05 Jan

Spectre / Meltdown Patching and Refrigerator Locks

Jumbofoot Business, Security Tags: , 0 Comments

If you haven’t heard yet, the “big” news is that Intel, AMD and ARM chips contain specific flaws that could allow an attacker to access information stored in your computer RAM (memory). And while this isn’t a “good” thing, the reality (as I understand it) is that the attacker would need to have already, effectively taken over your computer in order to launch the hack to gain access to your system’s memory/contents! So the bad actor will need to already be in your computer in order to access your memory. Hmm…

Refrigerator Locks

And so, it seems to me this latest kerfuffle is a bit like coming to the “shocking” realization that you don’t have a lock on your refrigerator! This is AFTER the burglar has already broken your door lock, defeated your alarm system and is standing in your home office rifling through your file cabinet. Of course he has access to your refrigerator. And so (logically!?), we’ll all be getting refrigerator locks soon (patches from Microsoft, etc. are already being released). In the normal flow of your life having a refrigerator lock would slow you down a bit (have to unlock and lock that sucker each time you go hunting for a snack). It’s the same for the patches that are being released. They will slow you down, as now access to memory will be more regulated; estimates put the slowdown range between 5% – 30%.

Performance Fix?

If you have an older computer, it’s entirely possible that the patch will cause a noticeable slowdown. Most newer machines should shrug it off. If you do find that you’re struggling, we may be able to install an SSD (Solid State Drive) to help recover some performance. We’ll just have to evaluate things on a case by case basis.

What’s Next?

Some computers that received the early patches (refrigerator locks) froze (see what I did there?). The most common issue was an incompatibility with antivirus software. And so now your patch will not deliver and install until Webroot (or your other AV program) certifies that it is compatible. Webroot has announced that it will release a new version next week that will allow the update patches to proceed. At this time there are no known exploits in the wild, so this delay does not seem to pose much of an increased security issue. Indeed we may benefit from a bit more shakeout to take place while we’re on the shelf.

Mobile Devices

These same flaws apply to just about every mobile device in use as well. So far I haven’t seen anything but “downplay” by the mobile device manufacturers and software providers (Apple, Android). It’s less clear if a software fix will be possible or even warranted. At this point, I would definitely keep up with device and/or carrier updates pushed to you. I’ll do more research on this front and let you know if I uncover anything interesting/urgent. If you have specific information… please share!

SonicWALL?

The last communication I received from SonicWALL indicated that their firewalls are not affected by this processor flaw.

Serious (refrigerator) Note

Of course we should all take serious security issues… seriously. It’s a good thing that this flaw has been exposed and that remediation steps are underway. If the attack surface were to expand to malformed websites, or social media apps, etc., then this would be really bad, really fast. So even if I have mocked it as a refrigerator lock (nothing-burger), it is still an important fix to apply (if not yet urgent). I’ll follow-up with any updates that seem important (especially if new information forces me to revise my refrigerator lock analogy).

Questions / Share

If you have questions or posses more information, please, let me know.

Jason Salit
Jumbofoot Managed Services

13 Sep

CryptoLocker and you

Jumbofoot Security 0 Comments

CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows,[1] believed to have first been posted to the Internet on 5 September 2013.[2]CryptoLocker propagated via infected email attachments, and via an existing botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers. The malware then displays a message which offers to decrypt the data if a payment (through either bitcoin or a pre-paid cash voucher) is made by a stated deadline, and threatened to delete the private key if the deadline passes. If the deadline is not met, the malware offered to decrypt data via an online service provided by the malware’s operators, for a significantly higher price in bitcoin.

Although CryptoLocker itself is readily removed, files remained encrypted in a way which researchers considered unfeasible to break. Many said that the ransom should not be paid, but did not offer any way to recover files; others said that paying the ransom was the only way to recover files that had not been backed up. Some victims claimed that paying the ransom did not always lead to the files being decrypted.

CryptoLocker was isolated in late-May 2014 via Operation Tovar—which took down the Gameover ZeuS botnet that had been used to distribute the malware. During the operation, a security firm involved in the process obtained the database of private keys used by CryptoLocker, which was in turn used to build an online tool for recovering the keys and files without paying the ransom. It is believed that the operators of CryptoLocker successfully extorted a total of around $3 million from victims of the trojan. Other instances of encryption-based ransomware that have followed have used the “CryptoLocker” name (or variations), but are otherwise unrelated.

About Jason / Jumbofoot

I have been an IT Consultant for 25 years. I have worked on projects and with teams from around the world. I have implemented projects both large and small. I have a penchant for documentation, and I can bring order to your IT chaos!

If you need IT help, then please consider Jumbofoot! Call or email today!
Jason Salit - Owner