Browsing tag
When The Register broke the massive side-channel attack flaws pertaining to Intel and other CPUs, it was reported that the users should expect a significant slowdown after installing the patches. Now, Microsoft has performed some benchmarking tests and offered a concrete idea of what you should expect. In a post on Microsoft’s Secure blog, Terry […]
Apple has issued a statement regarding the Meltdown and Spectre vulnerabilities, confirming all Mac systems and iOS devices are affected, but saying there are no known exploits impacting customers at this time. Apple, like Microsoft, has urged users to download software only from trusted sources, such as the App Store. The iPhone maker has already […]
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn’t be able to. […]
All the major banks and telecom companies are implementing security software fixes to counter Meltdown and Spectre the two major flaws that are impacting computers and smartphones. According to an article on teen.sag, these companies have also notified their customers to take immediate measure. “As a responsible Internet service provider, we always ensure that our network equipment […]
A simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs: CVE-2017-5753 bounds check bypass (Spectre Variant 1) Impact: Kernel & all software Mitigation: recompile software and kernel with a modified compiler that introduces the LFENCE opcode at the proper positions in the resulting code Performance impact of […]
Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache. Refer to the paper by Lipp et. al 2017 for details: https://meltdownattack.com/meltdown.pdf. Can only dump linux_proc_banner at the moment, since requires accessed memory to be in cache and linux_proc_banner is cached on every read from /proc/version. Might work with […]
After initial reports of Intel screwing up big time in the form of massive security flaws, it was later released that the problem is bigger and it affects CPUs from AMD and ARM as well. The flaws being talked about here are Meltdown and Spectre, and they affect almost all devices produced in the last […]
The silicon giant has started rolling out security updates for all Intel-powered devices affected by the vulnerabilities Meltdown and Spectre that Google Project Zero team made public on Wednesday. Known to have existed on devices released since 1995, these Intel CPU bugs could allow an attacker to access restricted areas of the operating system’s kernel […]
Earlier today, we reported on some shocking news — there is a serious vulnerability that affects Intel processors. To make matters worse, patching that vulnerability — now known as “Meltdown” — would cause an up-to 30 percent performance degradation. Yikes! If you have an AMD processor, you are safe, right? Yes, but not really. You see, […]