InSpectre : GRC.com Spectre & Meltdown testing tool

Recommended Posts

+warwagon    10,435

InSpectre

27933699889_eb3e9cb835_o.jpg

 

https://www.grc.com/dev/InSpectre.exe

 

Steve Gibson has recently created a new tool to run on a system to inform you whether or not a system is vulnerable to Meltdown or Spectre. At the moment it's in the testing phase, but it's getting closer to the final. You can still test it out.

 

 

Share this post


Link to post
Share on other sites
Mindovermaster    1,220

Linux fans. this can be run in WINE as well. Just tested it.

 

Edit: I had YES for both, and it says performance is good...

Share this post


Link to post
Share on other sites
+warwagon    10,435
12 minutes ago, Mindovermaster said:

Linux fans. this can be run in WINE as well. Just tested it.

 

Edit: I had YES for both, and it says performance is good...

While it can be run in wine it might be looking for certain Windows-specific fixes. Which is why you may be getting a Yes on Meltdown. I know from early versions that I was testing that under the hood (before he made it in plain English) there was a section that said "CPU Microcode yes or no." So Spectre results in this tool may be OS independent.

Share this post


Link to post
Share on other sites
Circaflex    3,243
Just now, warwagon said:

While it can be run in wine it might be looking for certain Windows-specific fixes.

I tend to agree. For Linux, your best option is this native script https://github.com/speed47/spectre-meltdown-checker

Share this post


Link to post
Share on other sites
Mindovermaster    1,220
mind@mind-PC ~ $ bash spectre-meltdown-checker.sh 
Spectre and Meltdown mitigation detection tool v0.31

Note that you should launch this script with root privileges to get accurate information.
We'll proceed but you might see permission denied errors.
To run it as root, you can try the following command: sudo spectre-meltdown-checker.sh

Checking for vulnerabilities against running kernel Linux 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64
CPU is Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
spectre-meltdown-checker.sh: line 418: /boot/vmlinuz-4.4.0-104-generic: Permission denied
spectre-meltdown-checker.sh: line 418: /boot/vmlinuz-4.4.0-104-generic: Permission denied
spectre-meltdown-checker.sh: line 418: /boot/vmlinuz-4.4.0-104-generic: Permission denied
spectre-meltdown-checker.sh: line 418: /boot/vmlinuz-4.4.0-104-generic: Permission denied
spectre-meltdown-checker.sh: line 418: /boot/vmlinuz-4.4.0-104-generic: Permission denied
spectre-meltdown-checker.sh: line 418: /boot/vmlinuz-4.4.0-104-generic: Permission denied

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  UNKNOWN 
> STATUS:  UNKNOWN  (couldn't check (couldn't extract your kernel from /boot/vmlinuz-4.4.0-104-generic))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation
*     The SPEC_CTRL MSR is available:  UNKNOWN  (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
*     The SPEC_CTRL CPUID feature bit is set:  UNKNOWN  (couldn't read /dev/cpu/0/cpuidr, is cpuid support enabled in your kernel?)
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  NO 
* PTI enabled and active:  NO 
* Checking if we're running under Xen PV (64 bits):  NO 
> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

guess I'm still Vulnerable...

Share this post


Link to post
Share on other sites
CrashGordon    376

@warwagon  I'm guessing you haven't updated the BIOS on that device you tested with?

Share this post


Link to post
Share on other sites
+warwagon    10,435
5 minutes ago, CrashGordon said:

@warwagon  I'm guessing you haven't updated the BIOS on that device you tested with?

Correct, None my Windows PC/laptops have Bios Updates available for them and probably never will.

Share this post


Link to post
Share on other sites
CrashGordon    376
6 minutes ago, warwagon said:

Correct, None my Windows PC/laptops have Bios Updates available for them and probably never will.

Thanks. Yeah got a couple here too. An Asus P5K-E and haven't even looked at the laptop yet, but I'm not expecting to find one for it either.

Share this post


Link to post
Share on other sites
+warwagon    10,435
14 minutes ago, CrashGordon said:

Thanks. Yeah got a couple here too. An Asus P5K-E and haven't even looked at the laptop yet, but I'm not expecting to find one for it either.

I aso have a Macbook Pro 2011 and a Slightly Newer iMac (only because I got  a really good deal on both) .. so i'm hopeful both of those will get some kind of UFI update. The computer i'm most annoyed with probably not getting the update is my 16GB ram, 512 msata SSD  i7 4770R brix pro.

