Author Archives: Gerald Johnson Jr.

Article:“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws

A major security flaw has been revealed to be prominent in every modern processor. Details can be found below.

Via: Arstechnica

“Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it has been clear that Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it. But nobody knew quite what the problem was, leading to lots of speculation and experimentation based on pre-releases of the patches.

Now we know what the flaw is. And it’s not great news, because there are in fact two related families of flaws with similar impact, and only one of them has any easy fix.

The flaws have been named Meltdown and Spectre. Meltdown was independently discovered by three groups—researchers from the Technical University of Graz in Austria, German security firm Cerberus Security, and Google’s Project Zero. Spectre was discovered independently by Project Zero and independent researcher Paul Kocher.

At their heart, both attacks take advantage of the fact that processors execute instructions speculatively. All modern processors perform speculative execution to a greater or lesser extent; they’ll assume that, for example, a given condition will be true and execute instructions accordingly. If it later turns out that the condition was false, the speculatively executed instructions are discarded as if they had no effect.

However, while the discarded effects of this speculative execution don’t alter the outcome of a program, they do make changes to the lowest level architectural features of the processors. For example, speculative execution can load data into cache even if it turns out that the data should never have been loaded in the first place. The presence of the data in the cache can then be detected, because accessing it will be a little bit quicker than if it weren’t cached. Other data structures in the processor, such as the branch predictor, can also be probed and have their performance measured, which can similarly be used to reveal sensitive information.

Meltdown

The first problem, Meltdown, is the one that stimulated the flurry of operating system patches. It uses speculative execution to leak kernel data to regular user programs.

Our original coverage gave a high-level summary of how operating systems virtualize system memory, the use of page tables to map from virtual memory addresses to physical addresses, how processors cache those mappings, and how the kernel’s page table mapping is shared between processes in order to maximize the value of this special cache.

While all modern processors, including those from Intel, AMD, and ARM, perform speculation around memory accesses, Intel’s processors do so in a particularly aggressive way. Operating system memory has associated metadata that determines whether it can be accessed from user programs or is restricted to access from the kernel (again: our original coverage has more detail about this point). Intel chips allow user programs to speculatively use kernel data, and the access check (to see if the kernel memory is accessible to a user program) happens some time after the instruction starts executing. The speculative execution is properly blocked, but the impact that speculation has on the processor’s cache can be measured. With careful timing, this can be used to infer the values stored in kernel memory.

The researchers say they haven’t been able to perform the same kind of kernel memory-based speculation on AMD or ARM processors, though they hold out some hope that some way of using this speculation offensively will be developed. While AMD has stated specifically that its chips don’t speculate around kernel addresses in this way, ARM has said that some of its designs may be vulnerable, and ARM employees have contributed patches to Linux to protect against Meltdown.

For systems with Intel chips, the impact is quite severe, as potentially any kernel memory can be read by user programs. It’s this attack that the operating system patches are designed to fix. It works by removing the shared kernel mapping, an operating system design that has been a mainstay since the early 1990s due to the efficiency it provides. Without that shared mapping, there’s no way for user programs to provoke the speculative reads of kernel memory, and hence no way to leak kernel information. But it comes at a cost: it makes every single call into the kernel a bit slower, because each switch to the kernel now requires the kernel page to be reloaded.

The impact of this change will vary wildly depending on workload. Applications that are heavily dependent on user programs and which don’t call into the kernel often will see very little impact; games, for example, should see very little change. But applications that call into the operating system extensively, typically to perform disk or network operations, can see a much more substantial impact. In synthetic benchmarks that do nothing but make kernel calls, the difference can be substantial, dropping from five million kernel calls per second to two-to-three million.

Spectre

Owners of AMD and ARM systems shouldn’t rest easy, though, and that’s thanks to Spectre. Spectre is a more general attack, based on a wider range of speculative execution features. The paper describes using speculation around, for example, array bounds checks and branches instructions to leak information, with proof-of-concept attacks being successful on AMD, ARM, and Intel systems. Spectre attacks can be used both to leak information from the kernel to user programs, but also from virtualization hypervisors to guest systems.

Moreover, Spectre doesn’t offer any straightforward solution. Speculation is essential to high-performance processors, and while there may be limited ways to block certain kinds of speculative execution, general techniques that will defend against any information leakage due to speculative execution aren’t known.

