Skip to content

Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious

Web founder Tim Berners-Lee is one of the privacy advocates behind a newly launched service that combines social media, cloud storage, person-to-person, and group communications for privacy-conscious users.

The so-called MeWe private communications network spun out of online privacy company Sgrouples — founded by online privacy advocate Mark Weinstein — doesn’t own, track, or share, information its members provide or share among one another. MeWe encrypts personally identifiable information and most of its communication is SSL-encrypted, and the platform was built with Scala and LISP.

MeWe follows a string of other privacy-oriented services, including secure mobile messaging service Wickr and Silent Circle, which offers private and secure voice, video, text, and file transfer services on mobile devices. The prospect of “leave no trace” communications has become more attractive to some more privacy-concerned users given the large amounts of data gathered by sites such as Facebook and Google, and especially in the wake of the NSA leaks exposing the agency’s controversial online surveillance programs.

Weinstein describes the typical MeWe user like this: “I have social network fatigue. I want a global communications network where I can stay in touch with family, friends, and co-workers. But this is not another social media” platform, he says. “It’s a private communication network… and we don’t track” users or their activity, he says.

“So when it comes to security, the first line is that we are not storing or aggregating or analyzing member data,” he says. “And you can’t post to the whole MeWe world — only to your [designated] MeWe world.”

Weinstein declined to provide data on membership thus far. MeWe is free and comes with (for free) a personal news feed, voice integration, detailed permission controls, 8 GB of storage, and it also runs on Android and iOS, as well as desktop machines.

How will MeWe make money? With optional services you can add such as its extra data storage option (up to 500GB) and picture printing via Walgreens, for instance. On tap is a MeWe app store, and eventually, a subscription-based enterprise version.

And for those users who just aren’t ready to break ties with traditional social media, MeWe has an option to also post to their Facebook, LinkedIn, Twitter, and other social media accounts.

“The original idea of the Web was that it should be a collaborative space where you can communicate through sharing information, MeWe advisor, Berners-Lee said in a statement. “The power to abuse the open Internet has become so tempting both for government and big companies. MeWe gives the power of the Internet back to the people with a platform built for collaboration and privacy.”

Reference:

https://www.darkreading.com/cloud/berners-lee-behind-new-private-communications-network-for-ultra-privacy-conscious/d/d-id/1316694

Advertisements

How to make your internet faster with privacy based DNS Service 1.1.1.1

Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1—world’s fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history.

Domain Name System (DNS) resolver, or recursive DNS server, is an essential part of the internet that matches up human-readable web addresses with their actual location on the internet, called IP addresses.

For example, when you try to open a website, say thehackernews.com, your DNS looks up for the IP address linked to this domain name and load the site.

Since the default DNS services provided by ISPs are often slow and insecure, most people rely on alternative DNS providers—such as OpenDNS (208.67.222.222), Comodo DNS (8.26.56.26) and Google (8.8.8.8), to speed up their Internet.

But if you use Cloudflare new 1.1.1.1 DNS service, your computer/smartphone/tablet will start resolving domain names within a blazing-fast speed of 14.8 milliseconds—that’s over 28% faster than others, like OpenDNS (20.6ms) and Google (34.7ms).

Even if you are visiting websites over HTTPS, DNS resolvers log every site you visit, making your ISP or 3rd-party DNS services know about everything you do on the Internet.

“That means, by default, your ISP, every wifi network you’ve connected to, and your mobile network provider have a list of every site you’ve visited while using them,” the company says.

However, Cloudflare has changed this game with its new free DNS service, which it claims, will be “the Internet’s fastest, privacy-first consumer DNS service,” promising to prevent ISPs from easily tracking your web browsing history.

Cloudflare public DNS resolvers, 1.1.1.1 and 1.0.0.1 (as alternate DNS server for redundancy), support both DNS-over-TLS and DNS-over-HTTPS to ensure maximum privacy.

The company has also promised not to sell users’ data, instead to wipe all logs of DNS queries within 24 hours. It’s also working with auditors at KPMG to examine its systems and guarantee it’s not actually collecting your data.

How to Change DNS Settings to Boost Internet Speed

For Mac PCs:

  • Open System Preferences.
  • Search for DNS Servers and tap it.
  • Click the + button to add a DNS Server and enter 1.1.1.1 and 1.0.0.1 (for redundancy).
  • Click Ok and then Apply.

