Articles about meltdown

power outage

UK.gov demands urgent answers as TSB IT meltdown continues

The government is demanding urgent answers over a botched systems upgrade at TSB that has locked out up to 1.9 million customers. The IT meltdown happened after a planned upgrade between 4pm on Friday 20 April and 6pm on Sunday 22 April as TSB migrated from former parent Lloyds Banking Group's systems to shiny new ones. TSB …
Kat Hall, 24 Apr 2018
Spinal tap 11 volume knob

Xen turns it up to 4.11 and shrinks itself to contain containers

The Xen Project last week sent the first release candidate of Xen 4.11 down the slipway, ahead of a few weeks’ testing and a planned release on June 1st, 2018. To help you understand what will land on that day, The Register asked Lars Kurth, chair of the Xen Project Advisory Board for his views on what’s important and new in …
Simon Sharwood, 24 Apr 2018
Flyswat

Oracle whips out the swatter, squishes 254 security bugs in its gear

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most …
Shaun Nichols, 19 Apr 2018
Facebook CEO Mark Zuckerberg

Signal app guru Moxie: Facebook is like Exxon. Everyone needs it, everyone despises it

RSA 2018 Speaking at the 2018 RSA conference, a board of some of the most respected names in security spoke on Tuesday and were scathing about Facebook – and the industry's response to the Spectre processor bug. The Cryptographers' Panel, an annual tradition at the event, this year included Ronald Rivest of MIT and Adi Shamir of the …
Shaun Nichols, 17 Apr 2018
Intel NUC5i5RYK

NUC, NUC! Who's there? Intel, warning you to kill a buggy keyboard app

Intel has made much of its NUC and Compute Stick mini-PCs as a way to place computers to out-of-the-way places like digital signage. Such locations aren’t the kind of spots where keyboards and pointing devices can be found, so Intel sweetened the deal by giving the world an Android and iOS app called the “Intel Remote Keyboard …
Spectre logo jazzed up

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed

Intel has issued fresh "microcode revision guidance" that reveals it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities. The new guidance, issued April 2, adds a “stopped” status to Intel’s “production …
A surprised cat

Microsoft patches patch for Meltdown bug patch: Windows 7, Server 2008 rushed an emergency fix

Microsoft today issued an emergency security update to correct a security update it issued earlier this month to correct a security update it issued in January and February. In January and February, Redmond emitted fixes for Windows 7 and Server 2008 R2 machines to counter the Meltdown chip-level vulnerability in modern Intel …
Shaun Nichols, 29 Mar 2018

Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX

Intel’s shrugged off two new allegations of design flaws that enable side-channel attacks. One of the new allegations was discussed at Black Hat Asia in Singapore last week, where University of Graz PhD Students Moritz Lipp and Michael Schwarz delivered a talk titled “When good turns to evil: using Intel SGX to stealthily …
Simon Sharwood, 28 Mar 2018
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Microsoft's Windows 7 Meltdown fixes from January, February made PCs MORE INSECURE

Microsoft's January and February security fixes for Intel's Meltdown processor vulnerability opened up an even worse security hole on Windows 7 PCs and Server 2008 R2 boxes. This is according to researcher Ulf Frisk, who previously found glaring shortcomings in Apple's FileVault disk encryption system. We're told Redmond's …
Shaun Nichols, 28 Mar 2018
inception_screengrab_648

We need to go deeper: Meltdown and Spectre flaws will force security further down the stack

Around 2003, a computer security portent that had been cheerlessly simmering away for years suddenly came to the boil. This was an era stricken by malware attacks on a scale few had prepared for, running software beset with flaws some vendors seemed disinclined to acknowledge let alone fix. Vulnerabilities, including high- …
John E Dunn, 26 Mar 2018
Shutterstock tools

Creaking Chromebooks getting Meltdown protection soon

Older Chromebook owners should keep an eye open for Chrome OS updates, because Google has announced they'll get Meltdown protection soon. The fix for the now-notorious speculative execution side-channel attack will arrive in Chrome OS 66. This went to the beta channel for Android last Friday (March 16). Older Chromebooks …
spectre

Intel: Our next chips won't have data leak flaws we told you totally not to worry about

Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about. Over the past couple of months, it has been incredible watching Chipzilla revise its position, in public and behind the scenes, over and over again. In …
John Leyden, 15 Mar 2018
Meltdown

Microsoft starts buying speculative execution exploits

Microsoft has created a new class of bug bounty specifically for speculative execution bugs like January's Meltdown and Spectre processor CPU design flaws. Noting that the Project Zero discoveries “represented a major advancement in the research in this field”, Redmond said the bounties will be available until 31 December 2018 …
Spectre graphic

Microsoft lobs Skylake Spectre microcode fixes out through its Windows

Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips. Redmond said those who run Windows 10 Fall Creators Update and Windows Server Core with Skylake (aka 6th-generation Core) CPUs can go through the Microsoft Update Catalogue to get …
Shaun Nichols, 1 Mar 2018
Homer Simpson

Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves

Vid The Spectre design flaws in modern CPUs can be exploited to punch holes through the walls of Intel's SGX secure environments, researchers claim. SGX – short for Software Guard eXtensions – is a mechanism that normal applications can use to ring-fence sections of memory that not even the operating system nor a hypervisor can …
Three candles - suggesting performance graph

Intel gives Broadwells and Haswells their Meltdown medicine

Intel slipped out a new Microcode Update Guidance on Monday, revealing that lots of Haswell and Broadwell Xeons can now receive inoculations against the Meltdown and Spectre CPU design flaws. The new document (PDF) says Broadwell processors with CPUIDs 50662, 50663, 50664, 40671, 406F1, 306D4 and 40671 are ready for their …
Simon Sharwood, 28 Feb 2018
Evil Uncle Sam

Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it

Letters sent to the United States Congress by Intel and the other six companies in the Meltdown/Spectre disclosure cabal have revealed how and why they didn't inform the wider world about the dangerous chip design flaws. Republican members of the House Energy and Commerce Committee sent letters to the seven in January, to seek …
Simon Sharwood, 23 Feb 2018
Meltdown bug

OpenBSD releases Meltdown patch

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's – pretty much the same approach as was taken in the Linux kernel. A few days after the Meltdown/Spectre bugs emerged in January, OpenBSD's Phillip Guenther responded to user concerns with a post …

Create a news alert about meltdown, or find more stories about meltdown.

Biting the hand that feeds IT © 1998–2018