This episode sponsored by Cylance.On this week’s show Matt “pwnallthethings” Tait joins the show to walk us through the so-called Meltdown and Spectre bugs. Most of the coverage of the flaws has either been massively hyped or detail-free, and Matt pops by to untangle the whole mess. He does a great job of it, too.
This week’s show is brought to you by Cylance. CTO Rahul Kashyap will be along in the sponsor chair to talk about why so many AV packages were causing Windows boxes to BSOD when Microsoft pushed its Meltdown patch.
Adam Boileau is back in the news hotseat, and boy oh boy do we have a lot to cover. Show notes are below, and you can follow Adam or Patrick on Twitter if that’s your thing.
Show notes
- Intel CEO sold all the stock he could after Intel learned of security bug | Ars Technica
- Bad docs and blue screens make Microsoft suspend Spectre patch for AMD machines | Ars Technica
- MacOS LPE Exploit Gives Attackers Root Access | Threatpost | The first stop for security news
- Project Zero: aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
- NSA contractor pleads guilty to charge of hoarding troves of classified docs - Cyberscoop
- The Wassenaar Arrangement's latest language is making security researchers very happy
- White House Bans Staff From Using Personal Mobile Phones at Work - Bloomberg
- New Rules Announced for Border Inspection of Electronic Devices | Threatpost | The first stop for security news
- Facebook Is Disrupting North Korean Hacking Operations - Motherboard
- Game-changing attack on critical infrastructure site causes outage | Ars Technica
- I’m harvesting credit card numbers and passwords from your site. Here’s how.
- Man's Life Savings Stolen from Hardware Wallet Supplied by a Reseller - Bitcoin News
- Electrum Wallet Keys Could Be Snatched by Malicious Websites - Inside Bitcoins - News, Price, Events | Inside Bitcoins – News, Price, Events
- Mailgun Security Incident and Important Customer Information
- Reddit admits its email provider was hacked to steal Bitcoin Cash tips
- Oracle app server hack let one attacker mine $226,000 worth of cryptocoins | Ars Technica
- Jailed Russian says he can prove hack of DNC on Kremlin's orders
- Hackers take control of security firm’s domain, steal secret data | Ars Technica
- How Kaspersky’s Software Fell Under Suspicion of Spying on America - WSJ
- “Political pressure” reportedly kills Huawei/AT&T smartphone deal | Ars Technica
- Snowden’s App Probably Can’t Protect You From Targeted State Surveillance - Motherboard
- Twitter Promoted a Tweet That Steals Your Credit-Card Details
- Ukrainian hackers turn on own government to make it care about cybersecurity -Euromaidan Press |
- What Happens If Russia Attacks Undersea Internet Cables | WIRED
- Cyxtera Technologies to acquire offensive cyber firm Immunity
- Full Disclosure: CVE-2017-15944: Palo Alto Networks firewalls remote root code execution
- Ruben Berenguel, PhD on Twitter: "We’ve seen CPU usage go from ~20% to ~40% (and now critical machines with redundancy upscale under loads that before didnt made them blink). Costs this month in AWS will go up 10%, I predict (very least, haven’t checked EMR effect yet, if similar, 20-30%) #spectre #meltdown #fb"
- A collection of links to PDFs of papers on Micro-Architectural Attacks (sorted by date) by Paul Harvey - kernel, vulnerabilities, meltdown | Peerlyst
- Joanna Rutkowska on Twitter: "@tehjh @anders_fogh Something much simpler than what you did :) See below. This is part of the work Rafał Wojtczuk and I did back in 2010. It's no longer under… https://t.co/HFkUelrPBn"
- CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre) Windows antivirus patch compatibility
- Cylance | Meltdown and Spectre Vulnerabilities