For Windows Computers:

  • Tap Start and then click on Control Panel.
  • Click on Network and Internet, and then tap Change Adapter Settings.
  • Right-click on the Wi-Fi network you are connected to, then click Properties.
  • Select Internet Protocol Version 4 and click Properties, and then write down any existing DNS server entries for future reference.
  • Now tap Use The Following DNS Server Addresses, and replace those addresses with the 1.1.1.1 DNS addresses: For IPv4: 1.1.1.1 and 1.0.0.1; and For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
  • Click OK, then Close, and Restart your browser.

For Android Devices:

  • Connect to your preferred WiFi network.
  • Enter your router’s gateway IP address in your browser. Fill in your username and password, if asked.
  • In your router’s configuration page, locate the DNS server settings, and enter any existing DNS server entries for future reference.
  • Replace those addresses with the 1.1.1.1 DNS addresses: For IPv4: 1.1.1.1 and 1.0.0.1, and For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
  • Save your settings, then restart your browser.
Note: Android requires a static IP to use custom DNS servers. This setup requires additional setup on your router, affecting your network’s strategy for adding new devices to the network. Cloudflare recommends configuring your router’s DNS instead, which gives all devices on your network the full speed and privacy benefits of 1.1.1.1 DNS.

For iOS Devices (iPhone/iPad):

  • From your iPhone’s home screen, open Settings.
  • Open Wi-Fi and then your preferred network in the list.
  • Tap Configure DNS, and then click on Manual.
  • If there are any existing entries, tap the – button, and Delete next to each one.
  • Now, add 1.1.1.1 and 1.0.0.1 (as alternate DNS server for redundancy) to the DNS address.
  • Now, tap the Save button on the top right.
You’re all set to go! Your device now has faster, more private DNS servers.

 

Reference:

https://thehackernews.com/2018/04/fastest-dns-service.html

DNS Resolvers Performance compared: CloudFlare x Google x Quad9 x OpenDNS

A couple of months ago I did a performance comparison between some of the top free DNS Resolvers available. It was just after Quad9 had launched and I was trying to decide which one to use and recommend to families and friends. Google, OpenDNS, Quad9, .. some many options… I love options …

And things just got better. CloudFlare, one of the companies that know the most about Internet performance recently launched their own free DNS resolver. It supports DNS over TLS and DNS over HTTPS by default, which makes it even more interesting.

Now we have an even more interesting playing field: Google’s 8.8.8.8, Quad9’s 9.9.9.9 and CloudFlare’s 1.1.1.1 , in addittion to OpenDNS’s 208.67.222.222 and a few other niche providers as options for us to use.

View story at Medium.com

Providers Tested

Let’s compare them and see how fast they are from across the world. Those were the top 8 free DNS providers that we chose to evaluate:

  • Google 8.8.8.8: Private and unfiltered. Most popular option.
  • CloudFlare 1.1.1.1: Private and unfiltered. New player.
  • Quad9 9.9.9.9: Private and security aware. New player that blocks access to malicious domains.
  • OpenDNS 208.67.222.222: Old player that blocks malicious domains and offers the option to block adult content.
  • Norton DNS 199.85.126.20: Old player that blocks malicious domains and is integrated with their Antivirus.
  • CleanBrowsing 185.228.168.168: Private and security aware. New player that blocks access to adult content.
  • Yandex DNS 77.88.8.7: Old player that blocks malicious domains. Very popular in Russia.
  • Comodo DNS 8.26.56.26: Old player that blocks malicious domains.

That’s a quick feature breakdown between them regarding their privacy options:

Privacy options comparison

The Privacy option above is based on the providers promise to do not log or share your DNS requests.

Locations

We ran our tests from 18 locations from around the globe. We used mostly VPS providers + some broadband locations to try to query their DNS from as many places as we could. It will tell us how well connected they are, where their datacenters are located and how close someone’s experience in that area will be. Locations chosen:

  • North America: San Diego, Los Angeles, New York, Toronto, Montreal, Atlanta, Dallas, Fremont, San Francisco
  • Europe: London, Paris, Amsterdam, Frankfurt
  • Asia: Tokyo, Singapore, Bangalore (India), Sydney, Brisbane (Australia)
  • South America: Sao Paulo

Update: there is this tool that you can run from your own location to compare the performance of these providers. I tested it myself and worked pretty well. Try it out and let me know the results from your city/ISP, and I will update this post.

Results Summary

Our test was very simple and we performed 70 DNS lookups throughout the course of an hour for different popular domains (google, facebook, twitter, gmail, etc). We averaged all the requests per location to get an overall performance indicator per DNS resolver.

