Collaborate Disseminate
Added to the AMD section of the Meltdown/Spectre resource page, which for administrative reasons has now been moved here. [16th March 2018] Not Meltdown/Spectre, but allegedly similar issues: Richi Jennings for Tech Beacon: AMD CPU PSP holes… Continue reading 16th March 2018 resources updates
Microsoft is looking to target new speculative execution side channel vulnerabilities – similar to Spectre and Meltdown – with a new bug bounty program. Continue reading New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown
Intel is introducing hardware-based protections to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when they were announced in early 2018. Continue reading Intel Details CPU ‘Virtual Fences’ Fix As Safeguard Against Spectre, Meltdown Flaws
Reading up on Spectre and Meltdown attacks again, I don’t get why they were hyped so much.
These are cache attacks that take advantage of the instruction pipeline processing implementation in addition to the cache implement… Continue reading What is the significance of Spectre and Meltdown?
Microsoft has expanded its bug bounty programs to include monetary rewards for vulnerabilities that stem from speculative execution, a feature in modern processors that sits at the core of the Meltdown and Spectre vulnerabilities disclosed this year. … Continue reading Microsoft Offers $250K Bounty for Meltdown-Like Bugs in CPUs
Microcodes for Sandy Bridge and newer are now available. Continue reading Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips
Intel’s upcoming processors will come with silicon level fixes for Meltdown and Spectre with updated processor design.
The post Intel’s Next-Gen Processors Will Include Protection Against Meltdown and Spectre at the Silicon Level appeared first … Continue reading Intel’s Next-Gen Processors Will Include Protection Against Meltdown and Spectre at the Silicon Level
A small cybersecurity company and research group is publicly reporting major, Meltdown-style vulnerabilities in chips made by AMD, yet the disclosure itself has sent security researchers into a frenzy about possible ulterior motives. CTS Labs, an Israeli cybersecurity company that purportedly focuses on hardware, launched a website and released a white paper on Tuesday describing 13 security flaws in AMD’s EPYC, Ryzen, Ryzen Pro and Ryzen processors. The chips are used in laptops, mobile devices and servers. The vulnerabilities reportedly include backdoors that would allow attackers to inject malicious code onto AMD’s chips. Such malware could allow attackers to take complete control of AMD processors, steal network credentials, install malware and read and write on protected memory areas, among other risks. CTS Labs released the vulnerability information on a public website, amdflaws.com, saying it released the findings for the sake of public awareness. “In particular, we urge the community to pay closer attention to […]
The post What’s worse? The AMD chip flaws or the disclosure process? appeared first on Cyberscoop.
Continue reading What’s worse? The AMD chip flaws or the disclosure process?
Products receiving the most patches included Microsoft browsers and browser-related technologies such as the company’s JavaScript engine Chakra. Continue reading Microsoft Patches 15 Critical Bugs in March Patch Tuesday Update
Today’s patches also include an annoying-looking remote code execution bug. Continue reading Patch Tuesday drops the mandatory antivirus requirement after all