Sensitive pieces of code could be amended to include “serializing instructions”—instructions that force the processor to wait for all outstanding memory reads and writes to finish (and hence prevent any speculation based on those reads and writes)—that prevent most kinds of speculation from occurring. ARM has introduced just such an instruction in response to Spectre, and x86 processors from Intel and AMD already have several. But these instructions would have to be very carefully placed, with no easy way of identifying the correct placement.

In the immediate term, it looks like most systems will shortly have patches for Meltdown. At least for Linux and Windows, these patches allow end-users to opt out if they would prefer. The most vulnerable users are probably cloud service providers; Meltdown and Spectre can both in principle be used to further attacks against hypervisors, making it easier for malicious users to break out of their virtual machines.

For typical desktop users, the risk is arguably less significant. While both Meltdown and Spectre can have value in expanding the scope of an existing flaw, neither one is sufficient on its own to, for example, break out of a Web browser.

Longer term, we’d expect a future Intel architecture to offer some kind of a fix, either by avoiding speculation around this kind of problematic memory access or making the memory access permission checks faster so that this time interval between reading kernel memory, and checking that the process has permission to read kernel memory, is eliminated.”

Source: https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/

Don’t pay the Ransom!

If you find that your device has been compromised, and a cyber-criminal is demanding a ransom to release the files or access to your device, DON’T PAY IT.

  • Payment does not guarantee the return of your files.
    • Many cyber-criminals that use ransomware also have their version of helpdesks, which will work with victims to try to convince them to pay the ransom.
    • In some instances they will even release some of the files in a show of “good faith”, yet this alone will not ensure you will get all of your files released, or that they won’t demand more money.
  • Paying the ransom will basically fund their next attack.
    • Often times the amount the cyber-criminals are requesting doesn’t seem as high as expected, however this is because realistically if a home computer is compromised and the requested ransom is $300.00 it’s more likely the victim can and will pay.
    • Funds they receive are used to increase their reach and power.
    • Cyber-criminals rely on their scare tactics to try to get victims to pay.
    • Requesting immediate action gives the user the feeling that they have a limited amount of time to comply with request, or even that they have a limited amount of time to recover their files.
    • Keep in mind that as the cyber-criminals grow with technology, so does law enforcement.
  • If your device has been compromised contact Fordham IT.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.
  • Remember that prevention is the best medicine for all things cyber security.
    • Use antivirus
    • Keep your OS and Antivirus up to date
    • Run regular scans
    • Don’t open suspicious emails (unfamiliar senders, special offers, unexpected request)
    • Don’t download suspicious attachments

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

What is Malware?

Malware is a malicious software that is intended to disable certain files or the entire device it is attached to. There are different types of malware programs that each attack your device differently with the same end game, to infect your device, and hopefully others before you notice you’ve been compromised.

  • Trojan Horse Viruses
    • Similar to the Trojan Horse in the story of Troy, these viruses come in disguised as a legitimate program, and proceed to infect the system.
    • Once on the system Trojans can create a backdoor that can allow a cyber-criminal access to your device, which would in turn give them access to your personal information (SSN, and banking info). Trojans differ in that they do not reproduce by infecting other files, they also do not self-replicate.
  • Viruses
    • Are named for the way they spread, much like the flu, a virus can spread from user to user, but in order to replicate it depends on a host file. Meaning it needs to be downloaded to the device with the file the cyber-criminal created, so that it has access to the malicious code.
    • The goal of the virus is to alter the way the infected device operates. Some of the results include damaging the systems hardware and destroying data.
  • Worms
    • Are a version of malware that is self-replicating, unlike a traditional virus worms do not need to be controlled by a cyber-criminal, and do not rely on any additional computer applications for function.
    • The goal of a worm is to spread malicious code, exploit vulnerabilities, and spread across networks.
  • Pay attention when you’re opening emails
    • Often times we breeze through because we want to clear out inbox, but taking an extra minute to read the senders information and the subject line can keep you proceeded
  • If you don’t know the sender, don’t open the email or download any attachments.
    • Even if the sender is someone you’re familiar with or do business with, pay attention to the subject line, senders email address, and body of the email. Look for spelling mistakes, hover over any URLS to see where they will take you (DO NOT CLICK ON ANY SUSPICIOUS LINKS) and if possible contact the sender to verify the contents of the email.

