kraven + itsicherheit_speicher_aslr   4

Reading privileged memory with a side-channel
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. So far, there are three known variants of the issue: Variant 1: bounds check bypass (CVE-2017-5753), Variant 2: branch target injection (CVE-2017-5715), Variant 3: rogue data cache load (CVE-2017-5754). Before the issues described here were publicly disclosed, Daniel Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their [writeups/blogposts/paper drafts] are at: Spectre (variants 1 and 2), Meltdown (variant 3) [NB: Fuck you Intel, mein nxter Rechner wird non-intel].
google project zero, 03.01.2018
itsicherheit_exploit_flaw  itsicherheit_malware_spyware  itsicherheit_speicher_aslr  itsicherheit_hardware  itsicherheit_implementierung  itsicherheit_os  unternehmen_intel  sicherheitsforschung_itsicherheit  software_os_linux  software_os_windows  software_os_mac  software_os_kernel  unternehmen_amd  unternehmen_arm  tech_hw_chip_cpu  tech_hw_chip_cpu_cache  itsicherheit_cpu_meltdown_spectre  itsicherheit_seitenkanal_analyse_angriff 
january 2018 by kraven
New ASLR-busting JavaScript is about to make drive-by exploits much nastier
Now, researchers have devised an attack that could spell the end of ASLR as the world knows it now. The attack uses simple JavaScript code to identify the memory addresses where system and application components are loaded. When combined with attack code that exploits vulnerabilities in browsers or operating systems, the JavaScript can reliably eliminate virtually all of the protection ASLR provides. The technique, which exploits what's known as a side channel in the memory cache of all widely used modern CPUs, is described in a research paper published on Wednesday. The researchers have dubbed the technique ASLR Cache or AnC for short. The researchers said the side channel attack is much more damaging than previous ASLR bypasses, because it exploits a micro-architectural property of the CPU's that's independent of any operating system or application running on it. Whereas heap spraying and other forms of ASLR bypass can often be mitigated by software tweaks, there isn't much that can stop or lessen the effects of the JavaScript, which targets a CPU's MMU, or memory management unit.
ars technica, 15.02.2017
software_javascript  itsicherheit_exploit_flaw  tech_hw_chip_cpu_mmu  tech_computer_ram  itsicherheit_software_browser  uni_nl_vua  itsicherheit_speicher_aslr  itsicherheit_seitenkanal_analyse_angriff 
february 2017 by kraven
It might be time to stop using antivirus
Former Firefox developer Robert O'Callahan, now a free agent and safe from the PR tentacles of his corporate overlord, says that antivirus software is terrible, AV vendors are terrible, and that you should uninstall your antivirus software immediately—unless you use Microsoft's Windows Defender, which is apparently okay. A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser." Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV. The man-in-the-middle nature of antivirus also causes a stream of TLS (transport layer security) errors, says Schuh, which in turn breaks some elements of HTTPS/HSTS.
ars technica, 27.01.2017
software_anti_malware_virus  software_os_windows  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  itsicherheit_software_browser  krypto_tls  krypto_verschlüsselung_kommunikation  itsicherheit_speicher_aslr  itsicherheit_sandbox_isolierung 
january 2017 by kraven
Flaw in Intel chips could make malware attacks more potent
ASLR, short for "address space layout randomization," is a defense against a class of widely used attacks that surreptitiously install malware by exploiting vulnerabilities in an operating system or application. Now, academic researchers have identified a flaw in Intel chips that allows them to effectively bypass this protection. The result are exploits that are much more effective than they would otherwise be. Abu-Ghazaleh and two colleagues from the State University of New York at Binghamton demonstrated the technique on a computer running a recent version of Linux on top of a Haswell processor from Intel. By exploiting a flaw in the part of the CPU known as the branch predictor, a small application developed by the researchers was able to identify the memory locations where specific chunks of code spawned by other software would be loaded. In computer security parlance, the branch predictor contains a "side channel" that discloses the memory locations. On Tuesday, the researchers presented the bypass at the IEEE/ACM International Symposium on Microarchitecture in Taipei, Taiwan. Their accompanying paper, titled "Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR," proposes several hardware and software approaches for mitigating attacks.
ars technica, 19.10.2016
tech_hw_chip_intel  itsicherheit_exploit_flaw  uni_us_uc_riverside  uni_us_bu  itsicherheit_speicher_aslr  itsicherheit_seitenkanal_analyse_angriff 
october 2016 by kraven

Copy this bookmark: