Marcha 20, 2018

About speculative execution vulnerabilities in ARM-based and Intel CPUs

06 Enero 2018, 11:50 | Benedicto Grullon

Meltdown and Spectre chip security flaws leave billions of smart devices and computers at risk

Intel says rapidly issuing updates to all processors impacted by Meltdown

The problem impacts processors going back more than two decades and could let hackers access passwords, encryption keys or sensitive information open in applications.

Updated, 9.48am, 4 January 2018: This article was updated clarify that at the time of writing, Apple has yet to comment on updates to tackle vulnerabilities posed by the Spectre and Meltdown revelations.

The Defense Information Systems Agency said it "constantly monitors and evaluates the security posture of all its systems and networks", but otherwise declined to elaborate further on DISA's role mitigating the two vulnerabilities, citing security reasons. While Spectre and Meltdown technically can be exploited in different ways, they both allow for the isolation an operating system should have to be broken.

A collaboration of researchers from Google's Project Zero team, the Graz University of Technology in Vienna, the University of Pennsylvania, the University of Adelaide in Australia and various security companies released the full details of two attacks - called Meltdown and Spectre - that exploit flaws inherent to modern CPUs in order to steal sensitive data from memory.

While security flaws are typically limited to a specific company or product, Intel says the problem is "not a bug or a flaw in Intel products" but rather a broader problem affecting processing techniques common to modern computing platforms. Google's infrastructure, including YouTube, Maps and Search, was impacted by the vulnerability, but no consumer action is needed, according to a company announcement.

The lawsuits also allege that the patches to fix the vulnerabilities will cause computers to operate more slowly.

Experts say the defects can't necessarily be fixed with software upgrades, and complete re-designs of computer processors may be needed.

Affected devices run the gamut, from laptops to high-end cloud servers, with the exception of systems with pre-2013 Itanium and Atom processors. The complaints, published by Gizmodo, were filed in Oregon, California, and Indiana by owners of Intel CPU-based computers. Solutions exist that introduce minimal performance impact, and expect such techniques will be adopted by software vendors over time. What is it protecting against?

Firstly, it's important to understand what the flaws actually entail. The company already released mitigations against Meltdown in its most recent versions of iPhone, iPad, Mac, and Apple TV software.

On Jan. 3, Intel officially addressed the issue in a statement posted to its website.

The National Cybersecurity and Communications Integration Center (NCCIC) put out an alert Jan. 4 offering guidance and a list of patches from 23 of the top vendors affected, including Intel, AMD, Android and Google. Short of one being made, the only way the issue will be fully eradicated is with new microprocessors.

There's no complete software patch for Spectre right now, said Michael Daly, chief technology officer of cybersecurity and special missions at Raytheon, a defense company.

In a statement Thursday, Arm said that the majority of its processors are not affected by Spectre or Meltdown but confirmed that it has been working with Intel, AMD and other partners to develop defenses against the vulnerabilities.

"Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary", a specialised Spectre report claims. Windows 10 updates should be available immediately, with Windows 7 and 8 updates following next week. Spy agencies, for instance, might have known about them for years-and used them without anybody knowing.

Will antivirus prevent an attack?

There are good economic reasons for the lack of diversity in processors, too, chiefly the benefits of standardisation, which makes computers compatible and lowers costs.

Otras noticias

Tendencias Ahora

Cristiano Ronaldo wins fifth Ballon d'or
Karim Benzema should have swung the game firmly back in Madrid's favour, but twice rattled the same post from inside the area. At the end of 2011, we were abundant in quality and ee knew it: we were able to solve any match in four moves.

Open For Business — Bitcoin
Some brokers like Interactive Brokers Group Inc., which caters to individuals, said they wouldn't facilitate short-selling. Several leading financial heavyweights are still studying bitcoin and not serving as financial intermediaries.

Blow to Trump's agenda as Republican Roy Moore loses special election
Trump's behavior becomes increasingly outrageous and often unhinged, the party's grandees appease and flatter him. And he was more than willing to lend his voice and influence when he thought it could matter in the right way.

Lukaku carried off after clash of heads
That's not a line", the Manchester United manager shrugged dismissively as he started walking towards the door. He lay prone on the pitch barely moving while he was treated by medical staff for five minutes.

Will the Republican tax law raise middle-class taxes?
It should be in the business of encouraging work. "With final passage of this legislation, that is exactly what they are getting". Trump's year also closes with significant turnover of many top staffers who had been in the White House since early in his term.

Judicial Watch Sues To Discover Depths Of Mueller's Partisanship
Trump reportedly told close aides that admitting Russia hacked Democratic Party emails was a "trap". He did not disclose that meeting to Congress during his confirmation hearings.

Republican Tax Bill Has Grown More Unpopular, Poll Shows
Those seeking advanced degrees could owe 300 percent more each year thanks to a provision in the plan that taxes tuition waivers. In the video, Sanders said, "Huge tax breaks for billionaires, higher taxes for millions of middle-class families".

Palestinian Authority not a partner for peace — LETTER
Egypt circulated the draft text on Saturday, and diplomats said the council could vote on the proposed measure as early as Monday. None of this can ever take place with the same old faces, the same tired language and the same dead-end politics.

Ayatollah Khamenei: Enemies have got united against Iran in recent days
But it then predicted that sending IRGC or the Bassij forces would "backfire" and would further "antagonize the protesters". Elsewhere, the Leader highlighted the sacrifices of martyrs during the Iraqi war against Iran during the Saddam regime.

Chrome to launch ad blocker officially in Feb 2018
Google Chrome will soon have a native ad blocker that focuses on blocking bad ads and improving online advertisements for users. Here is what Google has suggested for websites and publishers which will begin starting on February 15th, 2018.