Share this post


Link to post
Share on other sites
+goretsky    819

Hello,

I've noticed several third-party utilities beyond what Microsoft has provided are beginning to appear. 

 

Here's the ones I've found so far:

 

Alex Ionescu - SpecuCheck

Ashampoo - Ashampoo Spectre Meltdown CPU Checker

GRC - Inspectre

Qihu 360 - CPU Vulnerability Assessment and Fix Tool

 

Regards,

 

Aryeh Goretsky

 

Share this post


Link to post
Share on other sites
+Mando    4,744

gotta love grc.com :)

 

image.thumb.png.2440c857bd57d85585508be3eaa2e4db.png

Share this post


Link to post
Share on other sites
+Mando    4,744
12 hours ago, warwagon said:

I aso have a Macbook Pro 2011 and a Slightly Newer iMac (only because I got  a really good deal on both) .. so i'm hopeful both of those will get some kind of UFI update. The computer i'm most annoyed with probably not getting the update is my 16GB ram, 512 msata SSD  i7 4770R brix pro.

As long as both systems have an up todate av with detection sigs for spectre/meltdown attack vectors, your somewhat covered in conjuction with windows patches.

Share this post


Link to post
Share on other sites
Pork Chopper    125

So by changing two Registry entries you basically bypass what the Windows patch did as well as the BIOS update.  If this is such a big security concern why allow it to be overridden.  I have confirmed that the two Reg entries do reverse the patches.  I realize the logic for all of this is that the performance hit might be too much for some machines and servers.  It is also true, so I read, that no exploit has occurred for all the decades this so called security flaw has existed, until possibly now that it is splashed all over the place.

Share this post


Link to post
Share on other sites
oldtimefighter    3,066
5 minutes ago, Pork Chopper said:

So by changing two Registry entries you basically bypass what the Windows patch did as well as the BIOS update.  If this is such a big security concern why allow it to be overridden.  I have confirmed that the two Reg entries do reverse the patches.  I realize the logic for all of this is that the performance hit might be too much for some machines and servers.  It is also true, so I read, that no exploit has occurred for all the decades this so called security flaw has existed, until possibly now that it is splashed all over the place.

No exploit has been discovered in the wild but that doesn't mean one doesn't exist. The three letter agencies right here the US are known to keep exploits secret.

Share this post


Link to post
Share on other sites
oldtimefighter    3,066

You have to install it? Why?

Share this post


Link to post
Share on other sites
Mindovermaster    1,220
2 hours ago, oldtimefighter said:

You have to install it? Why?

Umm, you don't?

Share this post


Link to post
Share on other sites
adrynalyne    8,634
2 hours ago, Pork Chopper said:

So by changing two Registry entries you basically bypass what the Windows patch did as well as the BIOS update.  If this is such a big security concern why allow it to be overridden.  I have confirmed that the two Reg entries do reverse the patches.  I realize the logic for all of this is that the performance hit might be too much for some machines and servers.  It is also true, so I read, that no exploit has occurred for all the decades this so called security flaw has existed, until possibly now that it is splashed all over the place.

As it was explained to me, the patch alone is not enough to enable the protection on Windows Server. You must also proactively set the reg keys. Being that Windows Server is based off of Windows version whatever, they also end up working there but are not needed to be set to  enable it. They can however be used to disable it. 

Share this post


Link to post
Share on other sites
oldtimefighter    3,066
30 minutes ago, Mindovermaster said:

Umm, you don't?

I meant it appears to be an installer. I got the Windows warning prompt and didn't go any further because really had to get to work anyway. Is that correct? I wanted someone to confirm either way. If so why? It seems like something that just needs to run once.

Share this post


Link to post
Share on other sites
+DevTech    1,079
7 hours ago, Pork Chopper said:

So by changing two Registry entries you basically bypass what the Windows patch did as well as the BIOS update.  If this is such a big security concern why allow it to be overridden.  I have confirmed that the two Reg entries do reverse the patches.  I realize the logic for all of this is that the performance hit might be too much for some machines and servers.  It is also true, so I read, that no exploit has occurred for all the decades this so called security flaw has existed, until possibly now that it is splashed all over the place.

