Ars Technica

Syndikovat obsah security – Ars Technica
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Aktualizace: 30 min 34 sek zpět

Spectre, Meltdown researchers unveil 7 more speculative execution attacks

3 hodiny 10 min zpět

Enlarge (credit: Aurich Lawson / Getty Images)

Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. The attacks were named Meltdown and Spectre. Since then, numerous variants of these attacks have been devised. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.

A research team—including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks—has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. The result? Seven new possible attacks. Some are mitigated by known mitigation techniques, but others are not. That means further work is required to safeguard vulnerable systems.

The previous investigations into these attacks have been a little ad hoc in nature: examining particular features of interest to provide, for example, a Spectre attack that can be performed remotely over a network or Meltdown-esque attack to break into SGX enclaves. The new research is more systematic, looking at the underlying mechanisms behind both Meltdown and Spectre and running through all the different ways the speculative execution can be misdirected.

Read 14 remaining paragraphs | Comments

Kategorie: Hacking & Security

Windows 10 October 2018 Update is back, this time without deleting your data

13 Listopad, 2018 - 19:21

Enlarge / This message, shown during Windows upgrades, is going to be salt in the wound.

Just over a month since its initial release, Microsoft is making the Windows 10 October 2018 Update widely available today. The update was withdrawn shortly after its initial release due to the discovery of a bug causing data loss.

New Windows 10 feature updates use a staggered, ramping rollout, and this (re)release is no different. Initially, it'll be offered only to two groups of people: those who manually tell their system to check for updates (and that have no known blocking issues due to, for example, incompatible anti-virus software), and those who use the media-creation tool to download the installer. If all goes well, Microsoft will offer the update to an ever-wider range of Windows 10 users over the coming weeks.

For the sake of support windows, Microsoft is treating last month's release as if it never happened; this release will receive 30 months of support and updates, with the clock starting today. The same is true for related products; Windows Server 2019 and Windows Server, version 1809, are both effectively released today.

Read 8 remaining paragraphs | Comments

Kategorie: Hacking & Security

Another Windows 0-day flaw has been published on Twitter

24 Říjen, 2018 - 16:50

https://t.co/1Of8EsOW8z Here's a low quality bug that is a pain to exploit.. still unpatched. I'm done with all this anyway. Probably going to get into problems because of being broke now.. but whatever.

— SandboxEscaper (@SandboxEscaper) October 23, 2018

SandboxEscaper, a researcher who back in August tweeted out a Windows privilege escalation bug, has published another unpatched Windows flaw on Twitter.

The new bug has some similarities to the previous bug. Windows services usually run with elevated privileges. Sometimes they perform actions on behalf of a user, and to do this they use a feature called impersonation. These services act as if they were using a particular user's set of privileges. After they've finished that action, they revert to their normal, privileged identity.

Both this bug and SandboxEscaper's previous bug depend on improper use of impersonation—specifically, the services in question (last time it was Task Scheduler, this time it's the "Data Sharing Service") revert their impersonation too quickly and end up performing some actions with elevated privileges when they should in fact have been impersonated. The last bug allowed one file to be written over another. In this case, it's a call to delete a file that is improperly impersonated, ultimately giving regular unprivileged users the ability to delete any file on the system, even those that they should have no access to.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

How to make elections secure in the age of digital operatives

24 Říjen, 2018 - 14:10

Video by Chris Schodt, production by Justin Wolfson. (video link)

In our latest episode of Ars Technica Live, we talk about election security. My guest was Alex Stamos, a researcher at Stanford who just happened to be the CSO at Facebook when the company discovered Russian operatives meddling in the US presidential election. He told us about that experience and what's worrying him about the future of US democracy.

It was odd for technical experts like Stamos and his team at Facebook to find themselves at ground zero of a political propaganda war. Stamos explained that infosec researchers are not typically trained to deal with things like weaponized memes. "We had ignored that the vast majority of human harm caused online has no interesting technical component," he said wryly. "It's a technically correct use of the products we build."

Read 26 remaining paragraphs | Comments

Kategorie: Hacking & Security

Meet Helm, the startup taking on Gmail with a server that runs in your home

17 Říjen, 2018 - 18:52

Enlarge (credit: Helm)

There’s no doubt that Gmail has changed the way we consume email. It’s free, it gives most of us all the storage we’ll ever need, and it does a better job than most in weeding out spam and malware. But there’s a cost to all of this. Storing years' worth of messages in a corporate-owned place gives end users less control than many would like. They rightfully worry about Google either being hacked or legally compelled to turn over contents.

On Wednesday, a Seattle-based startup called Helm is launching a service designed to make it easy for people to securely take control of their email and other personal data. The company provides a small custom-built server that connects to a user's home or small-office network and sends, receives, and manages email, contacts, and calendars. Helm plans to offer photo storage and other services later.

With a 120GB solid-state drive, a three-minute setup, and the ability to store encrypted disk images that can only be decrypted by customers, Helm says its service provides the ease and reliability of Gmail and its tightly coupled contacts and calendar services. The startup is betting that people will be willing to pay $500 to purchase the box and use it for one year to host some of their most precious assets in their own home. The service will cost $100 per year after that. Included in the fee is the registration and automatic renewal of a unique domain selected by the customer and a corresponding TLS certificate from Let's Encrypt.

Read 12 remaining paragraphs | Comments

Kategorie: Hacking & Security