Author Archives: Lynn Trubits

New “Spoiler” Side-Channel Attack Threatens Processors

Over the past week, I have been talking about a new, non-Spectre side-channel attack called “Spoiler”. Thanks to our partner SonicWall, here is a breakdown of how it was discovered, how it attacks, and how to stop it!

What is Spoiler?

Research from the Worcester Polytechnic Institute in Worcester, Mass., and the University of Lübeck in Germany, identifies a new “microarchitectural leakage stemming from the false dependency hazards during speculative load operations.”

The group’s paper, “SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks,” proposes the new side-channel Spoiler attack, which could exploit a “previously unknown microarchitectural leakage stemming from the false dependency hazards during speculative load operations.”

As a result, Spoiler also enhances the effectiveness of other side-channel attacks, namely Rowhammer, and other cache-based attacks. The report notes that Spoiler only affects Intel Core processors and not current AMD and ARM processors.

The research group was quick to point out that while Spoiler is similar to Spectre, they aren’t the same and have very different ramifications, namely with how previous attacks take advantage of vulnerabilities in the speculative branch prediction unit and memory leaks in protected environments.

Spoiler is not a Spectre attack,” the researchers published in their 17-page report. “The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler.”

Stop Spoiler Side-Channel Attacks with RTDMI

SonicWall’s Real-Time Deep Memory Inspection (RTDMI) isn’t a common mitigation solution. But, like it does with Spectre, Meltdown, Foreshadow and PortSmash, SonicWall’s RTDMI can mitigate Spoiler attacks.

RTDMI provides CPU-level instruction detection granularity (unlike typical behavior-based systems, which have only API/system call-level granularity) to detect malware variants that contain exploit code targeting processor vulnerabilities, including Spoiler.

To discover packed malware code that has been compressed to avoid detection, the RTDMI engine allows the malware to reveal itself by unpacking its compressed code in memory in a secure sandbox environment. It sees what code sequences are found within and compares it to what it has already seen.

Identifying malicious code in memory is more precise than trying to differentiate between malware system behavior and clean program system behavior, which is an approach used by some other analysis techniques.

Besides being highly accurate, RTDMI also improves sample analysis time. Since it can detect malicious code or data in memory in real-time during execution, no malicious system behavior is necessary for detection. The presence of malicious code can be identified prior to any malicious behavior taking place, thereby rendering a quicker verdict.

The IT Security experts at RedZone can help you minimize risk with SonicWall’s Real-Time Deep Memory Inspection that can mitigate Spoiler attacks.

For more information, contact my team today: (410) 897-9494 | myteam@redzonetech.net 

Source: SonicWall Blog Post, March 6, 2019 – New Spoiler Side-Channel Attack Threatens Processors, Mitigated by SonicWall RTDMI, by Brooke Chelmo.

Solution Spotlight: Advanced Threat Protection

ATP | Discover and Stop Email Attacks with Automated Remediation

Ransomware, phishing and business email compromise have made email security more crucial than ever. Email-borne threats have evolved from annoying spam attacks to business disrupting ransomware attacks.

RedZone together with our partner SonicWall offers Email Cloud Capture ATP to shield your business from advanced email threats involving ransomware, spear phishing, and email compromise. With its Capture Advance Threat Protection Service, SonicWall Email Security delivers fine-grained, user-transparent inspection of SMTP traffic.

This cloud-based Capture service scans a broad range of email attachment types, analyzes them in a multi-engine sandbox, and automatically blocks dangerous files or emails before they reach your network.

Here’s what else you get…

  • Comprehensive multi-layer protection for email communications
  • Sandboxing and quarantining of any unknown files
  • Dynamic reputation-based blacklisting
  • Advanced content analysis and pattern recognition
  • Strong encryption + Data Loss Prevention (DLP) for compliance + regulatory requirements
  • Detailed reporting

Given its ubiquitous nature, email is a critical vector that your organization must protect. Email Security with Capture gives you a highly effective and responsive defense against today’s advanced email threats, at a low TCO.

RedZone offers innovative email protection solutions to help you secure your IT environment. Contact us today: (410) 897-9494 |rzsales@redzonetech.net

Eliminate Death On the Job by 2050 with David DiLeo

If you enjoy listening to my podcast, please take a minute to leave a review here!

Today you will hear a power-packed Episode with a world-class CIO. My guest today is David DiLeo, the Chief Information Officer at Industrial Scientific.

If you aspire and dream of a big job as a CIO and then land there, what would you do next? Well, 5-1/2 years ago, David landed at Industrial Scientific. What he and his team have achieved during that time has been remarkable.

As CIO, David is responsible for the information technology needs of Industrial Scientific which includes leading a large and diverse technical team comprised of ERP, business applications, application development, business intelligence, IT security, global infrastructure, and support functions. This team represents a world-class IT organization with capabilities that deliver high quality and data-driven solutions to both internal and external customers.

If you want to hear about good old-fashioned project management delivered at a world-class level, this Podcast is for you.

Here are some areas we cover:

  • Changing the Brand of IT.
  • How to create a scalable IT organization to support a business.
  • Changing IT from “Reactive” to “Proactive” – This is impressive since it was delivered in the midst of tremendous complexity and scale – not just lip service or words that everyone in business wants to hear from top CIO’s.
  • Project management can give you the broadest understanding of business. See why the path to David’s CIO role – a progression of technical, project management, middle management, and then senior management roles – was significant.
  • The powerful impact of IoT in his world.
  • How he integrated top-notch security into his environment following risk-based and security-by-design principles.
  • How people (good people) joined him on the journey to transform the business.
  • How he remains grounded and balanced.
  • His vision for himself and the business over the next few years.

This is only a small subsection of what you will learn from listening, enjoy!

Continue reading

Dominance Hierarchies | Leadership | Competition | Women with Dr. Joyce Benenson

If you enjoy listening to my podcast, please take a minute to leave a review here!

I found my guest today, Dr. Joyce Benenson, through a book I read called Top Dog, recommended to me by one of my recent guests, Navy Seal, Captain Tom Chaby.

Joyce is a professor of Psychology at Emmanuel College in Boston and an Associate Member of the Human Evolutionary Biology department at Harvard University. She is an author of a fascinating book called Warriors and Worriers: The Survival of the Sexes. The book explores the evolutionary differences between men and women and how they survive through competitiveness. Drawing on an interesting array of studies and stories that explore the ways boys and men deter their enemies, while girls and women find assistants to aid them in coping with vulnerable children and elders, Benenson turns upside down the familiar wisdom that women are more sociable than men and that men are more competitive than women.

As much as I love to interview guests on leadership and high performance topics on my podcast, in this interview, Joyce and I discuss what IT business leaders could learn from her studies on gender differences to get the most out of their high performance teams.

Key Points of Interest in This Episode:

I think self-awareness is the key to being a high-performance leader. You will need to draw your own conclusions from my discussion with Joyce Benenson. In an age of political correctness and non-brave communications, I love reading and listening to experts who explore topics worth considering in our political environment.

As you explore your own process of developing as a leader in business and in your life, learn unique biological attributes of man and women that will help you be a better more “self-aware” leader.

With this, I’d like to welcome you to my interview with Joyce Benenson.

Continue reading