TLDR / Summary

  • All providers (except Yandex) performed very well in North America and Europe. They all had under 15ms response time across the US, Canada and Europe, which is amazing. In reality, you can choose any one of them and do not notice the few msec of latency difference. However, Asia and South America made the difference in the overall averages (and finding the winner) as some of the providers are not well connected there.
  • CloudFlare was the fastest DNS for 72% of all the locations. It had an amazing low average of 4.98 ms across the globe.
  • Google and Quad9 were close for second and third respectively. Quad9 was faster than Google in North America and Europe, but under performed in Asia / South America.
  • CloudFlare has a strong presence everywhere. While Google and Quad9 had some high response times from some locations, CloudFlare performed well from everywhere.
  • Yandex is only for Russia. It doesn’t leverage Anycast like the other providers, and was very slow from everywhere.
  • CleanBrowsing was the fastest provider offering adult (porn) content filtering.
  • We know we can’t compare these providers 1 to 1, as they all have special features that can add some latency (Quad9 and Comodo blocks access to malicious domains, for example). Take the results as is.

Global Average

#1 CloudFlare: 4.98 ms
#2 Google: 16.44 ms
#3 Quad9: 18.25 ms
#4 CleanBrowsing: 19.14 ms
#5 Norton: 34.75 ms
#6 OpenDNS: 46.51 ms
#7 Comodo: 71.90
#8 Yandex: 169.91

North America Average

#1 CloudFlare: 3.93 ms
#2 Quad9: 7.21 ms
#3 Norton: 8.32 ms
#4 Google: 8.53 ms
#5 CleanBrowsing: 11.83 ms
#6 OpenDNS: 14.66 ms
#7 Comodo: 25.91 ms
#8 Yandex: 119.09 ms

Europe Average

#1 CloudFlare: 2.96
#2 Quad9: 4.35
#3 CleanBrowsing: 5.74
#4 Google: 7.17
#5 OpenDNS: 8.99
#6 Norton: 10.35
#7 Comodo: 13.06
#8 Yandex: 35.74

Results Data

USA, NewYork
#1 Quad9 1.50 ms
#2 CloudFlare 1.57 ms
#4 Norton_DNS 7.28 ms
#5 Google_DNS 7.71 ms
#6 OpenDNS 9.71 ms
#6 CleanBrowsing 10.85 ms
#7 Comodo_DNS 12.00 ms
#8 Yandex_DNS 108.14 ms

USA, San Diego
#1 CloudFlare 8.57 ms
#2 Norton_DNS 9.00 ms
#3 Google_DNS 14.28 ms
#4 CleanBrowsing 19.28 ms
#5 OpenDNS 19.42 ms
#6 Quad9 19.42 ms
#7 Comodo_DNS 40.00 ms
#8 Yandex_DNS 193.57 ms

Canada, Toronto
#1 CloudFlare 3.42 ms
#2 Google_DNS 9.42 ms
#3 Norton_DNS 13.00 ms
#4 CleanBrowsing 13.71 ms
#5 Quad9 15.28 ms
#6 OpenDNS 17.85 ms
#7 Comodo_DNS 21.71 ms
#8 Yandex_DNS 124.14 ms

Canada, Montreal
#1 CleanBrowsing 15.28 ms
#2 Google_DNS 16.71 ms
#3 CloudFlare 17.00 ms
#4 Quad9 17.71 ms
#5 OpenDNS 23.42 ms
#6 Norton_DNS 25.71 ms
#7 Comodo_DNS 84.28 ms
#8 Yandex_DNS 118.85 ms

USA, Atlanta
#1 Quad9 1.71 ms
#2 CloudFlare 1.85 ms
#3 Google_DNS 4.14 ms
#4 CleanBrowsing 15.42 ms
#5 Norton_DNS 17.00 ms
#6 OpenDNS 17.14 ms
#7 Comodo_DNS 18.57 ms
#8 Yandex_DNS 127.57 ms

USA, Dallas
#1 CloudFlare 2.10 ms
#2 Norton_DNS 3.14 ms
#3 Quad9 3.42 ms
#4 OpenDNS 6.71 ms
#5 Google_DNS 7.14 ms
#6 CleanBrowsing 10.85 ms
#7 Comodo_DNS 38.42 ms
#8 Yandex_DNS 153.28 ms

USA, Fremont
#1 CloudFlare 2.00 ms
#2 Norton_DNS 6.14 ms
#3 Quad9 11.00 ms
#4 CleanBrowsing 11.85 ms
#5 Google_DNS 13.71 ms
#6 Comodo_DNS 22.00 ms
#7 OpenDNS 24.42 ms
#8 Yandex_DNS 185.00 ms

