Enero 24, 2018

Google discovers 'serious' flaws in Intel and other chips

06 Enero 2018, 11:35 | Verda Sainz

Illustration Natascha Eibl

An orange shield melting

"The full Project Zero report is forthcoming", it said.

Vendors have been working feverishly to put out patches throughout the past two days. The other, Spectre, is harder to fix, but also harder to exploit, making it less of an immediate threat to consumer devices.

Both Spectre and Meltdown have the ability to be one of the biggest tech security vulnerabilities discovered.

What are "Spectre" and "Meltdown"?

Intel also says the exploits are due to "speculative execution techniques" which are present in nearly all modern processors.

However, Apple has not published any information on the security fixes for its computers and smartphones to date.

Variant 1 (CVE-2017-5753), "bounds check bypass".

Has anyone been hacked this way yet? In November, researcher Kevin Finisterre discovered a vulnerability in the products of drone manufacturer DJI and reported the issue to the firm.

It breaks down the most fundamental isolation between user applications and the operating system.

Variant 3 (CVE-2017-5754), "rogue data cache load".

Daniel Gruss, a researcher at Graz University of Technology, called it "probably one of the worst CPU (central processing unit) bugs ever found".

In order to do their work, they must move data around, using different types of memory to temporarily store it. Some customers may worry that they have not been protected since they were not asked to reboot their instance. The company in its presentation also says the exploits do not impact just "one architecture or processor implementation".

There has been a significant concern in particular about "Spectre". A virtualisation component known as a hypervisor connects the physical machine to virtual machines. What is it protecting against?

Alex Ionescu, vice president of EDR Strategy at CrowdStrike, applauded all of the work by vendors to mitigate the risks of Meltdown and Spectre. It does so by strictly separating kernel memory spaces in the processor cache. These services, offered by Amazon, Microsoft, Google, IBM and others, give smaller companies access to data centers, web hosting and other services they need to run their businesses.

Although billions of computers and devices are vulnerable, security fixes are already being rolled out.

FLINT DUXFIELD: The Meltdown vulnerability is only a problem for Intel processors, which would be reassuring, were it not for the fact that Intel controls 80 per cent of the PC processing market, and the vulnerability affects computers that date back to 1995.

In the list of results that's displayed, you're looking to see that a series of protections are enabled - this will be listed as True. Google's cloud infrastructure doesn't rely on any single technology to make it secure.

Intel's CEO sold shares in his company several months after Google informed the chipmaker of a serious security problem affecting its products.

After patching its Linux computers on all its computers, Google observed "negligible impact on performance".

While many computer vulnerabilities occur through software, these two flaws exist in the hardware themselves.

Otras noticias

Tendencias Ahora

Princes attend The Last Jedi premiere — Star Wars
National Review: So many elements in Episode VIII are recycled that it could have been called Rerun of the Jedi. Another new addition to the team is Kelly Marie Tran , cast as a resistance member named Rose Tico.

How would a Disney-Fox merger affect what we watch?
Netflix is already a firehose of original content, and that is something Disney has finally surrendered to. But purely as a business proposition, the land may be worth much more to a luxury residential developer.

AAA projects busiest holiday travel season on record
The London-based business information provider teamed with AAA in 2009 to jointly analyze travel trends during major holidays. Do Not Respond! Avoid eye contact, don't make gestures, maintain space around your vehicle and contact 9-1-1 if needed.

Manchester City v Watford — Preview
Germany's Bundesliga and France's Ligue 1 returns to action on January 12, while Spain's La Liga will re-start on January 6. The first is that players still see such tackles as a legitimate last resort, or problem-stopper.

West Bromwich Albion v Manchester United: Premier League
Lukaku is lurking in the area between the two West Brom centre backs, just as he was against Bournemouth. United made a dominant start with West Brom guilty of squandering cheap possession on a frequent basis.

The Latest: IS supports Iranian anti-government protests
In the meantime, "luxury shopping malls have mushroomed all over Tehran" and "the poor man is regarded as a failure and burden". And with lightning speed, numerous slogans against Supreme Leader Ali Khamenei began to spread through the social networks.

McCarthy: no issue with Rodgers going on IR
Here's the backstory: Rodgers missed seven games after having surgery to repair a broken right collarbone suffered Oct. 15. The NFL is approaching the playoffs looking for a ratings turnaround after a year of record-low television numbers.

We are creating but not scoring — Wenger
Arsene Wenger is looking to spark a turnaround in form with a routine victory against struggling Newcastle United . The players are working hard. "It's a team who will certainly be sound defensively with a lot of experience".

Trump thanks Putin for remarks on 'America's strong economic performance'
And as a 'thank you' for the backing, Damascus gave the green light to an expansion of the Tartus base in January. But Russia would "defend the interests of our athletes, including in civil courts", he said.

Surprised by Trump's wide level of support — Letter
Horowitz, Justice Department inspector general, answered that "t$3 he FBI produced these text messages on July 20, 2017". That was a Democrat hoax. "It's like the old KGB that comes for you in the dark of the night banging through your door".