Language Selection

English French German Italian Portuguese Spanish

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

CentOS Linux Receives

  • CentOS Linux Receives Security Updates Against Meltdown and Spectre Exploits

    Free Red Hat clone CentOS Linux has received an important kernel security update that patches the Meltdown and Spectre exploits affecting billions of devices powered by modern processors.

  • Ubuntu will fix Meltdown and Spectre by January 9th

    Ubuntu, perhaps the most popular Linux distribution, on the desktop, which has multitudes of other distributions depending on it to send out security updates, has announced that it will update the kernels of all supported releases in order to mitigate the newly publicly disclosed Meltdown and Spectre vulnerabilities, by January 9th.

  • Check This List to See If You’re Still Vulnerable to Meltdown and Spectre [Updated]

    Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google’s Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory—which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

    Intel says that it’s working to update all of the processors it has introduced in the last few years. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” the company said in a statement today.

  • Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk

    After a rollercoaster day of speculation on Jan. 3 about a severe Intel chip flaw, Google's Project Zero research team revealed later that same day details about the CPU vulnerabilities.

    The CPU flaws have been branded as Meltdown and Spectre and have widespread impact across different silicon, operating system, browser and cloud vendors. The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs. Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors, including ones from Intel, Advanced Micro Devices and ARM.

  • Major Intel Kernel flaw may impact performance across Linux, Windows and Mac OS

    New reports have surfaced suggesting that there might be a major security flaw with Intel processors launched in the last decade. The harsh part is that patching the issue might slow down the performance of the CPU by up to 30 percent. Intel hasn't put out an official statement yet, but Linux Kernel patches are being pushed out to all users.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Finally: Historic Eudora email code goes open source

The source code to the Eudora email client is being released by the Computer History Museum, after five years of discussion with the IP owner, Qualcomm. The Mac software was well loved by early internet adopters and power users, with versions appearing for Palm, Newton and Windows. At one time, the brand was so synonymous with email that Lycos used Eudora to brand its own webmail service. As the Mountain View, California museum has noted, "It’s hard to overstate Eudora’s popularity in the mid-1990s." Read more Also: The Computer History Museum Just Made Eudora Open Source

Android Leftovers

Security Leftovers, Mostly 'Spectre' and 'Meltdown' Related

  • More Meltdown/Spectre Variants
  • Spectre V2 & Meltdown Linux Fixes Might Get Disabled For Atom N270 & Other In-Order CPUs
    There's a suggestion/proposal to disable the Spectre Variant Two and Meltdown mitigation by default with the Linux kernel for in-order CPUs. If you have an old netbook still in use or the other once popular devices powered by the Intel Atom N270 or other in-order processors, there may be some reprieve when upgrading kernels in the future to get the Spectre/Meltdown mitigation disabled by default since these CPUs aren't vulnerable to attack but having the mitigation in place can be costly performance-wise.
  • Linux 4.17 Lands Initial Spectre V4 "Speculative Store Bypass" For POWER CPUs
    Following yesterday's public disclosure of Spectre Variant Four, a.k.a. Speculative Store Bypass, the Intel/AMD mitigation work immediately landed while overnight the POWER CPU patch landed.
  • New Variant Of Spectre And Meltdown CPU Flaw Found; Fix Affects Performance
  • Ubuntu 18.04 LTS Gets First Kernel Update with Patch for Spectre Variant 4 Flaw
    Canonical released the first kernel security update for its Ubuntu 18.04 LTS (Bionic Beaver) operating system to fix a security issue that affects this release of Ubuntu and its derivatives. As you can imagine, the kernel security update patches the Ubuntu 18.04 LTS (Bionic Beaver) operating system against the recently disclosed Speculative Store Buffer Bypass (SSBB) side-channel vulnerability, also known as Spectre Variant 4 or CVE-2018-3639, which could let a local attacker expose sensitive information in vulnerable systems.
  • RHEL and CentOS Linux 7 Receive Mitigations for Spectre Variant 4 Vulnerability
    As promised earlier this week, Red Hat released software mitigations for all of its affected products against the recently disclosed Spectre Variant 4 security vulnerability that also affects its derivatives, including CentOS Linux. On May 21, 2018, security researchers from Google Project Zero and Microsoft Security Response Center have publicly disclosed two new variants of the industry-wide issue known as Spectre, variants 3a and 4. The latter, Spectre Variant 4, is identified as CVE-2018-3639 and appears to have an important security impact on any Linux-based operating system, including all of its Red Hat's products and its derivatives, such as CentOS Linux.

LXQt 0.13 Desktop Environment Officially Released, It's Coming to Lubuntu 18.10

For starters, all of LXQt's components are now ready to be built against the recently released Qt 5.11 application framework, and out-of-source-builds are now mandatory. LXQt 0.13.0 also disabled the menu-cached functionality, making it optional from now on in both the panel and runner, thus preventing memory leaks and avoiding any issues that may occur when shutting down or restarting LXQt. Read more