Meltdown / Spectre

OK, I am late to the party. In fact, I started the first draft of this post on January 25, 2018 🙈

Since then, a lot has happened, but it is safe to say that the whole bug class that was introduced with Meltdown and Spectre is still going strong even more than 6 years later.

On the plus side, such side-channel-attacks typically have a very low bandwidth. In other words, it takes a long time to exfiltrate reasonable amounts of data.

In my opinion, the press poorly explained what is behind the Metdown and Spectre attacks. This was the Original Publication 

Red Hat provided this excellent analogy: the baristas at your coffee shop optimize in that they prepare the usual beverage for frequent customers and they even write the names of the customers to the cup. When the customers switch places, they have to throw away the cups with the coffee inside. However: the onlooker is able to get a glimpse of the names on the cups.

An early question was if Intel SGX Eclaves be used to conceal this kind of attack? Daniel Gruss et al. looked at this and found that indeed, SGX play well together with this bug class, which is bad news for all Hyperscalers.

Accidentially Turing Complete

In the (German) Podcast "INNOQ Security Podcast", Episode "Parsen statt Validieren" I discovered a funny concept: "Accidentally Turing complete Software". 

This means that a piece of Software, often a parser, by chance provides everything a computer provides (or in other words, allows to calculate everything that can be calculated).

In other words, if you control the input to this parser (for example a JPEG Parser), you can basically write arbitrary programs that the parser will then happily execute. Depending on the privileges the parsers process has, this can have annoying to devastating effects.

That is one of the reasons why the principle of least privilege is so important: never give a part of your system higher privileges than required.

Matt Rickhard has compiled a small list of accidentially Turing complete Software.

Andreas Zwinkau compiled an even larger list.

The probably most impressive abuse of this was the specially created PDF that NSO used to inject Pegasus into iPhones (although it is debatable of this accidental or intended Turing completeness).

Funny enough, this story is related to this excellent talk by David Kriesel: "Lies, damned lies and scans" where David has shown that Xerox printers used to optimize PDFs just a little too much.

My take on "Recall" by Microsoft

Microsoft has announced a new Feature called "Recall" that essentially takes a continuous stream of screenshots and announced it in the same press release where they announced new DLP controls in Edge Enterprise (see Risky Business #750 -- Why Microsoft's Recall is an attacker's best friend).

Kevin Beaumont has a nice analysis on X.

So apparently, this data is being stored in a good old SQLite  (nothing against SQLite - it is a nice DB).
However, if this DB gets into the wrong hands (like the hacker that wants to find out how you run your business) this can be devastating.

How well this correlates to "we take security seriously" is beyond me.

Getting back the "lost" partition of a USB Stick after the installation of Tails

 If you install the secure Linux Distribution Tails on a modern USB stick using Windows, you will likely no longer see the USB stick in Explorer.

That is nor suprising, as Tails removes all partitions (yes, all your data will be gone!) and then creates a 1.37 Gb primary partition where Tails will reside. The rest will remain free (without partition).

(Totally use this info on your own risk - you have been warned)

To fix this, just run good old diskpart (see also here) as an administrator.
In my example, the USB Drive is regonised as Disk 1:

DISKPART> LIST DISK 
DISKPART> SELECT DISK 1
DISKPART> CREATE PRIMARY PARTITION 

This creates a new Primary Partition in the remaining free space.
As soon as this is done, you may format this partition, typically extFAT is used for USB Sticks as FAT32 is too inefficient due to the limit on the number of blocks which would result in huge block sizes for large drives.

Fortran is back in the top 10 of TIOBE Index

 Wow - after more than 20 years, Fortran is back in the top 10 of the TIOBE Index.

That is quite surprising for me and it seems for many others.

(The other thing I found surprising is that I learned 7 of the Top 10 languages - that's good enough I would say 😊)

Fortran has dramatically evolved since its inception in 1957 (funny: this language is the same age as my parents!) and is the go to language when it comes to numerical computing. (Probably also because many very powerful libraries already exist in Fortran). 

I wonder if this trend continues or if other languages like for example Julia will one day overtake Fortran in this area.