Articles about spectre

Spectre graphic

Virus screener goes down, Intel patches more chips, Pegasus government spying code spreads across globe

Roundup When we weren't dealing with malware bricked-breweries, poorly-wiped servers or litigious vendors, we had a number of other security headaches to keep busy with. Here's a few of them. Gov pay sites pilfered Government pay portals were in the crosshairs of cybercriminals this week. First, there was GovPayNow, who got the …
Shaun Nichols, 22 Sep 2018

Intel rips up microcode security fix license that banned benchmarking

Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors – after the previous wording outlawed public benchmarking of the chips. The software, released this month, counters the Foreshadow aka L1TF Spectre-related flaws in its CPUs. However, its terms of use …
Thomas Claburn, 23 Aug 2018
Meltdown bug

Fix for July's Spectre-like bug is breaking some supers

High-performance computing geeks are sweating on a Red Hat fix, after a previous patch broke the Lustre file system. In July, Intel disclosed patches for another Spectre-like data leak bug, CVE-2018-3693. Red Hat included its own fixes in an August 14 suite of security patches, and soon after, HPC sysadmins found themselves …
Thumbs up for Spectre-Meltdown protection

Revealed: El Reg blew lid off Meltdown CPU bug before Intel told US govt – and how bitter tech rivals teamed up

Black Hat Next time you leave things to the last minute, remember this well. Despite having known about the Meltdown and Spectre security vulnerabilities for roughly six months, Intel and other chip giants still hadn't warned the US government's cybersecurity nerve-center by the time The Register blew the lid off the design flaws. …
Iain Thomson, 9 Aug 2018

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

Computer security researchers have devised a way to exploit the speculative-execution design flaws in modern processor chips over a network connection – a possibility that sounds rather more serious but may be something less than that. Until now, Spectre attacks have required malicious code to be running on a vulnerable …
Thomas Claburn, 26 Jul 2018
Couple of slow-coach snails

Spectre/Meltdown fixes in HPC: Want the bad news or the bad news? It's slower, say boffins

HPC admin? Feeling slighted that all the good Spectre/Meltdown mitigation benchmarks ignore big iron? Fear not, a bunch of MIT boffins are on your side. Unfortunately, what they found is that network connections, disk accesses, and computational workloads can all be affected by the fixes, whether in the operating system or the …
Thumbs up for Spectre-Meltdown protection

'007' code helps stop Spectre exploits before they exist

Black hats haven't yet found a way to mass-exploit the Spectre vulnerability – but mitigations are already arriving. Beyond chip vendor and operating system patches, there remain reasons to seek out additional defences: there are still circumstances in which protective coverage is incomplete – and over in the world of Android …
Spectre logo jazzed up

Google's ghost busters: We can scare off Spectre haunting Chrome tabs

Google is touting the benefits of a recently rolled out browser security feature called Site Isolation. Site Isolation has been gradually introduced to users of the Chrome browser over several months, and now Google has officially unveiled this important piece of tech. With Site Isolation is enabled, Chrome runs a different …
John Leyden, 12 Jul 2018

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today

Exclusive Intel will today emit a dozen security alerts for its products – including details of another data-leaking vulnerability within the family of Spectre CPU flaws. This bundle of disclosures is the start of the processor giant's efforts to move to a quarterly cadence of updates, we understand. Rather than drop surprise alerts …
Chris Williams, 10 Jul 2018
Hammer and Nails

Rowhammer returns, Spectre fix unfixed, Wireguard makes a new friend, and much more

Roundup This week we dealt with buggered bookies, trouble at Ticketmaster, and a compromised Linux build from Gentoo. Here's what else went down during the week. Trustwave sued Some breaking news as we were typing away: two insurance companies, Lexington Insurance Co and Beazley Insurance Co in the US, are suing infosec biz Trustwave …
Shaun Nichols, 30 Jun 2018
Spectre logo jazzed up

Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

Oracle has released fixes for Spectre v3a, Spectre v4, and the “Lazy FPU” vulnerability. The two Spectre patches cover CVE-2018-3640 and CVE-2018-3640. As Oracle's director of security assurance Eric Maurice explained, the patches apply to both Oracle Linux and Oracle VM and the associated Intel microcode. The company was …
Someone threading the needle

OpenBSD disables Intel’s hyper-threading over CPU data leak fears

OpenBSD has disabled Intel’s hyper-threading technology, citing security concerns – seemingly, Spectre-style concerns. As detailed in this mailing list post, OpenBSD maintainer Mark Kettenis wrote that “SMT (Simultaneous Multi Threading) implementations typically share TLBs and L1 caches between threads. “This can make cache …
Simon Sharwood, 20 Jun 2018
Thumbs up for Spectre-Meltdown protection

Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix

A group of computer science researchers has proposed a way to overcome the security risk posed by speculative execution, the data processing technique behind the Spectre and Meltdown vulnerabilities. In a paper distributed this week through the ArXiv preprint server, "SafeSpec: Banishing the Spectre of a Meltdown with Leakage- …
Thomas Claburn, 16 Jun 2018
Spectre logo jazzed up

A Spectre flaw solution, Cloudflare blips, a bank cyber-heist in Canada, and more in infosec land

Roundup While we were busy chasing SpamCannibals, jailing Yahoo hackers, and blaming North Korea for everything else, there was some interesting security news going on. Let's have a look at some of the stories that didn't quite make Reg headlines. Boffins float a (sort of) fix for Spectre bug A group of researchers from TU Dresden in …
Shaun Nichols, 2 Jun 2018
spectre

Spectre-protectors: If there's something strange in your CPU, who you gonna call?

Enhanced Spectre-protectors will soon come to the Chrome browser, as its desktop stable channel hit version 67.0.3396.62 and upgrades for Windows, Mac and Linux have started to flow. The Spectre mitigation comes in the form of enhanced site isolation, first introduced in Chrome 63, in which pages from different sites run in …
Spraying bugs with insecticide

Second wave of Spectre-like CPU security flaws won't be fixed for a while

The new bunch of Spectre-like flaws revealed last week won't be patched for at least 12 days. German outlet Heise, which broke news of the eight Spectre-like vulnerabilities last week has now reported that Intel wants disclosure of the flaws delayed until at least May 21. “Intel is now planning a coordinated release on May 21 …
Spectre logo jazzed up

Fresh fright of data-spilling Spectre CPU design flaws haunt Intel

Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips. German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's …
Shaun Nichols, 3 May 2018
Flyswat

Oracle whips out the swatter, squishes 254 security bugs in its gear

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most …
Shaun Nichols, 19 Apr 2018

Create a news alert about spectre, or find more stories about spectre.

Biting the hand that feeds IT © 1998–2018