|
Wiggly Wayne DDS posted:must have gotten a great replacement to burn that one publicly oh huh yeah reported by ncsc, guess they have to release sonething big looking from time to time to show willing?
|
#
?
May 14, 2019 20:32
|
|
|
|
| # ? Apr 19, 2024 19:03 |
|
|
BangersInMyKnickers posted:Yeah I think that's why it doesn't impact newer OS's, they stopped supporting legacy RDP auth because that all old lovely XP/2003 could do but we're well pass end of their service life and MS is actually shutting off legacy protocols by default in their new releases yeah, NLA is required on windows 8+/server 2012+ so they are safe. they should have switched it so have you turn NLA explictly off with an update for 7/2008r2 when xp/2003 went eol but that's microsoft 
|
|
#
?
May 14, 2019 20:32
|
|
|
BangersInMyKnickers posted:ah, its the legacy RDP and you can mitigate with NLA. This isn't so bad unless your shop completely sucks rear end. push a GPO to only support RDP with NLA and you're covered, no patch needed that only mitigates the unauthenticated attack. it sounds like if you have valid creds you basically get a privilege elevation exploit
|
|
#
?
May 14, 2019 20:34
|
|
|
Shaggar posted:that only mitigates the unauthenticated attack. it sounds like if you have valid creds you basically get a privilege elevation exploit Yeah I believe that but still better than nothing
|
|
#
?
May 14, 2019 20:38
|
|
|
let's add this bullshit to the pile today: https://cpu.fail/ all intel cpus since nehalem vulnerable to some degree of side channel attacks, some of which can only be mitigated fully by disabling hyperthreading entirely yikes
|
|
#
?
May 14, 2019 20:43
|
|
|
BangersInMyKnickers posted:Yeah I believe that but still better than nothing its good worm potential. I wonder if limiting RDP users works or if the exploit occurs after authentication but before authorization
|
|
#
?
May 14, 2019 20:54
|
|
|
If anyone needs to push this manually via reg keys for non-gpo systems, NLA Required: HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Dword:UserAuthentication value 1 128-bit encryption only: HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Dword:MinEncryptionLevel value 3 TLS 1.0 only: HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Dword:SecurityLayer value 2 Encrypted RPC Calls: HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Dword:fEncryptRPCTraffic value 1
|
|
#
?
May 14, 2019 20:58
|
|
|
my credit union used to use a transfer system with an arbitrary code-word field like that. my spidey sense tingled pretty hard the one time i used it
|
|
#
?
May 14, 2019 21:07
|
|
|
Number19 posted:let's add this bullshit to the pile today: https://cpu.fail/ these are the "Lenovo microcode" CVEs we were talking about earlier
|
|
#
?
May 14, 2019 21:25
|
|
|
pseudorandom name posted:these are the "Lenovo microcode" CVEs we were talking about earlier oh ok. there's been a lot of poo poo flying around today
|
|
#
?
May 14, 2019 21:29
|
|
|
I'm getting really loving sick of meltdown may
|
|
#
?
May 14, 2019 21:30
|
|
|
Sereri posted:Blow it out your aes holy poo poo
|
|
#
?
May 14, 2019 21:35
|
|
|
up next, spectre september
|
|
#
?
May 14, 2019 21:36
|
|
|
Its the ghost of applications past!
|
|
#
?
May 14, 2019 21:53
|
|
|
Lain Iwakura posted:https://twitter.com/business/status/1128294423585071104?s=20 the bbc this morning covered the story by opening with "hackers have broken whatsapp's secure encryption!" guys words mean things
|
|
#
?
May 14, 2019 22:10
|
|
|
the pitbull glock but with computer
|
|
#
?
May 14, 2019 22:29
|
|
|
All Computers Are Broken!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
#
?
May 14, 2019 22:35
|
|
|
Computer Serf posted:All Computers Are Broken!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! this is true tho
|
|
#
?
May 14, 2019 22:49
|
|
|
the amd ones seem fine for now. probably something to do with having actual consideration for security implications in their architecture instead of blindly chasing IPC gains
|
|
#
?
May 14, 2019 22:50
|
|
|
so I’ve only heard blurbs about the WhatsApp attack while traveling, did they break out of the iOS sandbox or did the hack just affect WhatsApp, the news snippets made it sound like they could get complete control of the phone but “Infosec journalism”
|
|
#
?
May 14, 2019 23:03
|
|
|
BangersInMyKnickers posted:the amd ones seem fine for now. probably something to do with having actual consideration for security implications in their architecture instead of blindly chasing IPC gains is this true? or is it just coincidence that intel has been hit harder so far
|
|
#
?
May 14, 2019 23:20
|
|
|
BangersInMyKnickers posted:the amd ones seem fine for now. probably something to do with having actual consideration for security implications in their architecture instead of blindly chasing IPC gains it turns out that when you cheat and cut corners with your designs with the goal of improving speed at any cost you tend to create security vulnerabilities. i'm kind of laughing at the fact that the hardware fixes in the newest coffee lake processors seem to make at least meltdown easier, probably because intel rushed to fix the problem without really paying full attention to the implications of their fix
|
|
#
?