USA, San Francisco
#1 Norton_DNS 2.00 ms
#2 Quad9 2.14 ms
#3 CloudFlare 2.85 ms
#4 Google_DNS 12.28 ms
#5 CleanBrowsing 21.14 ms
#6 Comodo_DNS 22.14 ms
#7 OpenDNS 28.00 ms
#8 Yandex_DNS 180.42 ms

UK, London
#1 CloudFlare 1.14 ms
#2 Quad9 1.85 ms
#3 CleanBrowsing 2.00 ms
#4 Norton_DNS 6.57 ms
#5 Google_DNS 7.71 ms
#6 Comodo_DNS 9.85 ms
#7 OpenDNS 9.85 ms
#8 Yandex_DNS 35.57 ms

France, Paris
#1 CloudFlare 5.14 ms
#2 Comodo_DNS 10.00 ms
#3 Google_DNS 10.14 ms
#4 Quad9 12.71 ms
#5 OpenDNS 13.57 ms
#7 CleanBrowsing 14.85 ms
#6 Norton_DNS 23.85 ms
#8 Yandex_DNS 38.14 ms

NL, Amsterdam
#1 CloudFlare 1.14 ms
#2 CleanBrowsing 1.14 ms
#3 Quad9 1.71 ms
#4 Google_DNS 2.71 ms
#5 OpenDNS 4.42 ms
#6 Norton_DNS 9.85 ms
#7 Comodo_DNS 12.85 ms
#8 Yandex_DNS 40.42 ms

Germany, Frankfurt
#1 Norton_DNS 1.14 ms
#2 Quad9 1.14 ms
#3 CloudFlare 4.42 ms
#4 CleanBrowsing 5.00 ms
#5 Google_DNS 8.14 ms
#6 OpenDNS 8.14 ms
#7 Comodo_DNS 19.57 ms
#8 Yandex_DNS 28.85 ms

Japan, Tokyo
#1 CloudFlare 2.00 ms
#2 CleanBrowsing 2.14 ms
#3 Norton_DNS 6.14 ms
#4 Google_DNS 17.28 ms
#5 Quad9 40.57 ms
#6 Comodo_DNS 124.14 ms
#7 OpenDNS 125.71 ms
#8 Yandex_DNS 283.00 ms

Singapore
#1 CloudFlare 1.14 ms
#2 Google_DNS 2.00 ms
#3 Quad9 2.14 ms
#4 CleanBrowsing 2.28 ms
#5 OpenDNS 28.14 ms
#6 Norton_DNS 34.14 ms
#7 Comodo_DNS 203.71 ms
#8 Yandex_DNS 343.00 ms

India, Bang
#1 CloudFlare 7.42 ms
#2 Norton_DNS 21.28 ms
#3 Quad9 38.85 ms
#4 Google_DNS 40.71 ms
#5 OpenDNS 59.42 ms
#6 CleanBrowsing 138.71 ms
#7 Comodo_DNS 150.57 ms
#8 Yandex_DNS 171.57 ms

Australia, Sydney
#1 CloudFlare 22.28 ms
#2 Quad9 25.00 ms
#3 Google_DNS 26.14 ms
#4 CleanBrowsing 34.57 ms
#5 OpenDNS 37.85 ms
#6 Norton_DNS 164.57 ms
#7 Comodo_DNS 186.28 ms
#8 Yandex_DNS 352.14 ms

Australia, Brisbane
#1 CloudFlare 3.00 ms
#2 CleanBrowsing 13.57 ms
#3 Quad9 17.71 ms
#4 Google_DNS 66.14 ms
#5 Norton_DNS 160.14 ms
#6 Comodo_DNS 188.28 ms
#7 OpenDNS 190.28 ms
#8 Yandex_DNS 336.71 ms

Brasil, Sao Paulo
#1 CloudFlare 2.71 ms
#2 CleanBrowsing 12.00 ms
#3 Google_DNS 29.71 ms
#4 Norton_DNS 114.71 ms
#5 Quad9 114.71 ms
#6 Comodo_DNS 129.85 ms
#7 OpenDNS 213.14 ms
#8 Yandex_DNS 238.14 ms

Powershell – How to create Snippets or short blocks of code

Powershell allows us to create snippets that can be accessed via the ISE.

