Language Selection

English French German Italian Portuguese Spanish

Security: Intel, Cisco, Apple, FBI

Filed under
Security
  • How Much Slower Will My PC Become After Meltdown And Spectre Patches?
  • Intel's Microcode Update for Spectre Exploit Is Now Available in Ubuntu's Repos

    Canonical announced a few moments ago that Intel's latest microcode update for the Spectre security vulnerability is now available from the software repositories of all supported Ubuntu Linux releases.

    After releasing earlier this week new kernel updates to mitigate the Meltdown and Spectre security exploits that put billions of devices at risk of attacks by allowing a local, unprivileged attacker to obtain sensitive information from kernel memory, Canonical now released the updated microcode from Intel for supported Intel CPUs.

  • Cisco can now sniff out malware inside encrypted traffic

    Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic.

    Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service – now known as Encrypted Traffic Analytics (ETA) - available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V.

    Those devices can’t do the job alone: users need to sign up for Cisco’s StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

  • MacOS High Sierra security bug lets you unlock App Store System Preferences with any random password

    According to the bug report, users can simply open System Preferences, go to App Store settings and check the padlock icon. If it is unlocked, lock it and then try unlocking it using your username and any password.

  • Intel tells select customers not to use its bug fixes

    Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.

  • Canonical reissues Meltdown and Spectre patches for Ubuntu after borkage
  • A Step in the Right Direction: House Passes the Cyber Vulnerability Disclosure Reporting Act

    The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.

    H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities. Specifically, the mandated report would comprise two parts. First, a “description of the policies and procedures developed [by DHS] for coordinating cyber vulnerability disclosures,” or in other words, how the government reports flaws in computer hardware and software to the developers. And second, a possibly classified “annex” containing descriptions of specific instances where these policies were used to disclose vulnerabilities in the previous year, leading to mitigation of the vulnerabilities by private actors.

    Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities. To date, such evidence has been exceedingly sparse; for instance, Apple received its first ever vulnerability report from the U.S. government in 2016. Assuming the report and annex work as intended, the public’s confidence in the government’s ability to “play defense” may actually increase.

  • FBI Says Device Encryption Is 'Evil' And A Threat To Public Safety

    The FBI continues its anti-encryption push. It's now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn't taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he's no longer the only FBI employee willing to speak up on the issue.

    Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.

  • Canonical Says It'll Release New Ubuntu Kernels to Further Mitigate Spectre Bugs

    Canonical's Dean Henrichsmeyer published today an update on the Ubuntu patches for the Meltdown and Spectre security vulnerabilities and what they plan on doing next to mitigate these critical bugs.

    By now, most of you have probably updated your Ubuntu Linux computers to the new kernel versions Canonical released earlier this week, as well as the new Nvidia proprietary graphics driver and Firefox web browser, both including patches to mitigate the Meltdown and Spectre exploits affecting billions of devices powered by modern processors from Intel, AMD, and ARM.

