Collaborate Disseminate
I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn’t tested. I keep my microcode package up-to-date, but i… Continue reading Are Haswell CPUs still secure? Do they still get microcode updates?
Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them.
Right now, my problem is that I need a new computer but I want to make sure that I bu… Continue reading How to select a CPU to buy for the best security?
I’ve been looking into getting a VPS to run an OpenVPN server on and a few other things. I’ve been speaking to a hosting company and they have sent me this screenshot to show they are protected against all currently known exploits on their… Continue reading Are CPU side-channel attacks still a concern on VPSs
In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown.
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-… Continue reading Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?
I’ve been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with the same host.
I found this article on D… Continue reading Is protecting against Meltdown and Spectre on virtual servers actually possible?
I need to write a simple program that demonstrates a race condition. I picked the Meltdown vulnerability.
I want to clarify something. I’m following this explanation https://resources.infosecinstitute.com/topic/race-conditions-exploitation… Continue reading Understanding the Meltdown vulnerability
I was not able to find a definite answer to the question whether it is safe to disable spectre and meltdown vulnerabilities but i could articles that suggests the defaults might be revisited & windows seems to allow the disabling of th… Continue reading Are there any class of systems where it is safe to disable spectre and meltdown patches
Can a meltdown attack also violate data integrity of other processes by obtaining different passwords or is it just violating data secrecy by reading data it is unauthorized to do?
Suppose we have a complete implementation of SFI on a CPU hardware that is vulnerable to meltdown attacks that also happens to run a Linux kernel that is also vulnerable to meltdown attacks. Can SFI alone prevent these meltdown attacks fro… Continue reading Can Software-based fault isolation (SFI) prevent meltdown?
Microsoft and three major computing vendors — AMD, Intel and Qualcomm Technologies — on Tuesday said they would produce security chips designed to keep attackers from stealing critical data such as encryption keys and credentials from computing systems. The goal is to guard against a relatively new breed of attack techniques, made famous by the 2018 Spectre and Meltdown vulnerabilities, that pry data from a computer’s most sensitive enclaves. To do this, Microsoft said it will store critical data on the chip itself, isolating it from the rest of the system. Advocates of the new security chip, known as Pluton, say it will cut off a key vector for data-stealing attacks: a communication channel between a computing system’s central processing unit (CPU) and another piece of hardware known as the trusted platform module (TPM). In one example of that type of attack, researchers from security company NCC Group in 2018 […]
The post Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD appeared first on CyberScoop.
Continue reading Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD