Spectre chip weakness can be used to steal data remotely

Researchers have found a new variant of the Spectre CPU flaw that shows how attackers could steal data remotely without having to run malicious code on a local system. Continue reading Spectre chip weakness can be used to steal data remotely

Spectre bug protection forcing Chrome to use 10 to 13% more RAM

By Uzair Amir
The entire tech industry was shaken after the discovery of
This is a post from HackRead.com Read the original post: Spectre bug protection forcing Chrome to use 10 to 13% more RAM
Continue reading Spectre bug protection forcing Chrome to use 10 to 13% more RAM

Google Chrome shifts browser architecture to thwart Spectre attacks

Google Chrome is enabling a new security feature called Site Isolation in response to the set of speculative execution side-channel attacks known as Spectre and Meltdown. One day after a new Spectre-like attack was disclosed, the newly enabled Site Isolation feature attempts to provide what Google’s security team believes is “the most effective mitigation” possible. This is the latest improvement for Chrome, widely considered to possess the best security features among different browsers. Spectre and Meltdown use the speculative execution feature of a machine’s processors to access memory that is supposed to be off-limits to users. Site Isolation aims to keep data in the same process so that a Spectre attack can’t siphon off important data. The security feature is available in the current version (Chrome 67) of Chrome on Windows, Mac, Linux and Chrome OS. The Chrome team is now working on extending the coverage to Android. The team […]

The post Google Chrome shifts browser architecture to thwart Spectre attacks appeared first on Cyberscoop.

Continue reading Google Chrome shifts browser architecture to thwart Spectre attacks

Senators question vulnerability disclosure process after Spectre and Meltdown stumbles

Shortcomings in the industry-led process for disclosing software and hardware bugs could rear their heads again, U.S. senators said Wednesday at a hearing on the Spectre and Meltdown chip flaws. “While these vulnerabilities seemed to have been patched reasonably well, what about the next one? And we might not know about it until it’s too late,” Florida Democrat Bill Nelson said at the Commerce, Science and Transportation Committee hearing. Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready. “We need to consider additional ways to require the federal government’s equipment suppliers to promptly notify [the Department of Homeland Security] of potential breaches or vulnerabilities that could weaken our federal systems,” Sen. Maggie Hassan, D-N.H., said at the hearing. The worry is always that foreign governments […]

The post Senators question vulnerability disclosure process after Spectre and Meltdown stumbles appeared first on Cyberscoop.

Continue reading Senators question vulnerability disclosure process after Spectre and Meltdown stumbles