<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

Podcast: Meltdown, Spectre, and iOS Performance Issues

Greg Mooney| January 05 2018

| Podcasts, security


New Year, (not so) new security problems. Hosts Greg Mooney and Jeff Edwards discuss some of the biggest tech news of this week.

CPU Chip Security Flaws - Meltdown and Spectre

Even if 2018 isn’t everything you hoped it would be so far, at least you’re doing better than Intel.

The Register reported that virtually all Intel processors that launched in the past decade have a significant chip-level security flaw that could leave content stored in protected kernel memory vulnerable to malicious code. The problem is so pervasive that it cannot be fixed with a simple patch, but requires an OS-level overwrite of the kernel.

The security flaw, which is baked in on Intel's x86/x64 hardware, is under heavy embargo because of its nature and the risk involved. However, from what could be ascertained by The Register, it has to do with how Intel processors manage kernel executions. 

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, but we're looking at a ballpark figure of 5% to 30% slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit.

The guy who found the flaw apparently wanted to report it at Black Hat 2017 in July, but was denied. 

Forever 21 Confirms Breach of Payment System

This isn’t new news, but we have some more information on the Forever 21 data breach. The fashion retailer first discovered and announced the breach in November 2017, but now we’re finding out it was a lot more severe than previously believed.

Forever 21 is now reporting that the breach effected POS systems that were supposed to be encrypted but weren’t. The effected systems were carrying customer payment and credit card data from April 3rd to November 18th, 2017. That’s a lot of info at risk.

But Forever 21 hasn’t told us exactly how many customers might be effected, which isn’t a good sign. 

Basically, long time to discover breach = bad.  Not only does this give hackers more time to escalate privilege and do more damage, it hurts customer trust and brand reputation when it comes out. 

Chipotle and GameStop both suffered similar hacks over 2017. It seems like hackers are concentrating their efforts on cracking POS systems right now.

“Nigerian Prince” Arrested… in Louisiana

It’s one of the oldest tricks in the cybercrime book — the “Nigerian prince” scam. But last week police threw the book at such a prince… in Louisiana. 

 Michael Neu, 67, faces 269 counts of wire fraud and money laundering after being taken into custody following an 18-month investigation. According to the police report, law enforcement officers are also looking into suspected "co-conspirators in the Country of Nigeria,” so watch out for any suspicious royalty. 

John McAfee’s Twitter Hacked

World renowned nut job, accused murderer, and creator of McAfee antivirus, John McAfee claimed his twitter accounted was hacked last week. Some shady never-do-wells apparently gained control of McAfee’s account and used it to promote lesser-known crypto currencies. McAfee has blamed twitter for the hack, but gave no details on how or why.

It should be noted that McAfee himself regularly promotes cryptocurrencies to his followers… 

Security Researcher 15-year-old MacOS Zero Dat Kernel Flaw

On the first day of 2018, a researcher using the online moniker Siguza released the details of an unpatched zero-day macOS vulnerability, which he suggests is at least 15 years old, and proof-of-concept (PoC) exploit code on GitHub.

The bug is a serious local privilege escalation (LPE) vulnerability that could enable an attacker to gain root access on the targeted system and execute malicious code. Malware designed to exploit this flaw could fully install itself deep within the system.

From looking at the source, Siguza believes this vulnerability has been around since at least 2002, but some clues suggest the flaw could actually be ten years older than that. "One tiny, ugly bug. Fifteen years. Full system compromise," he wrote.

Since the vulnerability only affects macOS and is not remotely exploitable—and because Apple’s bug bounty program doesn’t include macOS bugs-- Siguza decided to dump his findings online instead of reporting it to Apple.

Apple Apogizes for Battery-Related Slowdown Controversy

After a few weeks of slowed down iPhones, angry customers, and the obligatory lawsuits, Apple issued an apology and lowered the price of iPhone replacement batteries from $79 to $29.

This week, an internal Apple memo revealed by a French blogger made it clear that this offer is valid to all iPhone owners, even those whose current batteries pass a Genius Bar Diagnostic test. So if you have a new iPhone, you might want to speed over to your local Apple Store while this lasts.

Stay tuned for next week's Defrag This Weekly Update. Until next time, stay safe out there!

Topics: Podcasts, security

Leave a Reply

Your email address will not be published. Required fields are marked *


Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.