Detailed information regarding Ransomware and Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Keep antivirus protection up to date. Get your free Antivirus software from Fordham University.

Using and keeping your Antivirus up to date is one of the major steps you can take to protect you from a Cyber Attack.

  • Tips for shopping for “Antivirus”
    • Like any other major purchase (while the cost may be competitive the use of the tool itself is a major key for cyber security) you should do a bit of research before grabbing something off of the shelf.
    • Consider your OS (operating System) while many major Antivirus’ should work cross platform, it wouldn’t hurt to look for a brand that is OS specific (Mac or Windows).
    • What are your needs? Do you use your device to surf, shop, game or just view and respond to emails?
    • Knowing what you need will help you determine how much protection you’ll want to buy.
    • If your current device is up to date, you may wish to locate an antivirus provider that will support your devices’ current OS.
    • Try to narrow down your search to a handful of hopefuls, then see if they offer free trials and give them a whirl.
    • The time you take to test drive each provider could help you find the right fit for your device, needs and budget.

Follow this link to get your free Antivirus issued through Fordham University: Bitdefender Endpoint Security Tools for Windows or Bitdefender Endpoint Security for Mac

https://www.fordham.edu/info/20623/information_security/3853/antivirus_protection

For more information on selecting an Antivirus visit: https://www.lifewire.com/antivirus-software-for-your-pc-152983

Don’t forget to back those files up!

Each OS offers automatic system backups, which can prevent forgetting and not having everything backed up to date.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

What is Ransomware?

Ransomware is malicious software that is installed onto your device once it is compromised, that will both take over important files on the device, or the entire device, and request a ransom be paid for the user to regain access. While ransomware isn’t new to the cyber criminals resume, other advances in technology have made it easier to request and receive untraceable payments. Making ransomware a very attractive option for cyber criminals.

  • Don’t pay the Ransom!
    • If you receive a message on your device indicating that you have been compromised, DISCONNECT your device from the internet so the malicious software isn’t spread.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.
    • There may be ways without paying to recover the files that are being ransomed.
  • BACK UP ALL YOUR IMPORTANT FILES.
  • Ransomware is banking on you desperately needing the files they’ve attacked, keeping your files backed up in different locations can reduce the effectiveness of this type of attack on your device.
    • Use an external hard drive these have recently become more affordable, and portable.
    • Fordham students and employees have access to unlimited storage on Google Drive, this can be used to help free up space on your device.
    • For important files backing up on an external device and using encryption would be ideal.
  • Prevention is the best medicine.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.fyhu

Take Fordham’s Cyber Security Awareness training.

 

 

Do you know the latest solutions for lowering your risk of getting hacked? Find out by taking our free, self-paced online Cyber Security Awareness training. It can be found under “My Organizations” in Blackboard, accessed at fordham.blackboard.com.

  • Stay informed.
    • Visit our website: itsecurity.blog.fordham.edu
    • We will be sure to keep you in the know with trends and possible breaches.
    • Follow us on social media as well for quick informative updates!
      • Twitter – @FordhamSecureIT
      • Facebook – @FordhamSecureIT

Other reputable news sources also include cyber security resources.

Such as

Just to name a few.

  • Find a source you trust and visit it frequently.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Monitor all your accounts for suspicious activity.

  • Keep an eye on the activity on all of your accounts.
    • Review your bank statement and make sure there haven’t been any purchase or debits you don’t recognize.
    • Check your trash in your email accounts, hackers will delete login notifications, but not all of them think to empty the trash as well.
    • Have amazon or something similar? Check your order history and make sure there isn’t anything there you didn’t order.
    • Social media? Check your DM’s and make sure there aren’t any messages there you haven’t sent.
    • Go into your settings and check that things are still as you set them up.
    • Verify security questions are the same.
    • If there is a recovery email that it is the one you use.
    • If you get spam emails, flag them so your email provider can update their information and to keep your mail box clean.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Be wary of tech support scams, cold calls or web browser popups.

