AMD Flaws Explained

We cut through the noise and explain in clear terms what’s really been discovered. The botched disclosure of flaws in AMD products has overshadowed the technical details of the vulnerabilities, and we aim to fix that..

Plus another DNS Rebinding attack is in the wild and stealing Ethereum, Microsoft opens up a new bug bounty program, Expedia gets hacked, and we perform a TechSNAP checkup.

• Microsoft Offers New Bug Bounties for Spectre, ... — Microsoft last week announced new bug bounties for speculative execution side-channel vulnerabilities. These vulnerabilities, of which Spectre and Meltdown were the first known examples, represent a new class of problem and Microsoft would like to know what else might be lurking in the neighborhood.
• Microsoft patches RDP vulnerability. — Microsoft announced this week that they’ve released a preliminary fix for a vulnerability rated important, and present in all supported versions of Windows in circulation (basically any client or server version of Windows from 2008 onward).
• Firefox Master Password System Has Been Poorly Secured for the Past 9 Years — For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature.
• Firefox Lockbox Extension — The Lockbox extension is a simple, stand-alone password manager that works with Firefox for desktop. It’s the first of several planned experiments designed to help us test and improve password management and online security.
• How your ethereum can be stolen through DNS rebinding — Most of the ethereum clients run a JSON-RPC service on port 8545 on localhost, but since it’s on localhost, we can’t access it directly from user’s browser due to SOP.
• TechSNAP Episode 353: Too Many Containers
• “AMD Flaws” Technical Summary | Trail of Bits Blog — Most of the discussion after the public announcement of the vulnerabilities has been focused on the way they were disclosed rather than their technical impact. In this post, we have tried to extract the relevant technical details from the CTS whitepaper so they can be of use to the security community without the distraction of the surrounding disclosure issues.
• Ivan is not happy with our memcrashed coverage — Discussion re:"memcrashed" on latest TechSNAP left me very mad. I think hosts did not properly explain the issue.
• PSA: Chrome distrusts certificates issued by Symantec starting today — This was announced back in September for v66, but we have machines running 65.0.3325.162 that display the full page "NET::ERR_CERT_AUTHORITY_INVALID" warning so it seems they jumped the gun a bit.
• Follow up: fail2ban AWS access controls
• Mr S Has a Handy pfSense how-to
• Running pfSense on a DigitalOcean droplet