ROOM ZKE
Translation Page | USAComment.com
USAComment.com
Zicutake USA Comment | Search Articles



#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington
 Smiley face
PROXY LIST
 Smiley face
Zicutake BROWSER
 Smiley face Encryption Text and HTML  Smiley face Conversion to JavaScript 
 Smiley face Mining Satoshi | Payment speed 
 Smiley face
CREATE ADDRESS BITCOIN
Online BitTorrent Magnet Link Generator
JOURNAL WORLD:

SEARCH +8 MILLIONS OF LINKS ZICUTAKE STATE

#Security

#Security


Microsoft: Meltdown and Spectre patches could cause noticeable performance slowdowns

Posted: 09 Jan 2018 12:15 PM PST

Microsoft officially confirmed that Meltdown and Spectre patches could cause noticeable performance slowdowns contrary to what initially thought.

Just after the disclosure of the Meltdown and Spectre vulnerabilities, many security experts argued that forthcoming patches will have a significant impact on the performance (30% degradation), but Intel pointed out that average users will not notice any difference.

"Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time." continues Intel.

"While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact."

Intel confirmed that extensive testing conducted by tech giants (Apple, Amazon, Google, and Microsoft) to assess any impact on system performance from security updates did not reveal negative effects.

Unfortunately, someone has underestimated the problem and Microsoft Windows patches for the CPU flaws will cause noticeable performance degradation, with most severe impact on Windows servers as well as Windows 7 and 8 client machines.

Microsoft published a blog post that confirmed that Windows servers will experience noticeable performance slowdowns, as will Windows 7 and 8 client machines running older processors (2015-timeframe PCs with Haswell or older CPUs).

intel chip meltdown Spectre

The good news is that newer Windows 10 platforms won’t experience perceptible performance degradation.

Below Microsoft’s findings related to performance degradation caused by the installation of Meltdown/Spectre patches.

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don't expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

Microsoft announced it is working to solve the problem and the situation appears critical for Windows servers.

Microsoft has patched 41 of its 45 Windows versions and is going to release the remaining four issues as soon as possible.

Microsoft requires entire industry to work together to find the best possible solutions for customers affected by vulnerabilities like Spectre and Meltdown.

Pierluigi Paganini

(Security Affairs –  Spectre flaws,  hacking)

The post Microsoft: Meltdown and Spectre patches could cause noticeable performance slowdowns appeared first on Security Affairs.

Wi-Fi Alliance launches WPA2 enhancements and announced WPA3

Posted: 09 Jan 2018 08:00 AM PST

The Wi-Fi Alliance introduced several key improvements to the Wi-Fi Protected Access II (WPA2) security protocol and announced its successor WPA3.Wi-Fi security will be dramatically improved with the introduction of the WPA3 protocol.

The arrival of WPA3 protocol was announced on Monday by the Wi-Fi Alliance, it is the successor of WPA2 protocol for the security of Wi-Fi communication.

WPA3 will build on the core components of WPA2, anyway, the alliance plans to roll out three enhancements for WPA2 in the first part of the year.

“Wi-Fi Alliance is launching configuration, authentication, and encryption enhancements across its portfolio to ensure Wi-Fi CERTIFIED devices continue to implement state of the art security protections.” reads the announcement published by the Wi-Fi Alliance.

“Four new capabilities for personal and enterprise Wi-Fi networks will emerge in 2018 as part of Wi-Fi CERTIFIED WPA3”

The WPA2 is known to be vulnerable to KRACK attacks and DEAUTH attacks. The three key enhancements to the WPA2 protocol will address authentication, encryption, and configuration issues.

The Wi-Fi Alliance includes tech giants like Apple, Cisco, Intel, Qualcomm, and Microsoft it announced WPA3-certified devices for later 2018. They will include two features to improve protection when users choose weak passwords and simplify the choice of proper security settings on devices with limited or no interface screens.

wpa3

Another feature will strengthen user privacy in open networks by using individualized data encryption. The last feature is a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, that will ensure the protection of Wi-Fi networks with higher security requirements such as government and defense.

"Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi CERTIFIED family of security solutions," concluded Edgar Figueroa, president and CEO of Wi-Fi Alliance. "The Wi-Fi CERTIFIED designation means Wi-Fi devices meet the highest standards for interoperability and security protections."

Further information will be made available once the WPA3 program will be launched.

Pierluigi Paganini

(Security Affairs –  WPA2 , WPA3)

The post Wi-Fi Alliance launches WPA2 enhancements and announced WPA3 appeared first on Security Affairs.