Step 1 – Access the ISE

ISE > Run as admin

 

Step 2 – Create a new Snippet

This snippet is to list the processes, sorted in alphabetical order.  The command is entered on a single line.  We use “new-isesnippet” to create the snippet, followed by a Title and Description.  Lastly in the Text section we put the powershell command.

powershell new snippet

new-isesnippet

-Title GetProcesses

-Description GetProcesses

-Text ‘Get-Process | sort’

powershell new snippet

This roughly translates as

  1. new-isesnippet : Create a new snippet

  2. Title : Set the Title to be “Get Processes”

  3. -Description : Set the Description to be “Get Processes”

  4. -Text :  Text is where we add the commands that will do the actual work.  The command syntax=

    Get-Process | sort

 

 

Step 3 – Right click in ISE window > Start Snippets (or Control J)

powersshell start snippets menu

Browse to “Get Processes” Snippet.

powershell getprocesses is listed in ise

Press the Green Arrow to RUN the snippet.

The ISE code window will now return all the processes, sorted into alphabetical order.

How easy was that!

powershell create snippet to get processes

 

Step 4 – Sort Services by Status

This snippet will list all services, and their status. Stopped services will be listed alphabetically first, and running services next.

Get-Service | Sort-Object status

Run

powershell snippet servicestatus

 

Step 5 – Locate only running or stopped services.

Get-Service | Where-Object status -eq running

Get-Service | Where-Object status -eq stopped

PowerShell – How to create scripts for Services that store results into a file – Windows 10

We can enter commands directly into powershell, or use the ISE, which is an updated version of notepad or Notepad++.  The ISE allows us to store multiple commands which form a script.

For instance if we wanted to create a script to list all running services on the computer.

Step 1 – Open the ISE in Windows 10

Start > search for ISE > right click > Run as Admin

Get-Service | Where-Object status -eq running

File > Save As

*Tip – make a “BATCH” folder to store all your scripts in one location, eg C:\BATCH.

Then run or press F5 to run the script.

powershell running services

Step 2 – Create a file of Running Services – use Transcript

There may come a time, when having all the running services listed in a file would be much easier, and for this use, the transcript command.  Transcript records everything that happens when the script runs, and saves this to  a file, that will list all the running services.

Start-Transcript

Get-Service | Where-Object status -eq running

Stop-Transcript

 

File > Save As > Run or F5 to run script

powershell create transcript of running services

This saves the running services to a file, saved in your documents folders.

powershell trasncript file

Browse to this file and open it using Notepad – and this will contain all your running services.  This is very useful.

powershell transcript services listed file

Step 3 – Find Services that are stopped using Transcript

Use Transcript to record stopped services.

find services that are stopped

Step 4 – List the processes using the CPU

Start-Transcript

Get-Process | Sort-Object cpu -Descending

Stop-Transcript

 

 

Step 5 – List processes in Descending order

Start-Transcript

Get-Process | Sort-Object -Descending

Stop-Transcript

 

Step 6 – List processes in Alphabetical order

Start-Transcript

Get-Process | Sort-Object

Stop-Transcript

 

Step 7 – Autosave a script to a c:\BATCH directory, adding the .ps1 file extension

psedit $profile

This will return the profile (login script) edits we made to change the prompt.

function prompt { ‘ [localhost] ‘ }

Next, we add to the script.

This will create a function, that will allow our profile login script to automatically save to the c:\BATCH directory using the “save-script” command in the ISE.  We would type in save-script xyz, and the script  automatically adds the .ps1 extension.

function prompt { ‘ [localhost] ‘ }

function Save-Script{
param(
$ScriptName,
$Path = ‘C:\BATCH\’
)

$ScriptPath = Join-Path $Path “$ScriptName.ps1”

$psISE.CurrentFile.SaveAs($ScriptPath, [System.Text.Encoding]::UTF8)

}

 

Save-Script TopCPU

Next, we list the files in the C:\BATCH directory, to check the file has been saved.

dir C:\BATCH

and you should see a file there called TopCPU.ps1.

Conclusion

  1. The file was saved automatically to the C:\BATCH directory, with the .ps1 extension.
  2. The script will automatically tell us which processes are using CPU resources.

 

 

 

Powershell – How to run and create scripts

When we first use Powershell, the execution policy will probably not allow us to run or write scripts.

Step 1 – PowerShell > Run as admin

Step 2 – Get-ExecutionPolicy

This will probably state “restricted”.

powersell execution policy

Step 3 – Set-ExecutionPolicy remotesigned > Yes

 

Step 4 – Create a Unique Profile for yourself

In the old days, system administrators used “login scrips” so that the environment was set up as soon as a user logged on.

