SPECTRE – Page 11 – WindowsTechs.com

Google Chrome shifts browser architecture to thwart Spectre attacks

Posted on July 11, 2018 by Patrick Howell O'Neill

Google Chrome is enabling a new security feature called Site Isolation in response to the set of speculative execution side-channel attacks known as Spectre and Meltdown. One day after a new Spectre-like attack was disclosed, the newly enabled Site Isolation feature attempts to provide what Google’s security team believes is “the most effective mitigation” possible. This is the latest improvement for Chrome, widely considered to possess the best security features among different browsers. Spectre and Meltdown use the speculative execution feature of a machine’s processors to access memory that is supposed to be off-limits to users. Site Isolation aims to keep data in the same process so that a Spectre attack can’t siphon off important data. The security feature is available in the current version (Chrome 67) of Chrome on Windows, Mac, Linux and Chrome OS. The Chrome team is now working on extending the coverage to Android. The team […]

The post Google Chrome shifts browser architecture to thwart Spectre attacks appeared first on Cyberscoop.

Continue reading Google Chrome shifts browser architecture to thwart Spectre attacks→

Senators question vulnerability disclosure process after Spectre and Meltdown stumbles

Posted on July 11, 2018 by Sean Lyngaas

Shortcomings in the industry-led process for disclosing software and hardware bugs could rear their heads again, U.S. senators said Wednesday at a hearing on the Spectre and Meltdown chip flaws. “While these vulnerabilities seemed to have been patched reasonably well, what about the next one? And we might not know about it until it’s too late,” Florida Democrat Bill Nelson said at the Commerce, Science and Transportation Committee hearing. Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready. “We need to consider additional ways to require the federal government’s equipment suppliers to promptly notify [the Department of Homeland Security] of potential breaches or vulnerabilities that could weaken our federal systems,” Sen. Maggie Hassan, D-N.H., said at the hearing. The worry is always that foreign governments […]

The post Senators question vulnerability disclosure process after Spectre and Meltdown stumbles appeared first on Cyberscoop.

Continue reading Senators question vulnerability disclosure process after Spectre and Meltdown stumbles→

CVE-2018-3693: New Spectre 1.1 Vulnerability Emerges

Posted on July 11, 2018 by Martin Beltov

The latest variant of the Spectre series of bugs have been discovered — the newest addition is the Spectre 1.1 vulnerability which is tracked under the CVE-2018-3693 security advisory. Like previous iterations it leverages a flaw that can create … Continue reading CVE-2018-3693: New Spectre 1.1 Vulnerability Emerges→

New Spectre-like attack uses speculative execution to overflow buffers

Posted on July 10, 2018 by Peter Bright

Research is continuing to find new attack vectors. Continue reading New Spectre-like attack uses speculative execution to overflow buffers→

Nessus ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)

Posted on July 9, 2018 by Mark Miller

I have a MS Server 2012 r2 running ArcServe 17.5, which uses MSSQL Server Express 2014. When Nessus runs a scan of this system, I am getting the plugin 105613 – ADV180002: Microsoft SQL Server January 2018 Security Update (Me… Continue reading Nessus ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)→

Keeping False Positives in Check

Posted on July 6, 2018 by Justin Jett

InfoSec Insider Justin Jett shares his opinions on how to avoid false positive security threat fatigue before sets in and companies drop their guard. Continue reading Keeping False Positives in Check→

WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches

Posted on June 27, 2018 by Tara Seals

The planned threading in shared memory update gives bad actors a way around the timer mitigations released by browser vendors. Continue reading WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches→

Patch Tuesday — June 2018

Posted on June 19, 2018 by Russell Smith

PC Market Declined Almost 5 Percent in Q2 2016

In this month’s Patch Tuesday, Microsoft released a disabled-by-default patch for Spectre 4, Adobe plugs a zero-day Flash vulnerability that can be exploited via Excel, and there are fixes for DNS, black screens, and Cortana.

The post Patch Tuesday — June 2018 appeared first on Petri.

Continue reading Patch Tuesday — June 2018→

Intel’s Spectre Variant 4 Microcode Update Off by Default

Posted on June 15, 2018 by Russell Smith

In this Ask the Admin, I look at Spectre Variant 4 and whether it will affect performance as its distributed over the coming weeks.

The post Intel’s Spectre Variant 4 Microcode Update Off by Default appeared first on Petri.

Continue reading Intel’s Spectre Variant 4 Microcode Update Off by Default→

Intel Faces Yet Another Speculative Execution Flaw in Its CPUs

Posted on June 14, 2018 by Lucian Constantin

As predicted by security researchers, the Meltdown and Spectre vulnerabilities announced this year were just the tip of the iceberg when it comes to security issues related to the speculative execution feature of modern CPUs. In coordination with oper… Continue reading Intel Faces Yet Another Speculative Execution Flaw in Its CPUs→