November 14, 2018

Ars Technica: Spectre, Meltdown researchers unveil 7 more speculative execution attacks

Ars Technica: Spectre, Meltdown researchers unveil 7 more speculative execution attacks. “A research team—including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks—has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. The result? Seven new possible attacks. Some are mitigated by known mitigation techniques, but others are not. That means further work is required to safeguard vulnerable systems.”

Security & Legal Issues 0
July 28, 2018

Ars Technica: New Spectre attack enables secrets to be leaked over a network

Ars Technica: New Spectre attack enables secrets to be leaked over a network. “When the Spectre and Meltdown attacks were disclosed earlier this year, the initial exploits required an attacker to be able to run code of their choosing on a victim system. This made browsers vulnerable, as suitably crafted JavaScript could be used to perform Spectre attacks. Cloud hosts were susceptible, too. But outside these situations, the impact seemed relatively limited. That impact is now a little larger.”

Security & Legal Issues 0
July 12, 2018

PC World: Chrome gobbles much more RAM due to Google’s ‘Site Isolation’ protection for Spectre CPU flaws

PC World: Chrome gobbles much more RAM due to Google’s ‘Site Isolation’ protection for Spectre CPU flaws. “The critical Meltdown and Spectre bugs baked deep into modern computer processors will have ramifications on the entire industry for years to come, and Chrome just became collateral damage. Google 67 enabled ‘Site Isolation’ Spectre protection for most users, and the browser now uses 10 to 13 percent more RAM due to how the fix behaves.”

Tweaks & Updates 0
May 23, 2018

Microsoft, Google: We’ve found a fourth data-leaking Meltdown-Spectre CPU hole (The Register)

The Register: Microsoft, Google: We’ve found a fourth data-leaking Meltdown-Spectre CPU hole . “A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers. These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, depending on the circumstances.”

Security & Legal Issues 0
February 5, 2018

Boing Boing: 139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild

Boing Boing: 139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild. “This week, AV-TEST’s census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. AV-TEST CEO Andreas Marx says that the different strains of malware mostly contain recompiled versions of the same proof-of-concept code released with the initial report on the bugs.”

Security & Legal Issues 0
January 29, 2018

BetaNews: Microsoft issues emergency Windows update to disable Intel’s shoddy Spectre variant 2 mitigation

BetaNews: Microsoft issues emergency Windows update to disable Intel’s shoddy Spectre variant 2 mitigation . “The computer industry is in utter chaos right now. Despite a slight increase in PC sales for Q4 2018, the market is still extremely unhealthy. Not to mention, pretty much all existing hardware is fundamentally flawed thanks to both Spectre and Meltdown vulnerabilities. At least major companies such as Intel, AMD, and Microsoft are working together to mitigate these risks, right? Wrong. These patches have proven to be problematic — for instance, some AMD computers were rendered unbootable. Ugh, what a failure.”

Tweaks & Updates 0
January 23, 2018

BetaNews: Intel tells customers to stop installing Meltdown/Spectre patches due to ‘unpredictable’ reboot issues

BetaNews: Intel tells customers to stop installing Meltdown/Spectre patches due to ‘unpredictable’ reboot issues. “The fallout from the Meltdown and Spectre bugs continues to plague Intel. The company has been hit with lawsuits, users complained about performance drops, and some users found that their computers were rendered unbootable. For people with Broadwell and Haswell chips, there was a problem with random reboots, and as a result of this — some two weeks down the line — Intel is now advising people to stop installing its patches.”

Tweaks & Updates 0
January 19, 2018

PC World: Is your PC vulnerable to Meltdown and Spectre CPU exploits? InSpectre tells you

PC World: Is your PC vulnerable to Meltdown and Spectre CPU exploits? InSpectre tells you. “The vital information you need to know about the serious Meltdown and Spectre CPU exploits isn’t whether your PC is inherently vulnerable to them—it is—but whether your system has been patched to protect against the flaws. Finding that information isn’t easy though. You need to sift through update logs, cross-referencing them with arcane vulnerability identifiers and Microsoft Knowledge Base codes—or at least you did. Gibson Research recently released InSpectre, a wonderfully named, dead simple tool that detects if your PC is vulnerable to Meltdown and Spectre.”

Useful Stuff 0
January 17, 2018

Lifehacker: What’s Going On With the Spectre and Meltdown Patches?

Lifehacker: What’s Going On With the Spectre and Meltdown Patches? . “Earlier this month, computer security expects dropped a bombshell on the internet. A pair of vulnerabilities titled Spectre and Meltdown that date back to 1995 were putting a wide variety of computers, smartphones and internet browsers at risk. Since then, companies like Microsoft and Apple, along with chip-makers like Intel and AMD, have been racing to release patches, but it hasn’t been the smoothest process. Over a week later, the effort to fix these exploits is far from finished. Here’s a rundown of what you need to know about the state of Spectre and Meltdown patches.”

Tweaks & Updates 0
January 14, 2018

The Verge: Keeping Spectre Secret

The Verge: Keeping Spectre Secret. “When Graz University of Technology researcher Michael Schwarz first reached out to Intel, he thought he was about to ruin the company’s day. He had found a problem with their chips, together with his colleagues Daniel Gruss, Moritz Lipp, and Stefan Mangard. The vulnerability was both profound and immediately exploitable. His team finished the exploit on December 3rd, a Sunday afternoon. Realizing the gravity of what they’d found, they emailed Intel immediately.”

Around the Search & Social Media World 0
January 12, 2018

BetaNews: Spectre patch in iOS 11.2.2 is slowing down iPhones

BetaNews: Spectre patch in iOS 11.2.2 is slowing down iPhones. “As technology firms around the world try to mop up the mess that the Meltdown and Spectre chip bugs are making, Intel has been keen to stress that the impact patches will have on performance will be minimal. The company has already released benchmark results that show the hardest hit will be older computers. Now new benchmarks show that iPhone users may notice slowdowns too.”

Tweaks & Updates 0

The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.

Want to know how to best use the Firehose for content discovery?
Check out this handy article.

Get RB Firehose Via EMail

Enter your email address to subscribe to ResearchBuzz Firehose and get a firehose of new posts straight to your email.

Join 2,020 other subscribers

Recent Posts

Popular Posts

Latest ResearchBuzz Gizmos

Stephen’s Cloud Seeder
Search Mastodon Instances for Two Hashtags at a Time
Search Wikipedia for Mastodon Accounts with WMT
RSStodon v2
Mastodon Username Helper

Brought to you by Calishat.