  • Most scams use tech support chats or messages with an 800 number to get your attention.
    • If the hacker is using the chat, they may try to convince you they need your IP address to help you diagnose and remedy your device. Giving up this information would allow the hackers full access to your computer.
    • If you receive a pop up message requesting immediate action, remember your computers security system may ask you to update software or run a scan, it wouldn’t request your login information or that you call to speak to someone.
    • If you aren’t sure if the pop up is legitimate or not call your security provider directly, use a phone number you have for them and not one that may appear in the pop up.

 

  • If you get an unexpected phone call or text message requesting immediate action, ignore it!
    • Again similar to the pop ups your provider wouldn’t be contacting you unless you initiated contact.
    • Hang up if you get a call requesting immediate action, or requesting you go online and allow the tech to remotely connect to your system.
    • If you receive a text message with a phone number, do not call that number.
    • Again if you want to be sure your device is safe, contact your security provider directly.

If you believe you received a call that is a scam, report it!

Reports about fraudulent calls and pop ups can be made at

Ftc.gov/complaint

For more information and tips on safety visit:

Federal Trade Commission

https://www.consumer.ftc.gov/articles/0557-tech-support-scams-infographic

Microsoft

https://blogs.microsoft.com/on-the-issues/2017/05/18/fight-tech-support-scams/

Important info from this article

“Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.

Do not call the number in a pop-up window on your device. Microsoft’s error and warning messages never include a phone number.

Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.”

–Gregoire, Courtney

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Identity Protection Tips

 

One of the easiest things you can do to protect yourself is create a strong password. We’ve all struggled with meeting the criteria for some passwords (8 characters, one number, ect); however the sites that request these types of passwords are protecting their users by ensuring secure passwords.

  • Passphrases are the in!
    • As technology continues to grow and expand, so do the hackers and their abilities. Simply hashing your password isn’t enough anymore (h@$h1n6 P@55w0rd$) hackers have developed software that will help them crack passwords that use these characters.
    • Instead come up with a passphrase that consist of four or more unrelated words.
      • For example: PumpkinKartMineLoft. Simple words that the user can remember, but would be incredibly hard for a program to crack. 
  • If you’re worried you won’t be able to remember a phrase, then try hashing your password in different ways.
  • Try to avoid the common uses for special characters, instead try to use a varied combination of numeric and alphabetic characters.
    • If your password is elevator, try entering it as E13va70R

So what we did was capitalize the E then use the numbers 1 and 3 for the l and the next e we kept the v and capitalized the a then changed the t for a 7 the o for a zero and capitalized the r. This is just an example, play around with combinations that you are comfortable with and can remember.  Mixing up the alpha and numeric characters, along with capitalization can help keep your accounts safe.

  • Use two factor authentication whenever possible.
  • Some sites offer this additional protection which will require you enter and additional piece of information or have access to another piece of equipment.

For more insight and stats visit https://xkcd.com/936/

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Guard Yourself Against Identity Theft

Protecting your identity while online is one of the biggest steps you can take to prevent yourself from being a target of a cyber-attack or identity theft.  While many of us may think it won’t happen to me, or why would anyone want to steal my identity? Hackers are equal opportunity and will search for vulnerable users to exploit. Here are a few simple tips to lower your risks.

  • Don’t over share.
    • Things such as your date of birth, children’s, or pet’s names can be used to try to determine your password.
    • Vary your user names, while it may be hard to remember them all for different sites it will ensure if one account is compromised they won’t all be.
    • Try to avoid user names that give up too much information as well. Avoid using your email handle as your user name, while it may help you keep track, again if the account is compromised now your email address may be compromised as well.
    • Consider having two separate email addresses. One you use strictly for banking and other financial needs, the other for social media and shopping.
      • This could help identify a phishing email, if say you get a message about your bank or credit card account, and it’s linked to a different email address.
  • Be selective with who you add on your social media sites.
    • If you aren’t personally familiar with the person sending the request you may wish to ignore or deny that request.
      • Many hackers/scammers use social media to try to either scam users into sending them money or to hack their account to get the users contact info, as well as the contact for their friends.
  • Use different passwords for each site.
    • Having different user name and password combinations will help keep your accounts protected.
      • This would be especially helpful for your online banking accounts or credit card accounts.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.