there is a real fix.. way to go.

We'll when you tell companies about it months before you release it and they mostly put their fingers in their ears what are you to do... well they didn't just put their fingers in their ears. As I understand it some CEOs sold all their stock instead of driving the fixes out the door. lol

 

[drescherjm]

I don't think everyone would want to use a raspberry pi to replace their desktop PC. AMD and Intel are both vulnerable and have been so to Spectre for every CPU sold in at least the last 2 decades. That is except for a few low power CPUs that don't use out of order execution.

 

[ChadD]

Will anti-virus software not catch this?

Considering that these use legit features of your CPU.. unless your Anti virus is intercepting everything and preventing code from using those CPU funcitons. No no AV will not catch this. Perhaps they can catch some specific bits of web script but I doubt there is much they can do outside the most common recycled type of malware. I believe heuristic type scanning would be useless.

 

[BSmith]

You do know the cryptocrazies will be the first ones to take advantage of this? Everyone's computer will be minng for someone,

Just freaking awesome! Yes, I have firmly affixed my tin foil hat to me noggin, but now I wonder if the aluminum can be hacked!

 

[ChadD]

You do know the cryptocrazies will be the first ones to take advantage of this? Everyone's computer will be minng for someone,

Just freaking awesome! Yes, I have firmly affixed my tin foil hat to me noggin, but now I wonder if the aluminum can be hacked!

Only if you bought Intel brand foil.

 

[Kongar]

Worse. A few days ago, Microsoft issued a patch to roll back the patches that Intel released because the Intel patches were breaking more stuff then they fixed. So if you have a fully updated system, you have no protection against this. At least on a Windows Intel system.

Sad that script blockers are fast becoming the first and apparently the most effective line of defense against this crap.

Thanks for the update - crazy stuff. Sucks that the patches were causing problems - but they'll get that sorted out. The real issue I can't come to grips with is that there's no fix coming for many modern-ish systems like my ivy bridge. I can't see my script blocker and my safe browsing habits being effective here. Every once and a while you have to turn scripts on because a website requires it, and if you're paranoid you'd do that in a virtual machine. But that doesn't even work in this case.

It's like my computers are destined to become part of a botnet no matter what I do. To fix, I just have to open up my wallet and buy a new gaming rig, a new laptop for the wife, a new HTPC for the home theater, and I can't do the old "hand me down" approach that works for so many families. Strange times indeed.

 

[kju1]

Releasing exploit data before there is a real fix.. way to go.

Ever heard of a forcing function? Also Intel was informed before Spectre/Meltdown was publicized so I am not sure what your point is.

You do know the cryptocrazies will be the first ones to take advantage of this? Everyone's computer will be minng for someone,

Just freaking awesome! Yes, I have firmly affixed my tin foil hat to me noggin, but now I wonder if the aluminum can be hacked!

Your brain has already been hacked. Deal with it.

 

[Chebsy]

Quote "Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon"

Couldn't you fit any more "soon's" in that sentence Kyle ??

 

[Schtask]

Is this spector / Meltdown fiasco known to kill SSD Drives? One of my 240gb drives just died

Nah. Definitely not due to this.

 

[kju1]

Quote "Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon"

Couldn't you fit any more "soon's" in that sentence Kyle ??

Soon he will be able to. Soon.

 

[Schtask]

And the release of this high Exploit did not draw the attention of hackers and accelerate hack development targeting this specific vulnerability?

Umm.... Yes. That's the point. From the beginning. Please believe that they wouldn't have publicly released the details if they thought it wasn't already being looked at by advanced threat actors. It's not like spectre / meltdown are the first iteration of this kind. AnC uses similar (but different) principles and that's almost two years old. Breaking ASLR and KASLR has always been a target. A big one. Spectre / Meltdown does this in a big way...but so do others.

All this being said... There are better methods out there that allow for credential harvesting. TAs know this...and will take the path of least resistance (usually).

In general, public release forces vendors to get their shit together and fix it. That's why it is done.

 

[heatlesssun]

Soon he will be able to. Soon.

But Kyle's a Texan, how could he be a Sooner?

 

[Schtask]

Will anti-virus software not catch this?

Depends on the AV. If the exploits are deployed client side in a specific payload that has other functions...maybe. The raw script itself...Probably not since it exists in the lower rings.

 

[Schtask]

You do know the cryptocrazies will be the first ones to take advantage of this? Everyone's computer will be minng for someone,

Just freaking awesome! Yes, I have firmly affixed my tin foil hat to me noggin, but now I wonder if the aluminum can be hacked!

The type of attack you mentioned would gain very little if no benefit from Spectre / Meltdown. If you want to look at crypto mining based attacks, I would suggest starting with Adylkuzz.

 

[Mega6]

Ever heard of a forcing function? Also Intel was informed before Spectre/Meltdown was publicized so I am not sure what your point is.

Because Intel was informed, the hacker community was therefore informed? Intel / Google / AMD have less than zero motivation to do anything but keep it under wraps. Plus the story breaking six months down the road shows that.

 

[Lunas]

Is this spector / Meltdown fiasco known to kill SSD Drives? One of my 240gb drives just died

No but it does give an attacker full undetectable access to do whatever they wish...

 

[Schtask]

No but it does give an attacker full undetectable access to do whatever they wish...

From memory. Bandwidth is pretty low on these attacks, so it could take forever for them to find what they are looking for to begin with. That might improve over time though. Just too man unknowns right now to be absolutely sure.

 

[BSmith]

"Java" is now reached 4 letter word status with me.

 

[Gigus Fire]

ad blockers just became needed.

 

[WhoBeDaPlaya]

Makes finding our way through "DOWNLOAD NOW" buttons much more dangerous. Choose the correct button and win glorius prizes. Select any other wrong ones and you'll need to buy a new computer.

How else am I going to see Paris Hilton / <favorite fap bait> naked?

 

[kju1]

How else am I going to see Paris Hilton / <favorite fap bait> naked?

Paris? Puhleeze shes on like every porn site out there...

Because Intel was informed, the hacker community was therefore informed? Intel / Google / AMD have less than zero motivation to do anything but keep it under wraps. Plus the story breaking six months down the road shows that.

Why does the hacker community need to be informed before a fix is in place? You specifically bitched about how the data was released before a fix. The vendors are responsible for the fixes not the "hacker community".

Also it "breaking six months down the road" shows nothing besides the individuals/companies that found it giving vendors 6 months of a head start to fix it.

 

[WhoBeDaPlaya]

Paris? Puhleeze shes on like every porn site out there...

Okay then. How else am I going to see Kyle naked? Bone closet?

 

[Khahhblaab]

The nature of the this problem is so pervasive that getting fixes out across the board and doing adequate testing without the details of these issues being known simply isn't possible.

Yeah. Here is another place that is checking on the overall progress: https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help

Looks like microcode is buggy and browser updates dont remove all possibilities. Gonna take a while longer. Sucks that performance will take a hit.

 

[kju1]

Okay then. How else am I going to see Kyle naked? Bone closet?

Try asking..but be careful what you ask for.