Lies and More Lies
Following the release of the Spectre and Meltdown CPU attacks, the security community wondered if other researchers would find related speculative attack problems. When the following appeared, we were concerned:
"Skyfall and Solace
More vulnerabilities in modern computers.
Following the recent release of the Meltdown and Spectre vulnerabilities, CVE-2017-5175, CVE-2017-5753 and CVE-2017-5754, there has been considerable speculation as to whether all the issues described can be fully mitigated.
Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.
Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches.
Watch this space..."
It turns out this was a hoax. The latest version of the site says, in part:
"With little more than a couple of quickly registered domain names, thousands of people were hooked...
Skyfall
The idea here was to suggest a link to Intel's Skylake processor.
Solace
The idea here was to suggest a link to the Solaris operating system.
Copy the styling of the original Meltdown and Spectre sites and add a couple of favicons based loosely on the Intel and Solaris logos and I was nearly done.
The final step was to add on https, because if a site's got an SSL certificate it must be legitimate, and the bait was set."
The problem with this "explanation" is that it wasn't just a logo, domain name and SSL certificate. The "security professional" who created this site outright lied, as shown at the top of this post. Don't fall for his false narrative.
I'm not naming names or linking to the sites here, because the person responsible already thinks he's too clever.
from TaoSecurity http://ift.tt/2G2mxX4
"Skyfall and Solace
More vulnerabilities in modern computers.
Following the recent release of the Meltdown and Spectre vulnerabilities, CVE-2017-5175, CVE-2017-5753 and CVE-2017-5754, there has been considerable speculation as to whether all the issues described can be fully mitigated.
Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.
Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches.
Watch this space..."
It turns out this was a hoax. The latest version of the site says, in part:
"With little more than a couple of quickly registered domain names, thousands of people were hooked...
Skyfall
The idea here was to suggest a link to Intel's Skylake processor.
Solace
The idea here was to suggest a link to the Solaris operating system.
Copy the styling of the original Meltdown and Spectre sites and add a couple of favicons based loosely on the Intel and Solaris logos and I was nearly done.
The final step was to add on https, because if a site's got an SSL certificate it must be legitimate, and the bait was set."
The problem with this "explanation" is that it wasn't just a logo, domain name and SSL certificate. The "security professional" who created this site outright lied, as shown at the top of this post. Don't fall for his false narrative.
I'm not naming names or linking to the sites here, because the person responsible already thinks he's too clever.
Copyright 2003-2016 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and http://ift.tt/1fDn3pG)
from TaoSecurity http://ift.tt/2G2mxX4