Language Selection

English French German Italian Portuguese Spanish

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

CentOS Linux Receives

  • CentOS Linux Receives Security Updates Against Meltdown and Spectre Exploits

    Free Red Hat clone CentOS Linux has received an important kernel security update that patches the Meltdown and Spectre exploits affecting billions of devices powered by modern processors.

  • Ubuntu will fix Meltdown and Spectre by January 9th

    Ubuntu, perhaps the most popular Linux distribution, on the desktop, which has multitudes of other distributions depending on it to send out security updates, has announced that it will update the kernels of all supported releases in order to mitigate the newly publicly disclosed Meltdown and Spectre vulnerabilities, by January 9th.

  • Check This List to See If You’re Still Vulnerable to Meltdown and Spectre [Updated]

    Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google’s Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory—which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

    Intel says that it’s working to update all of the processors it has introduced in the last few years. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” the company said in a statement today.

  • Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk

    After a rollercoaster day of speculation on Jan. 3 about a severe Intel chip flaw, Google's Project Zero research team revealed later that same day details about the CPU vulnerabilities.

    The CPU flaws have been branded as Meltdown and Spectre and have widespread impact across different silicon, operating system, browser and cloud vendors. The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs. Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors, including ones from Intel, Advanced Micro Devices and ARM.

  • Major Intel Kernel flaw may impact performance across Linux, Windows and Mac OS

    New reports have surfaced suggesting that there might be a major security flaw with Intel processors launched in the last decade. The harsh part is that patching the issue might slow down the performance of the CPU by up to 30 percent. Intel hasn't put out an official statement yet, but Linux Kernel patches are being pushed out to all users.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

KDE Applications 18.08 Software Suite Enters Beta, Adds Apple Wallet Pass Reader

With KDE Applications 18.04 reached end of life with the third and last point release, the KDE Project started working earlier this month on the next release of their open-source software suite, KDE Applications 18.08. KDE Applications is an open-source software suite designed as part of the KDE ecosystem, but can also be used independently on any Linux-based operating system. To fully enjoy the KDE Plasma desktop environment, users will also need to install various of the apps that are distributed as part of the KDE Applications initiative. KDE Applications 18.08 is the next major version of the open-source software suite slated for release on August 16, 2018. As of yesterday, July 20, the KDE Applications 18.08 software suite entered beta testing as version 18.07.80, introducing two new libraries, KPkPass and KItinerary. Read more

NetBSD 8.0 Released

  • Announcing NetBSD 8.0
    The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.
  • NetBSD 8.0 Officially Released With USB3 Support, Security Improvements & UEFI
    While it's been on mirrors for a few days, NetBSD 8.0 was officially released this weekend. NetBSD 8.0 represents this BSD operating system project's 16th major release and introduces USB 3.0 support, an in-kernel audio mixer, a new socket layer, Meltdown/Spectre mitigation, eager FPU support, SMAP support, UEFI boot-loader support for x86/x86_64 hardware, and a variety of long sought after improvements -- many of which are improving the security of NetBSD.
  • NetBSD 8.0 Released with Spectre V2/V4, Meltdown, and Lazy FPU Mitigations
    The NetBSD open-source operating system has been updated this week to version 8.0, a major release that finally brings mitigations for all the Spectre variants, Meltdown, and Lazy FPU security vulnerabilities, as well as many stability improvements and bug fixes. Coming seven months after the first and last point release of the NetBSD 7 series, NetBSD 8.0 is here with mitigations for both the Spectre Variant 2 (CVE-2017-5715) and Spectre Variant 4 (CVE-2018-3639) security vulnerabilities, as well as for the Meltdown (CVE-2017-5754) and Lazy FPU State Save/Restore (CVE-2018-3665) vulnerabilities.

Neptune 5.4

We are proud to announce version 5.4 of Neptune . This update represents the current state of Neptune 5 and renews the ISO file so if you install Neptune you don't have to download tons of Updates. In this update we introduce a new look and feel package called Neptune Dark. This comes together with an modified icon theme optimized for dark themes called Faenza Dark. We improved hardware support further by providing Linux Kernel 4.16.16 with improved drivers and bugfixes. Read more

Plasma 5.14 Wallpaper “Cluster”

The time for a new Plasma wallpaper is here, so for 5.14 I’m excited to offer up “Cluster”. But first, please allow me to gush for a moment. In tandem with Inkscape, this is the first wallpaper for KDE produced using the ever excellent Krita. For graphic design my computer has a bit of beef to it, but when I work with Inkscape or GIMP things always chug just a bit more than I feel they should. Whenever I’ve had the distinct pleasure of opening Krita, even on my lesser powered laptop, it’s always been productive, rewarding, and performant. I’m looking forward to using Krita more in future wallpapers. *claps for Krita* Read more