YES. You have identified "The Emporer's New Clothes".  About time this issue gets to be right up front in any discussion.

 

The fuss is because the issue is related to CPU architecture and is mostly universal.

 

But to use the word "Exploit" is misleading for most people in most cases. The so-called security issue does not lead to an escalation of privilege level. Simply due to speculative execution of branch prediction code there can be other processes machine instructions that you can spy on. Woopy Doo, Scooby Doo...

 

To run a resident task to continuously spy on this information mains the computer has already been compromised by a real exploit and at that point there sure is a lot of better ways to steal user data! This issue is only of use in server systems where multiple people use the same machine and one customer can run code to spy on other customer's code. But even there, imagine trying to assemble coherently useful data out of cached branch instruction misses?

 

Every day a real virus takes over a real computer and does real illegal things. The best Anti-Virus have a 99% success score in real world testing. Compare that 1% of world wide successful penetration with Spectre and Meltdown. Look at the words "Spectre" and "Meltdown" and wonder what sort of marketing forces are at play in this non-situation.

 

 

 

Share this post


Link to post
Share on other sites
+DevTech    1,079

It makes no sense to install any patches for this problem on any user computer since your own code can already spy on your own computer.

 

It makes no sense to install any patches for this problem on any server that is used on premise or used exclusively for one customer since again you can only spy on yourself!

 

Only in the case of vendors supplying shared hosting over the internet does it make any possible sense to install a fix and even then nobody has demonstrated any ability to extract useful information out of this "inter-process leak"

 

But instead, the world is rushing to install this everywhere at the cost of slowing down everyone's computer maybe 1% maybe 20% and multiplied by several billion computers and you get far worse damage in human labor and reduced processing or else energy cost.

 

There is NO escalation of privilege! Only an already infected computer could deploy code to examine branch misses but the absurdity of this is since the computer has already been root-kitted or trojaned, it can just freakin access the data directly!

 

We have a solution that does far more damage than the problem itself! 

Share this post


Link to post
Share on other sites
+DevTech    1,079
45 minutes ago, Mando said:

Kudos to Kevin Beaumont for this matrix, its not mine. Lots of direct links to different vendors and patch status.

 

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

 

 

 

 

I am straining to imagine the word "Kudos" in the context of promoting this insanity.

 

I.T. professionals, instead of doing a knee-jerk response of applying yet another security patch, should stop and ask WTF is this protecting against that justifies the huge cost of protection?

 

Share this post


Link to post
Share on other sites
xendrome    4,749
9 minutes ago, DevTech said:

I am straining to imagine the word "Kudos" in the context of promoting this insanity.

 

I.T. professionals, instead of doing a knee-jerk response of applying yet another security patch, should stop and ask WTF is this protecting against that justifies the huge cost of protection?

 

I totally disagree with you to let a vulnerability sit out there open and not be addressed on systems that run the entire word seems like a horrible idea. The attack vector could change overnight, thinking about only how it could be exploited now is short-sighted.

Share this post


Link to post
Share on other sites
+Mando    4,744

im finding matrixes like this invaluable to catalogue what fixes to kit under my remit will require, awaiting parents corp official response to addressing it, meanwhile im collating info to help myself when they do respond.

Share this post


Link to post
Share on other sites
+DevTech    1,079
37 minutes ago, xendrome said:

I totally disagree with you to let a vulnerability sit out there open and not be addressed on systems that run the entire word seems like a horrible idea. The attack vector could change overnight, thinking about only how it could be exploited now is short-sighted.

But there is no attack vector! It is not a vulnerability! It is just information leakage of particularly incoherent information.

 

It it just a way of seeing incoherent bits of CPU instructions.

 

There is no mapping for access into another address space just a view into branch prediction misses from another process space. You are seeing really stupid stuff in a cache. You can't map in anything else. You have no control. You would probably need a Quantum Computer to make any useful sense of random fragments of code that were the exact opposite of the IF-THEN-ELSE that was actually executed.

 

There is no privilege escalation, so assuming you could insert your Quantum Computer into WTF who knows where, you couldn't do anything with it without an actual attack vector that gives you access to something at which point you don't need the garbage gobbledygook of this "giant security hole" because your real attack vector lets you access real data instead of fragments of code that were never meant to be executed...

 

Sorry, this one needs to get some sort of award for stupidest security fuss of all time!

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.