Language Selection

English French German Italian Portuguese Spanish

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

CentOS Linux Receives

  • CentOS Linux Receives Security Updates Against Meltdown and Spectre Exploits

    Free Red Hat clone CentOS Linux has received an important kernel security update that patches the Meltdown and Spectre exploits affecting billions of devices powered by modern processors.

  • Ubuntu will fix Meltdown and Spectre by January 9th

    Ubuntu, perhaps the most popular Linux distribution, on the desktop, which has multitudes of other distributions depending on it to send out security updates, has announced that it will update the kernels of all supported releases in order to mitigate the newly publicly disclosed Meltdown and Spectre vulnerabilities, by January 9th.

  • Check This List to See If You’re Still Vulnerable to Meltdown and Spectre [Updated]

    Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google’s Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory—which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

    Intel says that it’s working to update all of the processors it has introduced in the last few years. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” the company said in a statement today.

  • Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk

    After a rollercoaster day of speculation on Jan. 3 about a severe Intel chip flaw, Google's Project Zero research team revealed later that same day details about the CPU vulnerabilities.

    The CPU flaws have been branded as Meltdown and Spectre and have widespread impact across different silicon, operating system, browser and cloud vendors. The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs. Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors, including ones from Intel, Advanced Micro Devices and ARM.

  • Major Intel Kernel flaw may impact performance across Linux, Windows and Mac OS

    New reports have surfaced suggesting that there might be a major security flaw with Intel processors launched in the last decade. The harsh part is that patching the issue might slow down the performance of the CPU by up to 30 percent. Intel hasn't put out an official statement yet, but Linux Kernel patches are being pushed out to all users.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Honor 9 Lite review: Leader of the affordable Android pack

As Huawei's budget brand, Honor handsets are well known for offering good value for money. With the Honor 9 Lite the 'good value' theme is raised a notch, thanks to an 18:9 aspect ratio 5.65-inch screen and no fewer than four cameras. Judging by its name, you might expect the Honor 9 Lite to be a trimmed-down version of the Honor 9, but there are some significant variances that suggest the new handset is a step sideways rather than a step down. The Honor 9's 5.15-inch 1,080-by-1,920 (16:9) screen is trumped here by a bigger, taller 5.65-inch 1,080-by-2,160 (18:9) display. There are also dual cameras front and back, whereas the Honor 9 only has dual rear cameras. At the time of writing the Honor 9 is selling for £349 (inc. VAT) direct from Honor, so the Honor 9 Lite's £199.99 looks very appealing. Read more

Linux command history: Choosing what to remember and how

Linux history – the record of commands that you’ve used on the command line – can simplify repeating commands and provide some very useful information when you’re trying to track down how recent system or account changes might have come about. Two things you need to understand before you begin your sleuthing, however, are that the shell’s command memory can be selective and that dates and times for when commands were run are optional. Read more

Security: Voting Machines With Windows and Back Doors in Windows Help Crypto-jacking

  • Election Security a High Priority — Until It Comes to Paying for New Voting Machines [Ed: Sadly, the US has outsourced its voting machines to a private company whose systems are managed by Microsoft]
    When poll workers arrived at 6 a.m. to open the voting location in Allentown, New Jersey, for last November’s gubernatorial election, they found that none of the borough’s four voting machines were working. Their replacements, which were delivered about four hours later, also failed. Voters had to cast their ballots on paper, which then were counted by hand. Machine malfunctions are a regular feature of American elections. Even as worries over cybersecurity and election interference loom, many local jurisdictions depend on aging voting equipment based on frequently obsolete and sometimes insecure technology. And the counties and states that fund elections have dragged their heels on providing the money to buy new equipment.
  • Congress Can Act Right Now to Prevent Interference in the 2018 Elections [Ed: "confidence" is not security]

    To create that confidence the SAFE Act would: [...]

  • America’s Election Meddling Would Indeed Justify Other Countries Retaliating In Kind
    There is still no clear proof that the Russian government interfered with the 2016 U.S. election in any meaningful way. Which is weird, because Russia and every other country on earth would be perfectly justified in doing so.
  • NSA Exploit Now Powering Cryptocurrency Mining Malware [Ed: Microsoft Windows back door]
    You may have been asked if you'd like to try your hand at mining cryptocurrency. You may have demurred, citing the shortage in graphics cards or perhaps wary you were being coaxed into an elaborate Ponzi scheme. So much for opting out. Thanks to the NSA, you may be involved in mining cryptocurrency, but you're likely not seeing any of the benefits.
  • Cryptocurrency-mining criminals that netted $3 million gear up for more
    Separately, researchers from security firm FireEye said attackers, presumably with no relation to the one reported by Check Point, are exploiting unpatched systems running Oracle's WebLogic Server to install cryptocurrency-mining malware. Oracle patched the vulnerability, indexed as CVE-2017-10271, in October.

today's howtos