Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD

Microsoft and three major computing vendors — AMD, Intel and Qualcomm Technologies — on Tuesday said they would produce security chips designed to keep attackers from stealing critical data such as encryption keys and credentials from computing systems. The goal is to guard against a relatively new breed of attack techniques, made famous by the 2018 Spectre and Meltdown vulnerabilities, that pry data from a computer’s most sensitive enclaves. To do this, Microsoft said it will store critical data on the chip itself, isolating it from the rest of the system. Advocates of the new security chip, known as Pluton, say it will cut off a key vector for data-stealing attacks: a communication channel between a computing system’s central processing unit (CPU) and another piece of hardware known as the trusted platform module (TPM). In one example of that type of attack, researchers from security company NCC Group in 2018 […]

The post Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD appeared first on CyberScoop.

Continue reading Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD

Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

Intel’s addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD’s Secure Memory Encryption (SME) feature. Continue reading Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

DARPA invites hackers to break hardware to make it more secure

For more than two years, the Pentagon’s research arm has been working with engineers to beef up the security of computer chips before they get deployed in weapons systems or other critical technologies. Now, the research arm — the Defense Advanced Research Projects Agency (DARPA) — is turning the hardware over to elite white-hat hackers who can earn up to $25,000 for bugs they find. The goal is to throw an array of attacks at the hardware so its foundations are more secure before production. “We need the researchers to really roll their sleeves up and dig into what we’re doing and try to break it,” said Keith Rebello, a DARPA program manager. Hardware hacks often involve identifying vulnerabilities in how a computer chip handles information, like the flaw uncovered in Intel microprocessors in March that could have allowed attackers to run malicious code early in the boot process. While software bug bounties are ubiquitous in […]

The post DARPA invites hackers to break hardware to make it more secure appeared first on CyberScoop.

Continue reading DARPA invites hackers to break hardware to make it more secure

Intel patches graphics drivers and offers new LVI flaw mitigations

Intel’s March security updates reached its customers this week and the dominant theme is the bundle of flaws affecting Graphics drivers. Continue reading Intel patches graphics drivers and offers new LVI flaw mitigations

Intel promises fix after researchers reveal ‘CacheOut’ CPU flaws

Forget the infamous Meltdown and Spectre chip flaws from 2018, the problem that’s tying down Intel’s patching team these days is a more recent class of side channel vulnerabilities known collectively as ZombieLoad. Continue reading Intel promises fix after researchers reveal ‘CacheOut’ CPU flaws

Intel pushes for hardware-specific additions to vulnerability taxonomy

The professionals who work to uncover security vulnerabilities in hardware must find a “common language” for categorizing them in order to make important strides in securing those systems, according to chipmaking giant Intel Corp. Hardware researchers “do not have the same standard taxonomy that would enable them to share information and techniques with one another,” Intel researchers Arun Kanuparthi and Hareesh Khattri argued in an op-ed published this week on Help Net Security, an information security website. “If we expect hardware vendors and their partners to collectively deliver more secure solutions, we must have a common language for discussing hardware security vulnerabilities,” Kanuparthi and Khattri wrote. At issue is the Common Weakness Enumeration (CWE) system, a list that is used as a yardstick on which to map Common Vulnerabilities and Exposures (CVE). CVEs are more familiar to security researchers as signposts for potential threats, and they’re a notch in the belt […]

The post Intel pushes for hardware-specific additions to vulnerability taxonomy appeared first on CyberScoop.

Continue reading Intel pushes for hardware-specific additions to vulnerability taxonomy