In Powershell we can create and then edit a profile, which acts like a login script.

Create a New-Item profile:

PS C:\> New-Item -Item file -Path $profile -Force

To launch a new tab to enter in scripting commands to edit your profie

PS C:\> psedit $profile

psedit

This will launch a new ISE tab, for your profile.  Next, we change the prompt to state “localhost”, to show that you are working on the local PC.

psedit localhost

Press the green run butto or F5 to see the change to your prompt.  Each time you press enter, the prompt will remind you that you are working on the local host.

localhost prompt

 

How to use HashCheck on Windows 10 for SHA-256 and SHA-512 file hashing.

The most robust way to *prove* that a file has not been tampered with is to use a hashing algorithm which generates a fixed length number that represents the file.  The length of the hash, is related to the hashing type, so MD5 will be much shorter than SHA-256 or SHA-512.

To be “secure” in hashing terms means that 2 files cannot generate the same long number.  If 2 files do have the same hash, this is called a collision and means the algorithm is unsafe. Try to avoid legacy MD5 and SHA-1 hashing, and go for SHA-256 or SHA-512 as these are secure.

If you use Windows 10, there is a free personal hashing algorithm that works pin a windows tab, and can generate evidence of the hash.

 

Step 1 – Download HashCheck 2.4.0

HashCheck can be downloaded here:

https://www.neowin.net/news/hashcheck-240

Download: HashCheck 2.4.0 | 497 KB (Open Source)
View: HashCheck Home Page

This new version supports SHA-256 as default and SHA-512 if selected.

 

Step 2 – Right Click  on any file

HashCheck introduces a new tab into windows, called File Hashes, click on this tab to view the hash value of the file.

Right click on any file > select properties > FILE HASHES TAB

Here I selected a file called “broadcast storm commands for cpu usage.png”.

file hashes tab

Step 3 – Generate a record of a file hash – in a new file

Sometimes, you may need to permanently record the hash value of a file.

HashCheck allows us to do this, using the Windows right-click menu.

Right-click on a file > Create Checksum File

create checksum file

The default hash is SHA-256.  Use the drop down box to change to SHA-512, if needed.

file hashes drop down list

A new file will be created that contains both the hash and the name of the file selected.  The new file will have a large Red tick on it.

red tick

Doubleclick on the Red Tick File – it opens up and checks the hash matches. A Match proves the data has not been tampered with.

red tick file open

This is especially useful if you use this to check archived files, that have read only data, or must not have altered in any way.  Where data integrity is critical, this will automatically check the hash to ensure the integrity is proven.

 

AMD Security Flaws – AMD only given 24 hours advance notice

Today, CTS-Labs, a security company based in Israel, has published a whitepaper identifying four classes of potential vulnerabilities of the Ryzen, EPYC, Ryzen Pro, and Ryzen Mobile processor lines. AMD is in the process of responding to the claims, but was only given 24 hours of notice rather than the typical 90 days for standard vulnerability disclosure. No official reason was given for the shortened time.

As of 3/13 at 5:40pm ET, AMD has since opened a section on its website to respond to these issues. At present, the statement says:

“We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.”

At this point AMD has not confirmed any of the issues brought forth in the CTS-Labs whitepaper, so we cannot confirm in the findings are accurate. It has been brought to our attention that some press were pre-briefed on the issue, perhaps before AMD was notified, and that the website that CTS-Labs has setup for the issue was registered on February 22nd, several weeks ago. Given the level of graphics on the site, it does look like a planned ‘announcement’ has been in the works for a little while, seemingly with little regard for AMD’s response on the issue. This is compared to Meltdown and Spectre, which was shared among the affected companies several months before a planned public disclosure. CTS-Labs has also hired a PR firm to deal with incoming requests for information, which is also an interesting avenue to the story, as this is normally not the route these security companies take. CTS-Labs is a security focused research firm, but does not disclose its customers or research leading to this disclosure. CTS-Labs was started in 2017, and this is their first public report.

CTS-Labs’ claims revolve around AMD’s Secure Processor and Promontory Chipset, and fall into four main categories, which CTS-Labs has named for maximum effect. Each category has sub-sections within.

