DARPA invites hackers to break hardware to make it more secure

For more than two years, the Pentagon’s research arm has been working with engineers to beef up the security of computer chips before they get deployed in weapons systems or other critical technologies. Now, the research arm — the Defense Advanced Research Projects Agency (DARPA) — is turning the hardware over to elite white-hat hackers who can earn up to $25,000 for bugs they find. The goal is to throw an array of attacks at the hardware so its foundations are more secure before production. “We need the researchers to really roll their sleeves up and dig into what we’re doing and try to break it,” said Keith Rebello, a DARPA program manager. Hardware hacks often involve identifying vulnerabilities in how a computer chip handles information, like the flaw uncovered in Intel microprocessors in March that could have allowed attackers to run malicious code early in the boot process. While software bug bounties are ubiquitous in […]

The post DARPA invites hackers to break hardware to make it more secure appeared first on CyberScoop.

Continue reading DARPA invites hackers to break hardware to make it more secure

Intel patches graphics drivers and offers new LVI flaw mitigations

Intel’s March security updates reached its customers this week and the dominant theme is the bundle of flaws affecting Graphics drivers. Continue reading Intel patches graphics drivers and offers new LVI flaw mitigations

Intel promises fix after researchers reveal ‘CacheOut’ CPU flaws

Forget the infamous Meltdown and Spectre chip flaws from 2018, the problem that’s tying down Intel’s patching team these days is a more recent class of side channel vulnerabilities known collectively as ZombieLoad. Continue reading Intel promises fix after researchers reveal ‘CacheOut’ CPU flaws

Intel pushes for hardware-specific additions to vulnerability taxonomy

The professionals who work to uncover security vulnerabilities in hardware must find a “common language” for categorizing them in order to make important strides in securing those systems, according to chipmaking giant Intel Corp. Hardware researchers “do not have the same standard taxonomy that would enable them to share information and techniques with one another,” Intel researchers Arun Kanuparthi and Hareesh Khattri argued in an op-ed published this week on Help Net Security, an information security website. “If we expect hardware vendors and their partners to collectively deliver more secure solutions, we must have a common language for discussing hardware security vulnerabilities,” Kanuparthi and Khattri wrote. At issue is the Common Weakness Enumeration (CWE) system, a list that is used as a yardstick on which to map Common Vulnerabilities and Exposures (CVE). CVEs are more familiar to security researchers as signposts for potential threats, and they’re a notch in the belt […]

The post Intel pushes for hardware-specific additions to vulnerability taxonomy appeared first on CyberScoop.

Continue reading Intel pushes for hardware-specific additions to vulnerability taxonomy