Plus the latest Intel speculative execution vulnerability, and Microsoft's troubled history with certificate renewal.

Links:

• Oregon company makes top bid for Microsoft check - CNET
• Microsoft’s failures to renew: Teams, Hotmail, and Hotmail.co.uk | Ars Technica
• Microsoft Teams goes down after Microsoft forgot to renew a certificate - The Verge
• Browser review: Microsoft’s new “Edgium” Chromium-based Edge | Ars Technica
• Linus Torvalds pulled WireGuard VPN into the 5.6 kernel source tree | Ars Technica
• Ubuntu 20.04 LTS Adds WireGuard Support - Phoronix
• Multipath TCP Support Is Working Its Upstream - First Bits Landing With Linux 5.6 - Phoronix
• MultiPath TCP - Linux Kernel implementation
• Upstreaming multipath TCP
• LPC2019 - Multipath TCP Upstreaming - YouTube
• LPC2019 - Multipath TCP Upstreaming - Slides
• LPC2019 - Multipath TCP Upstreaming - Paper
• Using MultiPath TCP to enhance home networks
• Linux 5.6 Crypto Getting AVX/AVX2/AVX-512 Optimized Poly1305
• Poly1305
• CacheOut
• CacheOut Paper
• Intel Responds to ZombieLoad and CacheOut Attacks | Tom's Hardware
• New CacheOut Attack Targets Intel CPUs, Leaks Data From VMs And Secure Enclave

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com

Links:

• Hanging Up on Mobile in the Name of Security
• Windows 10 Enterprise Getting "InPrivate Desktop" Sandboxed Execution Feature
• Introducing the Windows Pseudo Console (ConPTY)
• Understanding L1 Terminal Fault aka Foreshadow
• Merge L1 Terminal Fault fixes from Thomas Gleixner
• Cabot: Self-hosted, easily-deployable monitoring and alerts service
• cabotapp/cabot - Docker Hub

Plus a concise breakdown of Meltdown, Spectre, and side-channel attacks like only TechSNAP can.

Then we run through the timeline of events, and the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances, your questions, and more!

Sponsored By:

• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean

Links:

• Meltdown and Spectre — Meltdown and Spectre exploit critical vulnerabilities in modern processors.
• The Meltdown and Spectre CPU Bugs, Explained
• How we got to Spectre and Meltdown A Timeline My version of the timeline... — My version of the timeline on Spectre Meltdown. This post will be updated! If you want to add/correct something, please comment.
• How Tier 2 cloud vendors banded together to cope with Spectre and Meltdown | TechCrunch — Eventually six cloud providers — Scaleway, DigitalOcean, Packet, Vultr, Linode and OVH — formed a consortium of sorts to help one another and share information. In order to make the process more efficient, they started a Slack channel with CEOs, CTOs and engineers from the various companies sharing information and fixes as they became available.
• FreeBSD was made aware of Meltdown and Spectre in late December. There's currently no ETA for mitigation. — It looks like Dragonfly BSD has a patch, so hopefully that will be useful for FreeBSD.
• heads up: Fix for intel hardware bug will lead to performance regressions — Upcoming versions of the linux kernel (and apparently also windows and others), will include new feature that apparently has been implemented with haste to work around an intel hardware bug.
• AWS Developer Forums: Degraded performance — Immediately following the reboot my server running on this instance started to suffer from cpu stress.
• Google is pushing Retpoline — With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications. Furthermore, testing this feature, particularly when combined with optimizations such as software branch prediction hints, demonstrated that this protection came with almost no performance loss.
• PCID is now a critical performance/security feature on x86 — On any system that does not currently show "pcid" in the flags line of /proc/cpuinfo, Meltdown is a bigger issue than "install latest updates".
• Spectre & Meltdown vulnerability/mitigation checker for Linux — A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
• Microsoft PowerShell Script to check for Meltdown — To help customers verify that protections are enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands.
• Why Raspberry Pi isn't vulnerable to Spectre or Meltdown — To help us understand why, here’s a little primer on some concepts in modern processor design.
• macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password — A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.
• Major macOS High Sierra Bug Allows Full Admin Access Without Password
• WD My Cloud NAS devices have hard-wired backdoor — Lets anyone log in as user mydlinkBRionyg with the password abc12345cba.
• Question: How could I measure all of these overhead performance hits? — My question: how could I measure all of these overhead performance hits, so I can put in a well educated request to adjust all of these components, so I have a computer that performs near its capacity?
• Perfmon
• Troubleshooting with the Windows Sysinternals Tools
• ProcDump
• Process Monitor - Replaces filemon
• Question: MySQL Replication Woes — The problem is that during some larger deletes on the master, the tables on the slave get locked and the slave lag goes through the roof.. During this time all of my selects that have been sent to the slave are just sitting there and waiting for the table to unlock while the master is just fine.
• Ask Noah 44: Red Hat with Brandon Johnson
• BSD Now 228: The Spectre of Meltdown