ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed

Daniel Gruss, the researcher behind Spectre, Meltdown – and most recently, ZombieLoad – Intel CPU side channel attacks, gives an inside look into how he discovered the flaws. Continue reading ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed

Application level protection against Meltdown, Spectre, Foreshadow, Fallout. Zombieload

Is it possible to develop an application in such a way that its data in memory cant be stolen by recent attacks such as Meltdown, Spectre, Foreshadow, Fallout. Zombieload? All mitigations focus on patching hardware, BIOS or OS. But could s… Continue reading Application level protection against Meltdown, Spectre, Foreshadow, Fallout. Zombieload

Amazon, Apple, Google & Microsoft issue patches to fix ZombieLoad bug

By Uzair Amir
All computers containing Intel chips from 2011 onwards will be vulnerable to ZombieLoad bug. Intel processor chips have lately been accused of being flawed and unreliable in ensuring optimal computer performance and the current news furth… Continue reading Amazon, Apple, Google & Microsoft issue patches to fix ZombieLoad bug

After Meltdown and Spectre, meet a new set of Intel chip flaws

Those who warned that the Meltdown and Spectre computer chip flaws revealed last year would trigger a new era of hardware vulnerability discovery were onto something. On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same “speculative execution” process, which is used to improve CPU performance, that was central to Meltdown and Spectre. The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. Like Meltdown and Spectre, there isn’t evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners. The colorfully named ZombieLoad attack, for example, unearths private browsing history and leaks information from a computer’s application, operating system and virtual machines in the cloud. The RIDL attack leaks information from different security buffers inside the Intel processors, while an […]

The post After Meltdown and Spectre, meet a new set of Intel chip flaws appeared first on CyberScoop.

Continue reading After Meltdown and Spectre, meet a new set of Intel chip flaws

Software mitigation for variant 3a (rogue system register read) and variant 4 (speculative store bypass)

AFAIK, all mitigable meltdown / spectre variants have software mitigation except for variant 3a and 4. Why is this the case?

For variant 4, a straightforward software mitigation is to place lfence before all memory load oper… Continue reading Software mitigation for variant 3a (rogue system register read) and variant 4 (speculative store bypass)

Jolted by Meltdown and Spectre, Intel aims to accelerate patching process

For years, software, not hardware, has dominated the cybersecurity industry’s efforts to develop a coordinated way of disclosing technology flaws. Software bugs are reported in much greater numbers, and there are far fewer researchers who specialize in hardware security. But hardware was thrust into the limelight in January 2018, when Spectre and Meltdown, two vulnerabilities that affected virtually all modern computer chips, were made public. The flaws could have allowed hackers to infiltrate a computer’s memory and steal sensitive data, or trick applications into spilling information without a user’s knowledge. While there’s no evidence either has been exploited, the revelation that they exist, and the complex patching process that followed, sparked industry-wide awareness about serious security flaws that might come embedded in otherwise trusted technology. Now, more than a year later, the vendors, researchers, and manufacturers involved are still trying to cut down on the time it takes to get hardware-related patches […]

The post Jolted by Meltdown and Spectre, Intel aims to accelerate patching process appeared first on CyberScoop.

Continue reading Jolted by Meltdown and Spectre, Intel aims to accelerate patching process