MasterKey 1, 2, and 3

MasterKey is an exploit that allows for arbitrary code execution within the secure processor of the CPU, but requires the attacker to re-flash the BIOS with an update that attacks the Arm Cortex A5 at the heart of the secure processor. In one version of MasterKey, the BIOS update uses metadata to exploit the vulnerability, but the coal is to bypass AMD’s Hardware Validated Boot (HVM). The impact of MasterKey would allow security features to be disabled, such as the Firmware Trusted Platform Module or Secure Encrypted Virtualization. This could lead to hardware-based random attacks. CTS-Labs cite that American Megatrends, a common BIOS provider for Ryzen systems, makes a BIOS re-flash very easy, assuming the attacker has a compatible BIOS.

Impact EPYC Ryzen Ryzen Pro Ryzen Mobile
MasterKey-1 Disable Security Features
within
AMD Secure Processor
Yes Yes Maybe Maybe
MasterKey-2
MasterKey-3

CTS-Labs state that MasterKey-1 and Masterkey-2 has been successfully exploited on EPYC and Ryzen, but only theorized on Ryzen Pro and Ryzen Mobile by examining the code. Masterkey-3 has not been attempted. Protection comes via preventing unauthorized BIOS updates, although if Ryzenfall compromised system may bypass this.

Chimera HW and Chimera SW

The Chimera exploit focuses on the Promontory chipset, and hidden manufacturer backdoors that allow for remote code execution. CTS-Labs cites that ASMedia, the company behind the chipset, has been fallen foul of the FTC due to security vulnerabilities in its hardware.

Impact EPYC Ryzen Ryzen
Pro
Ryzen
Mobile
Chimera HW Chipset code execution No Yes Yes No
Chimera SW

A successful exploit allows malicious code that can attack any device attached through the chipset, such as SATA, USB, PCIe, and networking. This would allow for loggers, or memory protection bypasses, to be put in place. It is cited that malware could also be installed and abuse the Direct Memory Access (DMA) engine of the chipset, leading to an operating system attack. CTS-Labs has said that they have successfully exploited Chimera on Ryzen and Ryzen Pro, by using malware running on a local machine with elevated administrator privileges and a digitally signed driver. It was stated that a successful firmware attack would be ‘notoriously difficult to detect or remove’.

Ryzenfall 1, 2, 3, and 4

The Ryzenfall exploit revolves around AMD Secure OS, the operating system for the secure processor. As the secure processor is an Arm Cortex A5, it leverages ARM TrustZone, and is typically responsible for most of the security on the chip, including passwords and cryptography.

Impact EPYC Ryzen Ryzen
Pro
Ryzen
Mobile
Ryzenfall-1 VTL-1 Memory Write No Yes Yes Yes
Ryzenfall-2 Disable SMM Protection No Yes Yes No
Ryzenfall-3 VTL-1 Memory Read
SMM Memory Read (req R-2)
No Yes Yes No
Ryzenfall-4 Code Execution on SP No Yes Maybe No

CTS-Labs states that the Ryzenfall exploit allows the attacker to access protected memory regions that are typically sealed off from hardware, such as the Windows Isolated User Mode and Isolated Kernel Mode, the Secure Management RAM, and AMD Secure Processor Fenced DRAM. A successful attack, via elevated admin priveledges and a vendor supplied driver, are stated to allow protected memory reads and writes, disabling of secure memory protection, or arbitrary code execution.

Fallout 1, 2, and 3

Fallout applies to EPYC processors only, and is similar to Ryzenfall. In fact, the way that CTS-Labs describes the vulnerability, the results are identical to Ryzenfall, but relies on compromising the Boot Loader in the secure processor. Again, this is another attack that requires elevated administrator access and goes through a signed driver, and like Ryzenfall allows access to protected memory regions.

Impact EPYC Ryzen Ryzen
Pro
Ryzen
Mobile
Fallout-1 VTL-1 Memory Write Yes No No No
Fallout-2 Disable SMM Protection Yes No No No
Fallout-3 VTL-1 Memory Read
SMM Memory Read (req F-2)
Yes No No No

CTS-Labs states this as a separate name on the basis that it can bypass Microsoft Virtualization-based security, open up the BIOS to flashing, and allow malware to be injected into protected memory that is outside the scope of most security solutions.

What Happens Now

As this news went live, we got in contact with AMD, who told us have an internal team working on the claims of CTS-Labs. The general feeling is that they have been somewhat blindsided by all of this, given the limited time from notice to disclosure, and are using the internal team to validate the claims made. CTS-Labs state that it has shared the specific methods it used to identify and exploit the processors with AMD, as well as sharing the details with select security companies and the US regulators.

