Systems, Network, and Administration Podcast. Every two weeks TechSNAP covers the stories that impact those of us in the tech industry, and all of us that follow it. Every episode we dedicate a portion of the show to answer audience questions, discuss best practices, and solving your problems.
Episode 357: The Return of Spectre
New variants, bad patches, busted microcode and devastated performance. It’s a TechSNAP Meltdown and Spectre check up.
Plus Tesla gets hit by Monero Cryptojacking, and a dating site that matches people based on their bad passwords…. So we gave it a go!
Flight Sim Company Embeds Malware to Steal Pirates' Passwords — Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.
Lessons from the Cryptojacking Attack at Tesla — In cases involving the WannaMine malware, a tool called Mimikatz is used to pull credentials from a computer’s memory to infect other computers on the network. The malware then uses the infected computers’ compute to mine a cryptocurrency called Monero quietly in the background.
Chef InSpec 2.0 — InSpec is a free open source tool that enables development teams to express security and compliance rules as code. Version 1.0 was about ensuring that applications were set up properly. The new version extends this capability to the cloud where companies are running the applications, allowing teams to test and write rules for compliance with cloud security policy. It supports AWS and Azure and comes with 30 common configurations out of the box including Docker, IIS, NGINX and PostgreSQL.
Spectre & Meltdown Checker for Linux — A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
FreeBSD Finally Gets Mitigated For Spectre & Meltdown — It's taken a few more weeks longer than most of the Linux distributions to be re-worked for Spectre/Meltdown mitigation as well as DragonFlyBSD, but with FreeBSD Revision 329462 it appears their initial fixes are in place.
KPTI/KAISER Meltdown Initial Performance Regressions — In this post I'll look at the Linux kernel page table isolation (KPTI) patches that workaround Meltdown: what overheads to expect, and ways to tune them. Much of my testing was on Linux 4.14.11 and 4.14.12 a month ago, before we deployed in production. Some older kernels have the KAISER patches for Meltdown, and so far the performance overheads look similar. These results aren't final, since more changes are still being developed, such as for Spectre.