InterviewAt the AWS re:Invent conference last week, The Register asked Chris Schlaeger, director of kernel and operating systems, how the cloud giant protects itself and its customers from speculative execution bugs in Intel CPUs. Schlaeger told us he's responsible "for the lowest layer of the software stack that runs on almost all the …

Intel is once again moving to patch its CPU microcode following the revelation of yet another data-leaking side-channel vulnerability. The same group of university boffins who helped uncover the infamous Spectre and Meltdown flaws say that a third issue, reported back in May under the name ZombieLoad, extends even further into …

UpdatedGaming PC specialist Razer has been singled out for leaving its motherboards vulnerable to a well-known and critical firmware vulnerability. Infosec bod Bailey Fox said Razer's Intel notebook models are still vulnerable to CVE-2018-4251, a security screw-up that potentially allows malware with administrative rights to alter …

A panel of eggheads from Intel, the US government, and academia held court this week to figure how they can keep the likes of El Reg from spoiling their next major bug reveal. The group met at the Churchill Club in San Francisco to reflect on 2018's big security story – the Spectre-Meltdown CPU flaws – and ponder how it could …

A computer engineering professor has an interesting idea for how to handle the public disclosure of serious vulnerabilities: don't. Professor Gus Uht, engineering professor-in-residence at the University of Rhode Island, USA, argues that everyone would be safer if those who discover serious vulnerabilities refrain from …

RoundupWhile the drama of the aborted Windows 10 October update continued to unfold last week and excited buyers received their shiny Surface devices, Microsoft kept itself busy flinging out new development tools and battling buggy CPUs. Harrassed travellers to have a glorious, Skype-based future? Heathrow passengers struggling to …

HPC admin? Feeling slighted that all the good Spectre/Meltdown mitigation benchmarks ignore big iron? Fear not, a bunch of MIT boffins are on your side. Unfortunately, what they found is that network connections, disk accesses, and computational workloads can all be affected by the fixes, whether in the operating system or the …

A group of computer science researchers has proposed a way to overcome the security risk posed by speculative execution, the data processing technique behind the Spectre and Meltdown vulnerabilities. In a paper distributed this week through the ArXiv preprint server, "SafeSpec: Banishing the Spectre of a Meltdown with Leakage- …

Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips. German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's …

If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available. Microsoft issued an update in late March after Swedish researcher Ulf Frisk turned up what he dubbed “Total Meltdown.” The bug Frisk found was that …

The Xen Project last week sent the first release candidate of Xen 4.11 down the slipway, ahead of a few weeks’ testing and a planned release on June 1st, 2018. To help you understand what will land on that day, The Register asked Lars Kurth, chair of the Xen Project Advisory Board for his views on what’s important and new in …

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most …

RSA 2018Speaking at the 2018 RSA conference, a board of some of the most respected names in security spoke on Tuesday and were scathing about Facebook – and the industry's response to the Spectre processor bug. The Cryptographers' Panel, an annual tradition at the event, this year included Ronald Rivest of MIT and Adi Shamir of the …

Intel has made much of its NUC and Compute Stick mini-PCs as a way to place computers to out-of-the-way places like digital signage. Such locations aren’t the kind of spots where keyboards and pointing devices can be found, so Intel sweetened the deal by giving the world an Android and iOS app called the “Intel Remote Keyboard …

Intel has issued fresh "microcode revision guidance" that reveals it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities. The new guidance, issued April 2, adds a “stopped” status to Intel’s “production …

Microsoft today issued an emergency security update to correct a security update it issued earlier this month to correct a security update it issued in January and February. In January and February, Redmond emitted fixes for Windows 7 and Server 2008 R2 machines to counter the Meltdown chip-level vulnerability in modern Intel …

Intel’s shrugged off two new allegations of design flaws that enable side-channel attacks. One of the new allegations was discussed at Black Hat Asia in Singapore last week, where University of Graz PhD Students Moritz Lipp and Michael Schwarz delivered a talk titled “When good turns to evil: using Intel SGX to stealthily …

Microsoft's January and February security fixes for Intel's Meltdown processor vulnerability opened up an even worse security hole on Windows 7 PCs and Server 2008 R2 boxes. This is according to researcher Ulf Frisk, who previously found glaring shortcomings in Apple's FileVault disk encryption system. We're told Redmond's …