Apple released patches to fix Spectre flaws in Safari, macOS, and iOS

Posted: 09 Jan 2018 04:43 AM PST

Apple released iOS 11.2.2 software, a macOS High Sierra 10.13.2 supplemental update, and Safari 11.0.2 to fix Spectre flaws.

On Monday, Apple released patches to fix Spectre flaws in Safari, macOS, and iOS, the tech giant released iOS 11.2.2 software a macOS High Sierra 10.13.2 supplemental update. The patches also fixed vulnerabilities in Apple WebKit, the web browser engine used by Safari, Mail, and App Store.

The security updates issued by Apple aim to mitigate the two known methods for exploiting Spectre identified as "bounds check bypass" (CVE-2017-5753/Spectre/v1) and "branch target injection" (CVE-2017-5715/Spectre/v2).

Just after the disclosure of the Meltdown and Spectre attacks, Apple released security updates (iOS 11.2, macOS and tvOS 11.2) to protect its systems against Meltdown attacks.

Apple now released the following security updates:

After the disclosure of the flaws, security experts pointed out that the Spectre vulnerability is very hard to patch, but fortunately, the exploitation is much more difficult than Meltdown.

Another worrisome aspect of the Spectre attacks is that it breaks the isolation between different applications opening the door to remote attacks, for example, an attacker can remotely bypass sandboxing mechanism implemented by modern browsers.

Pierluigi Paganini

(Security Affairs –  Spectre flaws,  hacking)

The post Apple released patches to fix Spectre flaws in Safari, macOS, and iOS appeared first on Security Affairs.

Dell EMC fixes 3 zero-day vulnerabilities in Data Protection Appliance products

Posted: 08 Jan 2018 11:53 PM PST

Dell EMC informed its customers that its Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance products are affected by 3 zero-day flaws.

Dell EMC informed its customers that its Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance products are affected by vulnerabilities that can be chained by an attacker to take complete control of a target system.

The flaws reside in the Avamar Installation Manager (AVI) component that is present in all the products.

The vulnerabilities were discovered by the experts at the consultancy firm Digital Defense Inc, the three issues included:

  1. An Authentication Bypass in SecurityService; an
  2. Authenticated Arbitrary File Access in UserInputService; and an
  3. Authenticated File Upload in UserInputService.

Dell published a security advisory is ESA-2018-001, that could be accessible by customers having Dell EMC Online Support credentials.

Dell EMC Data Protection Appliance

The most severe issue tracked as CVE-2017-15548 could be exploited by a remote attacker to bypass authentication and gain root access to the system.

The flaw is related to the authentication process that is implemented via a POST request including the username, password and a parameter named wsUrl.

"User authentication is performed via a POST that includes username, password and wsURL parameters. The wsURL parameter can be an arbitrary URL that the Avamar server will send an authentication SOAP request to, that includes the user provided username and password," reads the analysis published by Digital Defense. "If the Avamar server receives a successful SOAP response, it will return a valid session ID. The attacker doesn’t require any specific knowledge about the targeted Avamar server to generate the successful SOAP response, a generic, validly formed SOAP response will work for multiple Avamar servers."

The second flaw, tracked as CVE-2017-15549, could be exploited by  an authenticated attacker with low privileges to upload malicious files to the server.

“Authenticated users can upload arbitrary files to arbitrary locations with root privileges. This can be combined with the other two vulnerabilities to fully compromise the virtual appliance.” continues the analysis.

"The saveFileContents method of the UserInputService class takes a single string parameter and splits it on the '\r' character. The first half of the parameter is a path, including the filename, and the second half of the string is the data that should be written to that path. The web server is running with root privileges, so arbitrary files can be written to arbitrary locations."

The third vulnerability tracked as CVE-2017-15550 is a path traversal issue that allows an authenticated attacker with low privileges to access arbitrary files on the server.

“Authenticated users can download arbitrary files with root privileges. This can be combined with the other two vulnerabilities to fully compromise the virtual appliance.” states the analysis.

"The getFileContents method of the UserInputService class doesn’t perform any validation of the user supplied filename parameter before retrieving the requested file from the Avamar server. Additionally, the web server runs as root, so any file can be retrieved using this vulnerability."

By chaining the three vulnerabilities a remote attacker could take complete control of a vulnerable system.

Affected products are:

  • Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. x, 7.5.0
  • NetWorker Virtual Edition 0.x, 9.1.x, 9.2.x
  • Integrated Data Protection Appliance 2.0

EMC has released security fixes that address all the flaws.

Pierluigi Paganini

(Security Affairs – Dell Data Protection Appliance, hacking)

The post Dell EMC fixes 3 zero-day vulnerabilities in Data Protection Appliance products appeared first on Security Affairs.