----------------------------------------------------------------------
Message-ID: <E2BE38E6-C69B-4E7B-B92E-32D5DCC92A53@roscom.com>
Date: Sun, 7 Jan 2018 23:57:07 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Project Zero: Reading privileged memory with a side-channel
Reading privileged memory with a side-channel
Posted by Jann Horn, Project Zero
Wednesday, January 3, 2018
We have discovered that CPU data cache timing can be abused to
efficiently leak information out of mis-speculated execution, leading
to (at worst) arbitrary virtual memory read vulnerabilities across
local security boundaries in various contexts.
Variants of this issue are known to affect many modern processors,
including certain processors by Intel, AMD and ARM. For a few Intel
and AMD CPU models, we have exploits that work against real
software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].
So far, there are three known variants of the issue:
Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)
Before the issues described here were publicly disclosed, Daniel
Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael
Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas
also reported them; their [writeups/blogposts/paper drafts] are at:
Spectre (variants 1 and 2)
Meltdown (variant 3)
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
------------------------------
Message-ID: <15B545FD-4688-41B7-99D1-C1A4DCEF8FF5@roscom.com>
Date: Sun, 7 Jan 2018 23:37:09 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Meltdown
Meltdown
Abstract
The security of computer systems fundamentally relies on memory
isolation, e.g., kernel address ranges are marked as non-accessible
and are protected from user access. In this paper, we present
Meltdown. Meltdown exploits side effects of out-of-order execution on
modern processors to read arbitrary kernel-memory locations including
personal data and passwords. Out-of-order execution is an
indispensable performance feature and present in a wide range of
modern processors. The attack is independent of the operating system,
and it does not rely on any software vulnerabilities. Meltdown breaks
all security assumptions given by address space isolation as well as
paravirtualized environments and, thus, every security mechanism
building upon this foundation. On affected systems, Meltdown enables
an adversary to read memory of other processes or virtual machines in
the cloud without any permissions or privileges, affecting millions of
customers and virtually every user of a personal computer. We show
that the KAISER defense mechanism for KASLR [8] has the important (but
inadvertent) side effect of impeding Meltdown. We stress that KAISER
must be deployed immediately to prevent large-scale exploitation of
this severe information leakage.
https://meltdownattack.com/meltdown.pdf
------------------------------
Message-ID: <cce4c249f84b4b20daf11f4026c6cddb.squirrel@email.fatcow.com>
Date: Mon, 8 Jan 2018 02:03:54 -0600
From: "Neal McLain" <nmclain.remove-this@and-this-too.annsgarden.com>
Subject: Re: Colorado city beats cable lobby, moves ahead ...
On Saturday, January 6, 2018 at 10:11:25 PM UTC-6, Bill Horne
wrote:
> After beating cable lobby, Colorado city moves ahead with
> muni broadband. Fort Collins plans universal broadband,
> net neutrality, and gigabit speeds.
>
https://arstechnica.com/tech-policy/2018/01/colorado-city-to-build-fiber-broadband-network-with-net-neutrality/
This article, like numerous other articles about municipal broadband, fails
to mention an important fact: City of Fort Collins already operates its own
electric power utility. Thus, it already owns (or has easements for) the
rights-of-way, the physical infrastructure (poles, ducts, manholes, towers,
buildings), and the administrative infrastructure (customer service, billing,
vehicle administration, personnel administration, state sales tax exemption,
lines of credit or other means of financing capital projects). It already has
employees dedicated to operating, maintaining and extending the
infrastructure. And, most significantly, as a municipal corporation it does
not have to generate a profit.
All of these factors make it possible for a city or a county to finance,
build and operate a broadband network at lower cost than a for-profit
corporation.
Fort Collins Utilities certainly isn't unique. Numerous municipalities that
own electric power utilities have added fiber broadband networks to their
existing electricity distribution infrastructure.
Perhaps the best known example is Electric Power Board of Chattanooga,
owned by the City of Chattanooga, Tennessee. EPB owns and operates
the electric power network and has overlaid a fiber communications
network on the power distribution network.
https://tinyurl.com/EPB-Tennessee
Some cities operate their own cable TV networks in addition to electric
power utilities. Wayandotte, Michigan and Jackson, Minnesota are
examples. These cities already had the infrastructure for internet-
over-coax even before they overlaid fiber networks.
Wayandotte now operates its own fiber network as part of its
telecommunications utility.
http://www.wyan.org/Our-History.aspx
Jackson is now a member of the Southwest Minnesota Broadband Services
network, an organization that provides cable TV and broadband internet-
over-fiber to eight cities in southwest Minnesota, including Jackson.
https://tinyurl.com/SWMBS
Back in 1990s, before I retired and moved to Texas, I worked for a
company that provided technical consulting services to cable TV companies.
City of Jackson was one of our clients. I spent many days in Jackson,
assisting them with their city-owned cable TV network.
Jackson's cable TV operation was part of the public works department,
the same department that ran electric power distribution, water
distribution, sanitary sewers, storm sewers, roads, streets, and bridges.
I was struck by the way in which the cable TV operation was so closely
integrated into the department. The department's employees all wore
the same uniforms, all belonged to the same union local, all drove
identical city-owned service vehicles, and all met for coffee in the
warehouse every morning.
The warehouse reflected this close integration: cable TV amplifiers shared
space with water meters, electric meters, water valves, traffic signals,
power insulators, tower lights, streetlights, stop signs, pole hardware, and
I don't recall what else. The outdoor storage yard was a similar melange:
rolls of power cables, rolls of coax cables, sewer grates, fire hydrants,
poles, pole crossarms, more signs, all neatly arranged in rows.
Neal McLain
------------------------------
*********************************************
End of telecom Digest Tue, 09 Jan 2018
