Raspberry Pi

Meltdown & Spectre Vulnerabilities

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer.  Malicious programs can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs obtaining passwords, logon details and what was once thought to be secured information.

Meltdown and Spectre work on personal computers, mobile devices, and in the Cloud – AWS, Azure, and other 3rd party Cloud / IaaS Providers.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an un-patched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.


Vendor recommendations:

Information on the vulnerabilities:


Current known list of affected vendors and their respective advisories and/or patch announcements below

Vendor Advisory/Announcement
Amazon (AWS) AWS-2018-013: Processor Speculative Execution Research Disclosure
AMD An Update on AMD Processor Security
Android (Google) Android Security Bulletin—January 2018
Apple HT208331: About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
HT208394: About speculative execution vulnerabilities in ARM-based and Intel CPUs
ARM Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism
Azure (Microsoft) Securing Azure customers from CPU vulnerability
Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities
Chromium Project Actions Required to Mitigate Speculative Side-Channel Attack Techniques
Cisco cisco-sa-20180104-cpusidechannel – CPU Side-Channel Information Disclosure Vulnerabilities
Citrix CTX231399: Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Debian Debian Security Advisory DSA-4078-1 linux — security update
Dell SLN308587 – Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
SLN308588 – Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell EMC products (Dell Enterprise Servers, Storage and Networking)
F5 Networks K91229003: Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
Google’s Project Zero Reading Privileged Memory with a Side-Channel
Huawei Security Notice – Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design
IBM Potential CPU Security Issue
Intel INTEL-SA-00088 Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
Lenovo Lenovo Security Advisory LEN-18282: Reading Privileged Memory with a Side Channel
Microsoft Security Advisory 180002: Guidance to mitigate speculative execution side-channel vulnerabilities
Windows Client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Windows Server guidance to protect against speculative execution side-channel vulnerabilities
SQL Server Guidance to protect against speculative execution side-channel vulnerabilities
Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software
Mozilla Mozilla Foundation Security Advisory 2018-01: Speculative execution side-channel attack (“Spectre”)
NetApp NTAP-20180104-0001: Processor Speculated Execution Vulnerabilities in NetApp Products
nVidia Security Notice ID 4609: Speculative Side Channels
Security Bulletin 4611: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels
Security Bulletin 4613: NVIDIA Shield TV Security Updates for Speculative Side Channels
Raspberry Pi Foundation Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown
Red Hat Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
SUSE SUSE Linux security updates CVE-2017-5715
SUSE Linux security updates CVE-2017-5753
SUSE Linux security updates CVE-2017-5754
Synology Synology-SA-18:01 Meltdown and Spectre Attacks
Ubuntu Ubuntu Updates for the Meltdown / Spectre Vulnerabilities
VMware NEW VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution
Xen Advisory XSA-254: Information leak via side effects of speculative execution

Raspberry Pi 2 Windows 10

Are you wondering what Windows 10 will look like on a Raspberry Pi 2.

Here is a good video what gives you a demo of how it looks, and its functions.

Looking to join the insider program follow this link:

Raspberry Pi – NOOBS

The fantastic groups over at raspberrypi.org have introduced a new project shaped around the idea of simplifying the beginner experience when it comes to using the Raspberry Pi.

NOOBS makes setting things up much easier, and while grandma and grandpa may still be left on the outskirts of things you won’t need to do much more that head over to the download page and grad the NOOBS zip packed via direct download or torrent.

NOOBS offers many good choice images you may want to choose from such as Raspbian, RaspBMC, RiscOS, Archlinux and others…

So now even more of us can have a slice of the Pi.

More info can be found here: http://www.raspberrypi.org/archives/tag/noobs

Raspbian Wheezy Squid Proxy

“I am learning all the time.  The tombstone will be my diploma.”  ~Eartha Kitt

Hello Friends, I am back again with an update on my most recent Raspberry Pi (Rasp~ Pi) minimal image; This time around I have added a Squid Proxy Server to the mix. Like that of my previous post I am still running on top of the awesome base setup that just works wonders for me.

I did add some additional tools such a htop, sshfs, cifs utils, nmap, and many more. You’ll just have to give it a go to see for yourself., but let us not get off track. This image is all about the out of the box squid proxy experience. I have done the install (simple for some, not to others) and updated the squid.conf to allow for the typical LAN network access. Don’t worry, I preserved the base configuration file for your review.

Some things I would like you to know:

1. This image boots up, grabs an IP Address from your DHCP network
2. Squid will also start-up on its own (using Google DNS to look up internet addresses)
3. Runs fantasticly on a small home / office network

Link to download this custom updated image: raspbian_wheezy_armhf_squid_jermsmit_20120819.7z
Sorry about the size, there are some things I didn’t clean up’; such as logs etc…

The root password is: jermsmit

–More Info–

Squid is a proxy server and web cache daemon. It has a wide variety of uses, from speeding up a web server by caching repeated requests; to caching web, DNS and other computer network lookups for a group of people sharing network resources; to aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including TLS, SSL, Internet Gopher and HTTPS – source


mount windows share using cifs

Once again I am tinkering with my Raspberry Pi doing things.  Now I want to mount my windows share remotely to move files around, also extend my storage remotely. As always I share how to do this with some simple steps.

To mount a remote Windows share In Debian Squeeze you need to make sure that cifs-utils is installed. To install cifs-utilis, just use apt-get:  apt-get install cifs-utils (apt-get update && apt-get install cifs-utils) if you haven’t did an update in a while.

After the install (or before) you need to make a directory to mount to. In my case I use the /media/video/ location because I am mounting video files and like to keep my names logical to what I am mounting or else I might forget.

To do this I then type the following:
mount -t cifs // /media/video/ -o username=accountname,password=password

To verify your work all you need do is change directory into the /media/video and do a ls command, you can also do this by just typing ‘ls /media/video

Now wasn’t that simple