Octubre 22, 2018

Google discovers 'serious' flaws in Intel and other chips

06 Enero 2018, 11:35 | Verda Sainz

"The full Project Zero report is forthcoming", it said.

Vendors have been working feverishly to put out patches throughout the past two days. The other, Spectre, is harder to fix, but also harder to exploit, making it less of an immediate threat to consumer devices.

Both Spectre and Meltdown have the ability to be one of the biggest tech security vulnerabilities discovered.

What are "Spectre" and "Meltdown"?

Intel also says the exploits are due to "speculative execution techniques" which are present in nearly all modern processors.

However, Apple has not published any information on the security fixes for its computers and smartphones to date.

Variant 1 (CVE-2017-5753), "bounds check bypass".

Has anyone been hacked this way yet? In November, researcher Kevin Finisterre discovered a vulnerability in the products of drone manufacturer DJI and reported the issue to the firm.

It breaks down the most fundamental isolation between user applications and the operating system.

Variant 3 (CVE-2017-5754), "rogue data cache load".

Daniel Gruss, a researcher at Graz University of Technology, called it "probably one of the worst CPU (central processing unit) bugs ever found".

In order to do their work, they must move data around, using different types of memory to temporarily store it. Some customers may worry that they have not been protected since they were not asked to reboot their instance. The company in its presentation also says the exploits do not impact just "one architecture or processor implementation".

There has been a significant concern in particular about "Spectre". A virtualisation component known as a hypervisor connects the physical machine to virtual machines. What is it protecting against?

Alex Ionescu, vice president of EDR Strategy at CrowdStrike, applauded all of the work by vendors to mitigate the risks of Meltdown and Spectre. It does so by strictly separating kernel memory spaces in the processor cache. These services, offered by Amazon, Microsoft, Google, IBM and others, give smaller companies access to data centers, web hosting and other services they need to run their businesses.

Although billions of computers and devices are vulnerable, security fixes are already being rolled out.

FLINT DUXFIELD: The Meltdown vulnerability is only a problem for Intel processors, which would be reassuring, were it not for the fact that Intel controls 80 per cent of the PC processing market, and the vulnerability affects computers that date back to 1995.

In the list of results that's displayed, you're looking to see that a series of protections are enabled - this will be listed as True. Google's cloud infrastructure doesn't rely on any single technology to make it secure.

Intel's CEO sold shares in his company several months after Google informed the chipmaker of a serious security problem affecting its products.

After patching its Linux computers on all its computers, Google observed "negligible impact on performance".

While many computer vulnerabilities occur through software, these two flaws exist in the hardware themselves.

Otras noticias

Tendencias Ahora

Shots fired after North Korean soldier defects to South — DMZ news
This story was reported by The Associated Press . "I've made such a suggestion to the U.S., and the currently reviewing it. The pair "expressed their willingness to defect", a ministry official said, and their claim for asylum was being investigated.

All iPhones and iPads affected by Meltdown and Spectre, says Apple
IDC estimated that there are 1.5bn PCs in use around the world today, out of which 90pc are powered by Intel processors . Both vulnerabilities require an attacker to be able to run their code on the device they are attacking...

Justin Simmons likely out for year after hurting ankle while celebrating
They can only play for pride and contract incentives going forward. "It's the first team I played for", Kerr said of the Colts. It's well known that NFL teams watch film of their upcoming opponent each week to game plan for what they're going up against.

The Last Jedi' Has Second Biggest Thursday Opening Ever — Star Wars
Sex tends to be minimal in space, but, who knows, Rey and Kylo could be just the couple to break the onscreen dry spell. During one of the chat sessions held between Rey and Ben, we see Ben attended to by a miniature floating medical droid.

Chelsea v Barcelona Drawn Together In Champions League
All these factors will be heavily considered and are mandatory if the Blues want to get their league campaign back on track. Our fans will like it after we were knocked out by Barcelona last season.

Jamie Carragher explains why Manchester City are ahead of Manchester United
But by the end of August, around the time the transfer window closed, Guardiola finally decided that enough was enough. However, Guardiola highlighted defender Nicolas Otamendi's contributions as the key reason for their recent success.

Surprised by Trump's wide level of support — Letter
Horowitz, Justice Department inspector general, answered that "t$3 he FBI produced these text messages on July 20, 2017". That was a Democrat hoax. "It's like the old KGB that comes for you in the dark of the night banging through your door".

Iran's Supreme Leader Ayatollah Khomeini blames 'enemies' for meddling in protests
Nobel Laureate Shirin Ebadi remarks that there is a lot of disappointment with the fruitlessness of sanctions relief. Government officials are also shutting down social media and the internet in an effort to stamp out the discontent.

Trump thanks Putin for remarks on 'America's strong economic performance'
And as a 'thank you' for the backing, Damascus gave the green light to an expansion of the Tartus base in January. But Russia would "defend the interests of our athletes, including in civil courts", he said.

Manchester City v Watford — Preview
Germany's Bundesliga and France's Ligue 1 returns to action on January 12, while Spain's La Liga will re-start on January 6. The first is that players still see such tackles as a legitimate last resort, or problem-stopper.