May 14, 2019 23:22
|
|
|
Lutha Mahtin posted:is this true? or is it just coincidence that intel has been hit harder so far amd had some exposure to spectre like everyone else did, but none of the other side-channel attacks seem to have affected them (or at least there is no proven exploit for AMD to date)
|
|
#
?
May 14, 2019 23:26
|
|
|
wyoak posted:so I’ve only heard blurbs about the WhatsApp attack while traveling, did they break out of the iOS sandbox or did the hack just affect WhatsApp, the news snippets made it sound like they could get complete control of the phone but “Infosec journalism”
|
|
#
?
May 14, 2019 23:39
|
|
|
Computer Serf posted:All Computers Are Broken!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
#
?
May 14, 2019 23:59
|
|
|
animist posted:up next, spectre september ... what happened to June, July and August?
|
|
#
?
May 15, 2019 00:05
|
|
|
endlessmonotony posted:... what happened to June, July and August? buffer overflow corrupted the next-month pointer
|
|
#
?
May 15, 2019 00:18
|
|
|
wyoak posted:so I’ve only heard blurbs about the WhatsApp attack while traveling, did they break out of the iOS sandbox or did the hack just affect WhatsApp, the news snippets made it sound like they could get complete control of the phone but “Infosec journalism” I was curious about this. It supposedly effects Android, iOS, and Windows Phone. If it really has all of the surveillance capabilities stated in some of the articles, I'd imagine it's a serious deal if they were able to craft an attack that works for multiple very different platforms and get out of sandboxing in each. It's supposedly government sponsored, so maybe they had tons of resources, but that still seams like a Big Problem either way. Soricidus posted:buffer overflow corrupted the next-month pointer The date still seems fine to me. I'm looking at my calendar and it's still 2018-17-14 so I don't see any problems there. pseudorandom fucked around with this message at 04:19 on May 15, 2019 |
|
#
?
May 15, 2019 04:16
|
|
|
endlessmonotony posted:... what happened to June, July and August? black hat/def con talk hype wasteland
|
|
#
?
May 15, 2019 05:44
|
|
|
realistically AMD has missed all the side channel attacks because they don’t have the resources to go fast, but the end result is still funny
|
|
#
?
May 15, 2019 05:52
|
|
|
pseudorandom posted:It supposedly effects Android, iOS, and Windows Phone. no, it doesn't 
|
|
#
?
May 15, 2019 05:58
|
|
|
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html lmao intel strikes again
|
|
#
?
May 15, 2019 06:44
|
|
|
Truga posted:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html i like how that page implies hyperthreading is barely worth anything, despite it being the main selling point of their top-tier desktop processors over lower-tier ones for the better part of a decade.
|
|
#
?
May 15, 2019 07:01
|
|
|
Mr.Radar posted:i like how that page implies hyperthreading is barely worth anything, despite it being the main selling point of their top-tier desktop processors over lower-tier ones for the better part of a decade. Yeah, that confused me too. Like: Hyperthreading was their big dunk on AMD for nearly 5 years, and is still regularly referenced in performance tests as an Intel advantage.
|
|
#
?
May 15, 2019 14:22
|
|
|
AMD is about to have superior 4-way SMT across their entire range of of Zen2 silicon while Intel is constantly telling people to turn it off because theirs is a liability and they can only do 4-way on their most high-end xeons. Of course they're going to be downplaying it now
|
|
#
?
May 15, 2019 14:40
|
|
|
BangersInMyKnickers posted:AMD is about to have superior 4-way SMT across their entire range of of Zen2 silicon while Intel is constantly telling people to turn it off because theirs is a liability and they can only do 4-way on their most high-end xeons. Of course they're going to be downplaying it now
|
|
#
?
May 15, 2019 15:03
|
|
|
mystes posted:Isn't it also possible that Intel has simply realized that HT is going to be a continuing source of processor vulnerabilities affecting cloud platforms, which are a major part of their business now, so they're trying to lay the groundwork for eventually deprecating it entirely? No. HT benefits are too significant, Intel just got incredibly lazy in their pursuit of IPC gains and shot themselves in the foot hard. The tech, at its core, is extremely good and here to stay. More could be done at the OS resources scheduler to keep low integrity threads off the same virtual core as something with high integrity handling key material or whatever but that's some heavy lifting to do and will take a while to get there. AMD isn't having these problems because they did some amount of sanity checking on their speculative execution instead of letting it run loving wild like Intel.
|
|
#
?
May 15, 2019 15:12
|
|
|
there's probably some amd designer that's been spending years trying to do fast speculative execution that doesn't leak a bunch of state between virtual cores, and being frustrated that they just can't quite get it as fast as intel. i guess they'd be feeling a little vindicated now.
|
|
#
?
May 15, 2019 17:39
|
|
|
Is Chronicle’s Backstory IDS any good? I heard an interesting sponsor thing on Risky Business but that guy gives good interview so it might not actually be good? 
|
|
#
?
May 15, 2019 19:15
|
|
|
|
| # ? Apr 19, 2024 19:03 |
|
|
So I don't exactly know what to make of this, but Lenovo lists at least 4 AMD systems on their page of systems vulnerable to MDS which will get patches, specifically the ThinkPad A-series. Unfortunately my T420 isn't on that list yet. 
|
|
#
?
May 15, 2019 20:21
|
|