More in Tux Machines

BSD: FreeBSD 12.0 Beta and Upgrading OpenBSD with Ansible

Graphics: XRGEARS and Arcan's Latest

  • XRGEARS: Infamous "Gears" Now On VR Headsets With OpenHMD, Vulkan
    Well, the virtual reality (VR) demo scene is now complete with having glxgears-inspired gears and Utah teapot rendering on VR head mounted displays with the new XRGEARS. Kidding aside about the gears and teapot, XRGEARS is a nifty new open-source project with real value by Collabora developer Lubosz Sarnecki. XRGEARS is a standalone VR demo application built using the OpenHMD initiative for tracking and Vulkan for rendering. XRGEARS supports both Wayland and X11 environments or even running off KMS itself. This code also makes use of VK_EXT_direct_mode_display with DRM leasing.
  • Arcan versus Xorg – Approaching Feature Parity
    This is the first article out of three in a series where I will go through what I consider to be the relevant Xorg feature set, and compare it, point by point, to how the corresponding solution or category works in Arcan. This article will solely focus on the Display Server set of features and how they relate to Xorg features, The second article will cover the features that are currently missing (e.g. network transparency) when they have been accounted for. The third article will cover the features that are already present in Arcan (and there are quite a few of those) but does not exist in Xorg.
  • Arcan Display Server Is Nearing Feature Parity With The X.Org Server
    The Arcan display server, which started off years ago sounding like a novelty with being a display server built off a game engine in part and other interesting features, is nearing feature parity with the X.Org Server. While most hobbyist display server projects have failed, Arcan has continued advancing and with an interesting feature set. Recently they have even been working on a virtual reality desktop and an interesting desktop in general. Arcan is getting close to being able to offering the same functionality as a traditional X.Org Server. If you are interested in a lengthy technical read about the differences between Arcan and X.Org, the Arcan developers themselves did some comparing and contrasting when it comes to the display support, windowing, input, font management, synchronization, and other areas.

CoC/Systemd Supremacy Over Linux Kernel

  • New Linux Code of Conduct Revisions: CoC Committee Added Plus Interpretation & Mediator
    The Linux Code of Conduct introduced last month that ended up being quite contentious will see some revisions just ahead of the Linux 4.19 stable kernel release. Greg Kroah-Hartman has outlined the planned changes as well as a new Code of Conduct Interpretation document. In the weeks since the Linux kernel CoC was merged, various patches were proposed but none merged yet. It turns out Greg KH was working in private with various kernel maintainers/developers on addressing their feedback and trying to come up with solutions to the contentious issues in private.
  • Some kernel code-of-conduct refinements
    Greg Kroah-Hartman has posted a series of patches making some changes around the newly adopted code of conduct. In particular, it adds a new document describing how the code is to be interpreted in the kernel community.
  • Systemd Adds Feature To Fallback Automatically To Older Kernels On Failure
    Systemd's latest feature is the concept of "boot counting" that will track kernel boot attempts and failures as part of an automatic boot assessment. Ultimately this is to provide automatic fallback to older kernels should a newer kernel be consistently failing. The feature was crafted over the past few months by Lennart Poettering himself to provide a way when making use of systemd-boot on UEFI systems it can automatically fallback to an older kernel if a newer kernel is consistently causing problems. This is treated as an add-on to the Boot Loader Specification. The systemd boot assessment is designed that it could also be used by non-UEFI systems and other boot platforms.

ODROID 'Hacker Board'

  • ODROID Rolling Out New Intel-Powered Single Board Computer After Trying With Ryzen
    While ODROID is most known for their various ARM single board computers (SBCs), some of which offer impressive specs, they have dabbled in x86 SBCs and on Friday announced the Intel-powered ODROID-H2. In the announcement they mentioned as well they were exploring an AMD Ryzen 5 2500U powered SBC computer, which offered fast performance but the price ended up being prohibitive. After the falling out with Ryzen over those cost concerns, they decided to go ahead with an Intel Geminilake SoC. Geminilake is slower than their proposed Ryzen board, but the price was reasonable and it ends up still being much faster than ODROID's earlier Apollolake SBC.
  • Odroid-H2 is world’s first Gemini Lake hacker board
    Hardkernel unveiled the Odroid-H2, the first hacker board with an Intel Gemini Lake SoC. The Ubuntu 18.10 driven SBC ships with 2x SATA 3.0, 2x GbE, HDMI and DP, 4x USB, and an M.2 slot for NVMe. When the Odroid-H2 goes on sale in November at a price that will be “higher than $100,” Hardkernel will join a small group of vendors that have launched a community backed x86-based SBC. This first open spec hacker board built around Intel’s new Gemini Lake SoC — and one of the first Gemini Lake SBCs of any kind — follows earlier Arm-based Odroid winners such as the Odroid-C2 Raspberry Pi pseudo clone and the octa-core Odroid-XU4.