Language Selection

English French German Italian Portuguese Spanish

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

CentOS Linux Receives

  • CentOS Linux Receives Security Updates Against Meltdown and Spectre Exploits

    Free Red Hat clone CentOS Linux has received an important kernel security update that patches the Meltdown and Spectre exploits affecting billions of devices powered by modern processors.

  • Ubuntu will fix Meltdown and Spectre by January 9th

    Ubuntu, perhaps the most popular Linux distribution, on the desktop, which has multitudes of other distributions depending on it to send out security updates, has announced that it will update the kernels of all supported releases in order to mitigate the newly publicly disclosed Meltdown and Spectre vulnerabilities, by January 9th.

  • Check This List to See If You’re Still Vulnerable to Meltdown and Spectre [Updated]

    Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google’s Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory—which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

    Intel says that it’s working to update all of the processors it has introduced in the last few years. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” the company said in a statement today.

  • Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk

    After a rollercoaster day of speculation on Jan. 3 about a severe Intel chip flaw, Google's Project Zero research team revealed later that same day details about the CPU vulnerabilities.

    The CPU flaws have been branded as Meltdown and Spectre and have widespread impact across different silicon, operating system, browser and cloud vendors. The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs. Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors, including ones from Intel, Advanced Micro Devices and ARM.

  • Major Intel Kernel flaw may impact performance across Linux, Windows and Mac OS

    New reports have surfaced suggesting that there might be a major security flaw with Intel processors launched in the last decade. The harsh part is that patching the issue might slow down the performance of the CPU by up to 30 percent. Intel hasn't put out an official statement yet, but Linux Kernel patches are being pushed out to all users.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Software: DICOM Viewers, gotop and Cockpit

  • Top 11 Free Linux DICOM Viewers for Doctors
    DICOM stands for Digital Imaging and Communications in Medicine and it is the international open image format for handling, storing, printing, and transmitting information in medical images. Medical images are used in the identification and examination of physical injuries and diseases via procedures like Xrays, CT scans, etc. This article lists the best free Linux applications used for processing images generated by DICOM devices.
  • gotop: Graphical System Monitor For The Command Line
    gotop is a terminal-based (TUI) system monitor for Linux and macOS. The software is inspired by gtop and vtop, but while these 2 utilities use Node.js, gotop is written in Go. The command line tool supports mouse clicking and scrolling, comes with vi-keys, and it displays the CPU, memory and network usage history using colored graphs, while also displaying their current values. gotop also shows the disk usage, temperatures and a top process list, which includes CPU and memory usage.
  • Cockpit 186
    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 186.

Netrunner's Unique Blackbird Soars to New Heights

Blackbird, Netrunner's version 19.01 release, hit the download servers on Jan. 14, and this distro deserves to be considered bleeding-edge. Netrunner is a step ahead of other KDE distros, thanks to its solid integration of classic KDE desktop performance with Web-based applications and cloud services. That said, if you aren't fondness of the K Desktop, Netrunner may leave you wanting more desktop simplicity. For that you must look elsewhere. KDE is the only desktop available from the Germany-based Blue Systems development team. Blackbird is based on Debian's "Testing" branch. Its developer brings some aggressive updates to the distro that propel it ahead of other distros' regular development cycles. The main updates include KDE Plasma 5.14.3, KDE Frameworks 5.51, KDE Applications 18.08 and Qt 5.11.3 for its essential security updates. Linux Kernel 4.19, Firefox Quantum 64.0 and Thunderbird 60.3 push the envelope as well. One of the more noticeable new features in Blackbird is its new Netrunner Black theme. This theme is based on a dark-toned contrasting visual. It uses the Kvantum theme engine, plus the Alpha-Black Plasma theme, to produce a more 3D-looking design. Read more

Mozilla Masking 'Content', ffsend and New Accountant or Chief Financial Officer (CFO)

  • Mozilla Open Policy & Advocacy Blog: Brussels Mozilla Mornings – Disinformation and online advertising: an unhealthy relationship?
    On the morning of 19 February, Mozilla will host the second of our Mozilla Mornings series – regular breakfast meetings where we bring together policy experts, policymakers and practitioners for insight and discussion on the latest EU digital policy developments. This session will be devoted to disinformation and online advertising. Our expert panel will seek to unpack the relation between the two and explore policy solutions to ensure a healthy online advertising ecosystem.
  • ffsend – Easily And Securely Share Files From Linux Command Line Using Firefox Send Client
    Linux users were preferred to go with scp or rsync for files or folders copy. However, so many new options are coming to Linux because it’s a opensource. Anyone can develop a secure software for Linux. We had written multiple articles in our site in the past about this topic. Even, today we are going to discuss the same kind of topic called ffsend.
  • Welcome Roxi Wen, our incoming Chief Financial Officer
    I am excited to announce that Roxi Wen is joining Mozilla Corporation as our Chief Financial Officer (CFO) next month. As a wholly-owned subsidiary of the non-profit Mozilla Foundation, the Mozilla Corporation, with over 1,000 full-time employees worldwide, creates products, advances public policy and explores new technology that give people more control over their lives online, and shapes the future of the global internet platform for the public good. As our CFO Roxi will become a key member of our senior executive team with responsibility for leading financial operations and strategy as we scale our mission impact with new and existing products, technology and business models to better serve our users and advance our agenda for a healthier internet.

Security: apt/apt-get, Blockchains and More