Friday, 23 August, 2019

Intel processors hit with another serious security flaw impacting millions of PCs

Researchers have uncovered a new flaw in Intel chips More Researchers have uncovered a new flaw in Intel chips More
Sandy Mccarthy | 18 May, 2019, 05:03

The growing complexity of modern microprocessors coupled with the constant need to showcase improved performance with each generation finally came to a head early a year ago with the discovery of Meltdown and Spectre, two hardware vulnerabilities which allowed unprivileged processes to infer the contents of protected memory - effectively allowing any program running on an affected computer to read data including passwords and security certificate keys.

Chip giant Intel is once again in the security spotlight after researchers found a new set of vulnerabilities with its processors, which if exploited could result in the theft of data directly from the chip itself.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs", they wrote.

Intel Corp and a group of security researchers on Tuesday said they had found a new set of security flaws in its processors that will be hard to fix and are related to problems found past year.

Apple was quick to publish today a new support page to teach Mac users on macOS Mojave, High Sierra, and Sierra how to fully mitigate the newly disclosed Intel Microarchitectural Data Sampling (MDS) vulnerabilities.

Further, they said, tracking user secrets like browsing the history, website content, passwords or system-level confidences, user keys -such as disk encryption keys. Amazon Web Services said that all of its EC2 computing services have been updated with the mitigations recommended by Intel, and Microsoft released patches for Windows Server customers while assuring Azure customers that the systems running their workloads had been updated.

World Health Organization issues first advice on dementia: exercise and don't smoke
The costs of caring for people with dementia is expected to rise to $2 trillion (roughly €1.8 trillion) per year by 2030. The good news is there are ways to reduce the risk of dementia and it starts with diet and exercise.

Well, Intel has said that data centres are anticipated to be least affected by the fixes demanded. "However, software may be able to forward this speculative-only data to a side-channel disclosure gadget in a way that potentially allows malicious actors to infer the data".

"All of them have in common that they trigger a faulty read, and extract data used by transiently executed operations via a side-channel", said the researchers in an accompanying blog post.

"It's kind of like we treat the CPU as a network of components, and we basically eavesdrop on the traffic between them", Cristiano Giuffrida, a researcher on the project, told Wired.

Security researchers have revealed the Zombieload Attack to the public. "In this short moment between code execution and check, we can with the new attack see the already loaded data from other programs", Gruss explains.

While fixes may be starting to become available, it will take time for them to be applied to PCs and servers affected by the four variants.

Recommended

Google Trips: Hotels, Flights, Weather, Things To Do & More Google Trips: Hotels, Flights, Weather, Things To Do & More Google Trips simply gathers your travel information from Gmail and Inbox, then organises it automatically. Holden said that the revised service would also allow users to add bookings manually within a few weeks.

SpaceX to launch first satellites for Musk's Starlink internet service SpaceX to launch first satellites for Musk's Starlink internet service The Starlink project is an ambitious project by the billionaire entrepreneur which plans provide the internet from space. Elon Musk's SpaceX has made a business out of launching satellites for commercial customers, NASA and the USA military.

Pokemon Rumble Rush Adds To Expanding List Of Pokemon Games Pokemon Rumble Rush Adds To Expanding List Of Pokemon Games Now called Pokemon Rumble Rush , this mobile game tasks players with exploring uncharted islands and battling wild Pokemon . By equipping a " Pokemon " with a summon stone, it will be able to call another " Pokemon " to help it in battling enemies.

Sherpa climber Kami Rita scales Mount Everest for record 23rd time Sherpa climber Kami Rita scales Mount Everest for record 23rd time Every aspiring mountaineer, between April and May, flocks to grab the opportunity of climbing the highest mountain in the world. They also prepared facilities required for the mountain climbers who are expected to climb Mount Everest.

Helicopter goes down in Hudson River; pilot OK Helicopter goes down in Hudson River; pilot OK According to The Verge , the aircraft's pilot was the only person onboard and suffered non-life-threatening injuries. The incident occurred at around 2:30 p.m. local time. "It was the craziest thing I've ever seen", Byrd said.

Uber announces major Black and Black SUV enhancements, including Quiet Mode Uber announces major Black and Black SUV enhancements, including Quiet Mode That's why I hope Uber plans to expand this to UberX as well as global markets, though the company had nothing to share on that. Uber has released a new feature, dubbed Rider Preferences that allows customers to ask for minimal conversation during a ride.

US pulls staff from Iraq, says Iran gave 'blessing' for tanker attacks US pulls staff from Iraq, says Iran gave 'blessing' for tanker attacks Pompeo's message, the officials said, was that the USA wants to avoid conflict but would respond or defend itself if necessary. Calling thesituation 'very unsafe , King said, 'We may be moving toward a militaryconfrontation that would be very harmful.

Patrick Peterson’s Old Tom Brady Take Looks Bad After Reported Suspension Patrick Peterson’s Old Tom Brady Take Looks Bad After Reported Suspension Peterson will miss games against the Lions , Ravens , Panthers , Seahawks , Bengals , and Falcons before rejoining the team. He posted a few cryptic messages on social media last month while deleting all mentions of the Cardinals in his profiles.

'Most rapes are consensual': Missouri the latest USA state to restrict abortion 'Most rapes are consensual': Missouri the latest USA  state to restrict abortion In the wake of Democrats' push for abortion-til-birth legislation, the nation has been hit with a pro-life counter. Elizabeth Warren , another 2020 candidate, similarly suggested that eliminating abortion will prove deadly.

Window cleaners' basket dangles precariously from skyscraper Window cleaners' basket dangles precariously from skyscraper They knew what they were doing and they implemented their plan perfectly", Walker said at the news conference. Two people, believed to be window washers, were on the lift when it became loose and started swinging .

Britney Spears' manager says she may never perform again Britney Spears' manager says she may never perform again As far as her music is concerned, Spears is still signed to RCA Records and "at some point, she'll record again", says Rudolph. And, if she ever does want to work again, I am here to tell her if it is a good idea or not, " he said.

Walmart announces free one-day shipping on select items Walmart announces free one-day shipping on select items Not to be outdone, Walmart today announced that it too is transitioning to free next day delivery , and without a membership fee. The Bentonville-based company plans to expand the service to Southern California and expand it gradually throughout 2019.

Israeli broadcaster blames Hamas for 'missile strike' hack during Eurovision Israeli broadcaster blames Hamas for 'missile strike' hack during Eurovision Sand did not say what issues were delaying the signing of a contract, but confirmed that negotiations were in a "final stage". Australian contestant Kate Miller-Heidke is through to the finals.

Realme to launch 5G smartphone with Snapdragon 855 SoC later in 2019 Realme to launch 5G smartphone with Snapdragon 855 SoC later in 2019 For its camera, it comes with a dual rear camera setup with 48MP + 5MP sensors whereas the selfie camera comes with a 16MP sensor. Both the devices will available via prominent e-tailers in China including Jingdong starting May 20.

Putin calls for framework to denuclearize N.Korea Putin calls for framework to denuclearize N.Korea The move was reportedly a response to Tehran's alleged plans to carry out attacks on USA forces and allies in the Middle East. Pompeo and Lavrov, who appeared at ease with other, were to brief President Vladimir Putin on the meeting in the evening.