SPECTRE – Page 9 – WindowsTechs.com

Foreshadow, the new data-stealing vulnerabilities impacting Intel chips

Posted on August 14, 2018 by Patrick Howell O'Neill

Three new Spectre-class vulnerabilities that impact how Intel chips process information were revealed on Tuesday. The bugs mean data meant to be protected can be accessed by a hackers due to speculative execution leaks, a problem that’s plagued all modern processors since the beginning of the year. The problem, which ironically lays in Intel’s security technology SGX, may allow hackers to access private data including passwords and other files. The data can be stolen across virtual machines or applications on the same device. Speculative execution works like this: All modern chips make educated assumptions — the speculation — about what will happen next in order to speed up performance — the execution. The original class of attack included the Spectre (Variants 1 and 2) and Meltdown (Variant 3) vulnerabilities, discovered by Google’s Project Zero and made public in January. Virtually all modern computer chips have even impacted. There have been […]

The post Foreshadow, the new data-stealing vulnerabilities impacting Intel chips appeared first on Cyberscoop.

Continue reading Foreshadow, the new data-stealing vulnerabilities impacting Intel chips→

Intel CPUs Undermined By Fresh Speculative Execution Flaws

Posted on August 14, 2018 by Lindsey O'Donnell

‘Foreshadow” and other vulnerabilities in Intel processors can be exploited to steal sensitive information stored inside personal computers or personal clouds. Continue reading Intel CPUs Undermined By Fresh Speculative Execution Flaws→

Intel’s SGX blown wide open by, you guessed it, a speculative execution attack

Posted on August 14, 2018 by Peter Bright

Speculative execution attacks truly are the gift that keeps on giving. Continue reading Intel’s SGX blown wide open by, you guessed it, a speculative execution attack→

How to fix Spectre variant 3a and variant 4?e

Posted on August 2, 2018 by user183433

How I can fix CVE-2018-3640 [rogue system register read] aka ‘Variant 3a’ and CVE-2018-3639 [speculative store bypass] aka ‘Variant 4’? My status for them is VULNERABLE. I have Intel CPU and using kernel 4.17.

I read on a si… Continue reading How to fix Spectre variant 3a and variant 4?e→

Spectre, OWASP, and iGoat – Application Security Weekly #26

Posted on August 1, 2018 by Security Weekly Productions

New Spectre attack can remotely steal secrets, Microsoft discovers supply chain attack at unnamed maker of PDF Software, XSS filter in edge, OWASP iGoat is a vulnerable swift application for iOS, and much more! Full Show NotesFollow us on Twitter: http… Continue reading Spectre, OWASP, and iGoat – Application Security Weekly #26→

Mozilla still working on Firefox’s site isolation security revamp

Posted on August 1, 2018 by John E Dunn

Mozilla’s Firefox browser doesn’t have site isolation security yet, but plans to enable it are in the works. Continue reading Mozilla still working on Firefox’s site isolation security revamp→

Do Meltdown and Spectre affect other Intel products such as SSDs?

Posted on July 31, 2018 by EMBLEM

I’ve found a good deal on an Intel SSD but I don’t want to worry about the security hole or the loss of performance from patching it.

Continue reading Do Meltdown and Spectre affect other Intel products such as SSDs?→

Spectre chip weakness can be used to steal data remotely

Posted on July 31, 2018 by John E Dunn

Researchers have found a new variant of the Spectre CPU flaw that shows how attackers could steal data remotely without having to run malicious code on a local system. Continue reading Spectre chip weakness can be used to steal data remotely→

What is NetSpectre?

Posted on July 27, 2018 by isanae

A new attack was revealed in a document titled NetSpectre: Read Arbitrary Memory over Network (PDF warning). I’ve seen a few non-technical writeups about the fact that it’s a pretty slow attack:

The biggest [downside] is … Continue reading What is NetSpectre?→

NetSpectre attack can exploit CPUs to leak information remotely, researchers say

Posted on July 27, 2018 by Zaid Shoorbajee

Researchers now say it’s possible to use the infamous Spectre vulnerability in a way that does not require direct access to a victim’s device. Researchers from the Graz University of Technology in Austria write in a paper published Thursday that they can exploit the Spectre flaw remotely without having to run code on the target machine. Such an attack, dubbed NetSpectre, would allow hackers to trick applications into leaking private information, albeit very slowly. “The attacker only sends a series of crafted requests to the victim and measures the response time to leak a secret value from the victim’s memory,” the researchers explain. Spectre is a CPU flaw affecting most modern computers that was revealed by researchers in January. It was originally thought that attackers trying to exploit it would need to somehow install malware on a victim’s device, either by tricking them into downloading malicious code or by running malicious JavaScript on a website the victim visited. […]

The post NetSpectre attack can exploit CPUs to leak information remotely, researchers say appeared first on Cyberscoop.

Continue reading NetSpectre attack can exploit CPUs to leak information remotely, researchers say→