Articles about spectre

Thumbs up for Spectre-Meltdown protection

Revealed: El Reg blew lid off Meltdown CPU bug before Intel told US govt – and how bitter tech rivals teamed up

Black Hat Next time you leave things to the last minute, remember this well. Despite having known about the Meltdown and Spectre security vulnerabilities for roughly six months, Intel and other chip giants still hadn't warned the US government's cybersecurity nerve-center by the time The Register blew the lid off the design flaws. …
Iain Thomson, 9 Aug 2018

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

Computer security researchers have devised a way to exploit the speculative-execution design flaws in modern processor chips over a network connection – a possibility that sounds rather more serious but may be something less than that. Until now, Spectre attacks have required malicious code to be running on a vulnerable …
Thomas Claburn, 26 Jul 2018
Couple of slow-coach snails

Spectre/Meltdown fixes in HPC: Want the bad news or the bad news? It's slower, say boffins

HPC admin? Feeling slighted that all the good Spectre/Meltdown mitigation benchmarks ignore big iron? Fear not, a bunch of MIT boffins are on your side. Unfortunately, what they found is that network connections, disk accesses, and computational workloads can all be affected by the fixes, whether in the operating system or the …
Thumbs up for Spectre-Meltdown protection

'007' code helps stop Spectre exploits before they exist

Black hats haven't yet found a way to mass-exploit the Spectre vulnerability – but mitigations are already arriving. Beyond chip vendor and operating system patches, there remain reasons to seek out additional defences: there are still circumstances in which protective coverage is incomplete – and over in the world of Android …
Spectre logo jazzed up

Google's ghost busters: We can scare off Spectre haunting Chrome tabs

Google is touting the benefits of a recently rolled out browser security feature called Site Isolation. Site Isolation has been gradually introduced to users of the Chrome browser over several months, and now Google has officially unveiled this important piece of tech. With Site Isolation is enabled, Chrome runs a different …
John Leyden, 12 Jul 2018

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today

Exclusive Intel will today emit a dozen security alerts for its products – including details of another data-leaking vulnerability within the family of Spectre CPU flaws. This bundle of disclosures is the start of the processor giant's efforts to move to a quarterly cadence of updates, we understand. Rather than drop surprise alerts …
Chris Williams, 10 Jul 2018
Hammer and Nails

Rowhammer returns, Spectre fix unfixed, Wireguard makes a new friend, and much more

Roundup This week we dealt with buggered bookies, trouble at Ticketmaster, and a compromised Linux build from Gentoo. Here's what else went down during the week. Trustwave sued Some breaking news as we were typing away: two insurance companies, Lexington Insurance Co and Beazley Insurance Co in the US, are suing infosec biz Trustwave …
Shaun Nichols, 30 Jun 2018
Spectre logo jazzed up

Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

Oracle has released fixes for Spectre v3a, Spectre v4, and the “Lazy FPU” vulnerability. The two Spectre patches cover CVE-2018-3640 and CVE-2018-3640. As Oracle's director of security assurance Eric Maurice explained, the patches apply to both Oracle Linux and Oracle VM and the associated Intel microcode. The company was …
Someone threading the needle

OpenBSD disables Intel’s hyper-threading over CPU data leak fears

OpenBSD has disabled Intel’s hyper-threading technology, citing security concerns – seemingly, Spectre-style concerns. As detailed in this mailing list post, OpenBSD maintainer Mark Kettenis wrote that “SMT (Simultaneous Multi Threading) implementations typically share TLBs and L1 caches between threads. “This can make cache …
Simon Sharwood, 20 Jun 2018
Thumbs up for Spectre-Meltdown protection

Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix

A group of computer science researchers has proposed a way to overcome the security risk posed by speculative execution, the data processing technique behind the Spectre and Meltdown vulnerabilities. In a paper distributed this week through the ArXiv preprint server, "SafeSpec: Banishing the Spectre of a Meltdown with Leakage- …
Thomas Claburn, 16 Jun 2018
Spectre logo jazzed up

A Spectre flaw solution, Cloudflare blips, a bank cyber-heist in Canada, and more in infosec land

Roundup While we were busy chasing SpamCannibals, jailing Yahoo hackers, and blaming North Korea for everything else, there was some interesting security news going on. Let's have a look at some of the stories that didn't quite make Reg headlines. Boffins float a (sort of) fix for Spectre bug A group of researchers from TU Dresden in …
Shaun Nichols, 2 Jun 2018
spectre

Spectre-protectors: If there's something strange in your CPU, who you gonna call?

Enhanced Spectre-protectors will soon come to the Chrome browser, as its desktop stable channel hit version 67.0.3396.62 and upgrades for Windows, Mac and Linux have started to flow. The Spectre mitigation comes in the form of enhanced site isolation, first introduced in Chrome 63, in which pages from different sites run in …
Spraying bugs with insecticide

Second wave of Spectre-like CPU security flaws won't be fixed for a while

The new bunch of Spectre-like flaws revealed last week won't be patched for at least 12 days. German outlet Heise, which broke news of the eight Spectre-like vulnerabilities last week has now reported that Intel wants disclosure of the flaws delayed until at least May 21. “Intel is now planning a coordinated release on May 21 …
Spectre logo jazzed up

Fresh fright of data-spilling Spectre CPU design flaws haunt Intel

Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips. German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's …
Shaun Nichols, 3 May 2018
Flyswat

Oracle whips out the swatter, squishes 254 security bugs in its gear

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most …
Shaun Nichols, 19 Apr 2018

Chrome 66: Get into the bin, auto-playing vids and Symantec certs!

Chrome the 66th is upon us and has added some features that Google previewed in months past. One is the September 2017 decision to stop trusting Symantec’s digital certificates, ending a long dispute over the way the security vendor managed its partners’ PKI activities before June 2016. Chrome 66 will warn visitors to sites …
Simon Sharwood, 18 Apr 2018
Facebook CEO Mark Zuckerberg

Signal app guru Moxie: Facebook is like Exxon. Everyone needs it, everyone despises it

RSA 2018 Speaking at the 2018 RSA conference, a board of some of the most respected names in security spoke on Tuesday and were scathing about Facebook – and the industry's response to the Spectre processor bug. The Cryptographers' Panel, an annual tradition at the event, this year included Ronald Rivest of MIT and Adi Shamir of the …
Shaun Nichols, 17 Apr 2018
Spectre logo jazzed up

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed

Intel has issued fresh "microcode revision guidance" that reveals it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities. The new guidance, issued April 2, adds a “stopped” status to Intel’s “production …

Create a news alert about spectre, or find more stories about spectre.

Biting the hand that feeds IT © 1998–2018