EP045

EP045 – Meltdown Inspector
Music provided by: Denis Kreynin https://soundcloud.com/denis-kreynin

Greetings & Banter
We spend a decent time discussing the Back To Work podcast from the 5-by-5 network. Credit where credit is due, you can check it out at their website here.

Follow up
Equifax executive Jun Ying has been found guilty of insider trading by the SEC when they found out he sold his corporate shares after he gained knowledge of Equifax’s major security breach (discussed in episode 44) but before the public was made aware.
 
(Mature content warning) Equifax as covered by John Oliver from Last Week Tonight on YouTube mentioned during the podcast by Matt.

Topic for this week: Vulnerabilities in protocols and hardware
KRACK Vulnerability Makes Wi-Fi Hacking Possible, Leaving Millions of Devices Exposed Wired’s explanation of the Wifi RFC flaw
Capturing the WPA handshake using mass deauthentication explaining the WPA(1) deauth attack
IEEE 802.11i-2004 4 way handshake according to Wikipedia
 
Major flaw in millions of Intel chips revealed BBC News Coverage if Intel chip flaw
Meltdown and Spectre – official website for the Spectre and Meltdown vulnerabilities.
Google Online Security Blog: Today’s CPU vulnerability: what you need to know Google implications of the CPU vulnerability.
Side Channel Analysis Security – Intel presentation on new side channel attacks.
Mitigations landing for new class of timing attack – Mozilla made FireFox browser changes to be less precise to help shore up CPU vulnerabilities.
Microsoft starts buying speculative execution exploits – The Register story on Microsoft extends their bug bounty to speculative execution bugs.
Instruction pipelining Instruction pipelining on CPUs speeds overall processing, according to wikipedia.
Pentium FDIV: The processor bug that shook the world – Recap on the old Intel Floating-point unit bug by TechRadar.