Language Selection

English French German Italian Portuguese Spanish

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

CentOS Linux Receives

  • CentOS Linux Receives Security Updates Against Meltdown and Spectre Exploits

    Free Red Hat clone CentOS Linux has received an important kernel security update that patches the Meltdown and Spectre exploits affecting billions of devices powered by modern processors.

  • Ubuntu will fix Meltdown and Spectre by January 9th

    Ubuntu, perhaps the most popular Linux distribution, on the desktop, which has multitudes of other distributions depending on it to send out security updates, has announced that it will update the kernels of all supported releases in order to mitigate the newly publicly disclosed Meltdown and Spectre vulnerabilities, by January 9th.

  • Check This List to See If You’re Still Vulnerable to Meltdown and Spectre [Updated]

    Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google’s Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory—which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

    Intel says that it’s working to update all of the processors it has introduced in the last few years. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” the company said in a statement today.

  • Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk

    After a rollercoaster day of speculation on Jan. 3 about a severe Intel chip flaw, Google's Project Zero research team revealed later that same day details about the CPU vulnerabilities.

    The CPU flaws have been branded as Meltdown and Spectre and have widespread impact across different silicon, operating system, browser and cloud vendors. The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs. Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors, including ones from Intel, Advanced Micro Devices and ARM.

  • Major Intel Kernel flaw may impact performance across Linux, Windows and Mac OS

    New reports have surfaced suggesting that there might be a major security flaw with Intel processors launched in the last decade. The harsh part is that patching the issue might slow down the performance of the CPU by up to 30 percent. Intel hasn't put out an official statement yet, but Linux Kernel patches are being pushed out to all users.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Red Hat Hires From Microsoft; Fedora 27 Release Party at Taipei

Devices: Advantech, Tizen, F-Droid

OSS Leftovers

  • Why no more new AND successful FOSS projects in the last ten years?
     

    If you ask me, the new, successful FOSS projects should be project that fix, replace, rewrite, whatever… the really unglamorous, low-level tools, libraries and so on that would make that happen. Yes, I know that this is really unlikely to happen under current business models and until IoT everywhere, new iPhones every year and the like are perceived as higher priorities, regardless of their environmental impacts and, very often, sheer lack of sense.

  • FOSS Backstage - CfP open
    It's almost ten years ago that I attended my first ApacheCon EU in Amsterdam. I wasn't entirely new to the topic of open source or free software. I attended several talks on Apache Lucene, Apache Solr, Hadoop, Tomcat, httpd (I still remember that the most impressive stories didn't necessarily come from the project members, but from downstream users. They were the ones authorized to talk publicly about what could be done with the project - and often became committers themselves down the road.
  • Liveblogging RIT’s FOSS projects class: initial questions for community spelunking
    Stephen Jacobs (SJ) and I are co-teaching “Project in FOSS Development” at RIT this semester, which basically means “hey students, want to get course credit for contributing to a FOSS project?” The class is centered around 5 project sprints of two weeks each. The first 3 weeks of class are preparing for the sprint periods; the week before spring break is a pause to reflect on how sprints are going. Otherwise, class efforts will be centered around executing project work… (aka “getting stuff done”).
  • Design’N’Buy launches All-In-One Designer on Magento Open Source 2.2
    Design’N’Buy announces the launch of their flagship product – the AIOD on Magento Open Source Version 2.2. With the launch of web to print solution on Magento Version 2.2 , Design’N’Buy becomes first event in web to print industry to offer complete eCommerce printing solution for printers on one of the widest and latest technology platform.
  • Singapore: Blockchain startup Bluzelle raises $19.5m through ICO
    Singapore-based decentralised database provider Bluzelle has announced that its initial coin offering (ICO) has raised $19.5 million in funding, according to a press statement.
  • Blockchain Startup Bluzelle Raises $19.5M USD In ICO
    Bluzelle’ advisor list includes the likes of Brian Fox, creator of GNU Bash, Alex Leverington, one of the original Core ethereum developers, Prashant Malik, co-creator of Apache Cassandra and Ryan Fugger, the original creator of the cryptocurrency Ripple.
  • The Document Liberation project announces five new or improved libraries
    The Document Liberation Project has announced five new or improved libraries to export EPUB3 and import AbiWord, MS Publisher, PageMaker and QuarkXPress files.
  • Lawsuit accuses PACER of milking the public for cash in exchange for access
    The federally run online court document access system known as PACER now finds itself listed on a federal docket. Its overseer, the US government, is a defendant in a proposed class-action lawsuit accusing the service of overcharging the public. The suit, brought by three nonprofits on Thursday, claims millions of dollars generated from a recent 25-percent increase in page fees are being illegally spent by the Administrative Office of the Courts (AO). The cost for access is 10 cents per page and up to $3 a document. Judicial opinions are free. This isn't likely to break the bank for some, but to others it adds up and can preclude access to public records. The National Consumer Law Center, the Alliance for Justice, and the National Veterans Legal Services Program also claim in the lawsuit that these fees are illegal because the government is charging more than necessary to keep the PACER system afloat (as is required by Congress).
  • Is the Most Massive, Illegal Paywall in the World About to Come Down?
    A groundbreaking lawsuit is poised to decimate what is arguably the most unjust, destructive, and it now sounds like illegal paywall in the world, the Public Access to Court Electronic Records, PACER. PACER is the federal government court documents repository. Every federal court document, for every case, lives in PACER. It’s essentially a giant FTP document repository with a horrendous search system bolted on, not dissimilar to EDGAR. PACER was created in 1988 to enable access to court records electronically. Initially available only in courthouses the system was expanded to the web in 2001.
  • Codasip Announces Studio 7, Design and Productivity Tools for Rapid Generation of RISC-V Processors
    Codasip, the leading supplier of RISC-V® embedded processor IP, today announced that it has launched the 7th generation of its Studio, the unique IP-design and customization software that allows for fast configuration and optimization of RISCV processors, customer-proprietary processor architectures, and their accompanying software development toolchains.
  • EE4J Code Begins the Journey to Open Source
    The EE4J project, which was created to manage the Eclipse Foundation’s stewardship of Java EE technologies following Oracle’s decision to open source them, is starting to gain traction. Soon after the project was created, EclipseLink and Yasson (the official reference implementation of Java JSON Binding, JSR-367) became the first two projects to be transferred under the EE4J umbrella. As reported in December, the announcement was made that seven more projects were being proposed.

Database SQLite 3.22.0 Released