All of the exploits require elevated administrator access, with MasterKey going as far as a BIOS reflash on top of that. CTS-Labs goes on the offensive however, stating that it ‘raises concerning questions regarding security practices, auditing, and quality controls at AMD’, as well as saying that the ‘vulnerabilities amount to complete disregard of fundamental security principles’. This is very strong wording indeed, and one might have expected that they might have waited for an official response. The other angle is that given Spectre/Meltdown, the ‘1-day’ disclosure was designed for the maximum impact. Just enough time to develop a website, anyway.

CTS-Labs is very forthright with its statement, having seemingly pre-briefed some press at the same time it was notifying AMD, and directs questions to its PR firm. The full whitepaper can be seen here, at safefirmware.com, a website registered on 6/9 with no home page and seemingly no link to CTS-Labs. Something doesn’t quite add up here.

Reference

https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-respond

Kali available for Windows 10

Both Linux distros use Windows 10’s built-in Windows Subsystem for Linux capability, which permits Linux operating systems to run on top of Windows.

https://www.kali.org/news/kali-linux-in-the-windows-app-store/

No, really…this isn’t clickbait. For the past few weeks, we’ve been working with the Microsoft WSL team to get Kali Linux introduced into the Microsoft App Store as an official WSL distribution and today we’re happy to announce the availability of the “Kali Linux” Windows application. For Windows 10 users, this means you can simply enable WSL, search for Kali in the Windows store, and install it with a single click. This is especially exciting news for penetration testers and security professionals who have limited toolsets due to enterprise compliance standards.

While running Kali on Windows has a few drawbacks to running it natively (such as the lack of raw socket support), it does bring in some very interesting possibilities, such as extending your security toolkit to include a whole bunch of command line tools that are present in Kali. We will update our blog with more news and updates regarding the development of this app as it’s released.

We’d like to take this opportunity to thank the WSL team at Microsoft, and specifically @tara_msft and @benhillis for all the assistance and guidance with which this feat would not be possible. We hope you enjoy WSL’d Kali on Windows 10!

And now, a quick guide on getting Kali installed from the Microsoft App Store:

Getting Kali Linux Installed on WSL

Here’s a quick description of the setup and installation process. For an easier copy / paste operation, these are the basic steps taken:

1. Update your Windows 10 machine. Open an administrative PowerShell window and install the Windows Subsystem with this one-liner. A reboot will be required once finished.

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

2. Once rebooted, open the Windows App store and search for the “Kali Linux” application, or alternatively click here to go there directly. Install the app and enjoy Kali!

Updating Kali Linux on WSL

Updating Kali Linux on WSL is no different from any other instance of Kali:

apt-get update
apt-get dist-upgrade

Here’s a quick video of the process:

Installing Penetration Testing tools on Kali

Installing tools from the Kali Linux repository is usually done via apt commands. For example, to install the Metasploit Framework, you can simply:

apt-get update
apt-get install metasploit-framework

Note: Some Kali tools are identified by antivirus software as malware. One way to deal with this situation is to allow antivirus exceptions on the directory in which the Kali chroot resides in. The following video walks you through this process:

Recovering from a failed Kali WSL instance

Sometimes, you can inadvertently kill your Kali WSL instance, due to an overzealous command, an unintentional action, or even due to Kali or WSL bugs. If this happens, here is a quick recovery guide to get back on top of things. Note: this process will wipe your Kali WSL chroot, and re-extract a new copy. Any changes made to the filesystem will be gone, and reset to default.

Kali Linux is maintained by Offensive Security, a provider of security penetration testing training, and a maintainer of the Exploit Database repository of known software exploits. When run on Windows 10, Kali Linux has “a few drawbacks to running it natively (such as the lack of raw socket support),” Offensive Security explained in a blog post, although it opens up “exciting possibilities,” as well.

Reference

https://mcpmag.com/articles/2018/03/08/kali-debian-linux-windows-store.aspx

https://www.kali.org/news/kali-linux-in-the-windows-app-store/

Search Encrypt – Privacy Search Engine

To my delight, more private search engines are available, each year.  The newest search engine is Search Encrypt.

https://www.searchencrypt.com/

https://choosetoencrypt.com/news/search-encrypt-eliminates-need-clear-history/

This joins

Startpage.com – EU verified as safe

Duckduckgo.com

 

The results are a little thin, so this is a new site by results.  Startpage is EU verified and samples results from Google, with your IP removed.  Duckduckgo.com is a well established search engine, that has a different algorithm to Google, and often find info that Google has suppressed.

All private search engines have to start somewhere, and I wish them the very best.

%d bloggers like this: