Tag Archives: Intel

Intel’s slow progress towards microcode updates

Simon Sharwood for The Register: Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery – For now, have some code that won’t crash Skylakes and stay close to your Telescreens.

He observes:

Sound advice, but a bit hard to swallow given that Shenoy’s “Security Issue Update” revealed that Intel is yet to develop properly working microcode updates for many of the CPUs imperilled by Spectre and Meltdown […] Chipzilla has managed to sort out sixth-generation Skylakes, as a February 7th Microcode Revision Guidance (PDF) document records.

David Harley

Intel update info

  1. Zelkjka Zorz for Help Net Security: Intel testing new Spectre fixes, tells everyone to hold off on deploying current firmware updates

“Shortly after Red Hat stopped providing microcode to address variant 2 (branch target injection) of the Spectre attack, Intel has advised OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current firmware updates that fix the same vulnerability (CVE-2017-5715).”

2. Intel’s own “News Byte”: Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners

“Based on this, we are updating our guidance for customers and partners:

  • We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
  • […]
  • We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.

3. GBHackers: Intel asks customers to hold off Applying Patches for Spectre and Meltdown

“Intel told now they have identified the root cause of the reboot issue that affected Broadwell and Haswell CPUs and they are preparing a solution to address the issue and asks to hold off applying patches for Spectre and Meltdown.”

David Harley

Europol says ‘No More Ransom’

Europol, the European Union’s law enforcement agency, has announced an initiative to address the ransomware issue. (Hat Tip to Kevin Townsend, who first brought it to my attention.)

The agency’s announcement tells us that:

No More Ransom(www.nomoreransom.org) is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals…

…The project has been envisioned as a non-commercial initiative aimed at bringing public and private institutions under the same umbrella. Due to the changing nature of ransomware, with cybercriminals developing new variants on a regular basis, this portal is open to new partners’ cooperation.

The site includes:

  • Crypto Sheriff – a form for helping victims try to find out which malware they’re affected by and whether a decrypter is available. Sounds like a potentially useful resource, even though the little graphic reminds me a little of the late, lamented Lemmy rather than a hi-tech search facility. Somewhat similar to MalwareHunter’s ID Ransomware facility.
  • A Ransomware Q&A page
  • Prevention Advice
  • An About page
  • Advice on how to Report a Crime
  • And a limited range of decryption tools from Kaspersky (mostly) and Intel.

Infosecurity Magazine’s commentary notes that:

‘In its initial stage, the portal contains four decryption tools for different types of malware, including for CoinVault and the Shade Trojan. In May, ESET claimed that it had contacted TeslaCrypt’s authors after spotting a message announcing they were closing their ‘project’ and offered a decryption key.

‘Raj Samani, EMEA CTO for Intel Security, told Infosecurity that both Intel Security and Kaspersky had developed decryption tools to apply against Teslacrypt, and these will be posted to the website shortly.

Well, I’m not in a position to compare the effectiveness of various TeslaCrypt decrypters, and I do understand that it’s important for the “The update process for the decryption tools page …[to]… be rigorous.” Kaspersky in particular has a good reputation for generating useful decrypters. And the AVIEN site is certainly not here to pursue ESET’s claim to a portion of the PR pie. Still, there are decrypters around from a variety of resources apart from the companies already mentioned (see Bleeping Computer’s articles for examples). I hope other companies and researchers working in this area will throw their hats into the ring in response to Europol’s somewhat muted appeal for more partnerships, so that the site benefits from a wider spread of technical expertise and avoids some of the pitfalls sometimes associated with cooperative resources. As it states on the portal:

“the more parties supporting this project the better the results can be, this initiative is open to other public and private parties”.

Here are some links for standalone utilities that I’ve listed on the ransomware resource pages here. [Note, however, that these haven’t been rigorously checked, or not by me at any rate.]

Standalone Decryption Utilities

I haven’t personally tested these, and they may not work against current versions of the ransomware they’re intended to work against. Note also that removing the ransomware doesn’t necessarily mean that your files will be recovered. Other companies and sites will certainly have similar resources: I’m not in a position to list them all.

Bleeping Computer Malware Removal Guides

ESET standalone tools

Included with tools for dealing with other malware.

Also: How do I clean a TeslaCrypt infection using the ESET TeslaCrypt …

Kaspersky Tools

CoinVault decryption tool
CryptXXX decryption tool

Trend Micro Tools

Emsisoft Decryptors

18-4-2016 [HT to Randy Knobloch] N.B. I haven’t tested these personally, and recommend that you read the ‘More technical information’ and ‘Detailed usage guide’ before using one of these.

David Harley

 

 

Breaking news: Intel Buys McAfee

Intel announced today that it has bought out McAfee, http://mcafee.com/us/about/intel_mcafee.html

It’s definitely a time of consolidation in the industry, and this is an interesting move on the part of a player that hasn’t so far gotten it’s feet wet in the software security arena (although Intel Capital has invested in other AV companies such as AVG).

What this means for consumers could be interesting, as the AV could be much more closely tied to the processor architecture.
Anyway, congratulations to all my friends at McAfee, next time we meet, the drinks are on you.

Andrew Lee CISSP
AVIEN CEO / CTO K7 Computing

Update 20/08/2010: Of course, I neglected to mention that Intel did of course have an AV product called LANDesk some years ago, that was bought by Symantec, so Intel isn’t totally new to this game.