Autore Topic: After Meltdown and Spectre, meet a new set of Intel chip flaws  (Letto 1 volte)

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline Ruggero Respigo

  • Global Moderator
  • Newbie
  • *****
  • Post: 0
  • Karma: 2
  • Ruggero Respigo - Milano
    • Mostra profilo
    • Ruggero Resppigo - Dottore Commercialista a Milano
    • E-mail
After Meltdown and Spectre, meet a new set of Intel chip flaws
« Risposta #1 il: Maggio 15, 2019, 08:14:26 pm »
Advertisement
After Meltdown and Spectre, meet a new set of Intel chip flaws

Those who warned that the Meltdown and Spectre computer chip flaws revealed last year would trigger a new era of hardware vulnerability discovery were on to something. On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same “speculative execution” process, which is used to improve CPU performance, that was central to Meltdown and Spectre. The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. Like Meltdown and Spectre, there isn’t evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners. The colorfully named ZombieLoad attack, for example, would unearth private browsing history and leak information from a computer’s application, operating system and virtual machines in the cloud. The RIDL attack would leak information from different security buffers inside the Intel […]


The post After Meltdown and Spectre, meet a new set of Intel chip flaws appeared first on CyberScoop.



Those who warned that the Meltdown and Spectre computer chip flaws revealed last year would trigger a new era of hardware vulnerability discovery were on to something.


On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same “speculative execution” process, which is used to improve CPU performance, that was central to Meltdown and Spectre.


The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. Like Meltdown and Spectre, there isn’t evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners.


The colorfully named ZombieLoad attack, for example, would unearth private browsing history and leak information from a computer’s application, operating system and virtual machines in the cloud. The RIDL attack would leak information from different security buffers inside the Intel processors, while an attack called Fallout would allow an adversary to read data recently written by an operating system. When paired with a data-reading aspect of Spectre, another attack, dubbed “stored-to-leak forwarding,” would abuse the store buffer to leak data or monitor the operating system.


Intel said its own internal team discovered the vulnerabilities first. The researchers who published details on the attacks hailed from companies Cyberus, BitDefender Oracle, Qihoo360, along with Belgium’s KU Leuven, the University of Adelaide, University of Michigan, Graz University of Technology, the Helmholtz Center for Information Security, Vrije Universiteit Amsterdam and Worcester Polytechnic Institute.


“We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse,” researchers wrote in a summary of the RIDL and Fallout attacks.


The vulnerabilities were already addressed at the hardware level in recent versions of Intel Core processors, the chip giant said. Other affected products can be mended via microcode and operating system hypervisor updates that will be made available starting Tuesday.


“Ever since Meltdown/Spectre, if not before, researchers have been going over every micro-architectural enhancement from the past 40 years and assessing them as side-channel targets,” said Joe FitzPatrick, an instructor and researcher at SecuringHardware.com, a training site.


“That’s part of why we have over a dozen people finding similar vulnerabilities in a short time span.”


The discovery of Meltdown and Spectre, which was made by some of the same researchers, led to reforms of the cumbersome process for disclosing vulnerabilities in the hardware industry — reforms that the new chip vulnerabilities could put to the test.


The post After Meltdown and Spectre, meet a new set of Intel chip flaws appeared first on CyberScoop.


Source: After Meltdown and Spectre, meet a new set of Intel chip flaws


Ruggero Respigo , dottore commercialista a Milano, svolge dal 1979 l’attività di  Libero Professionista e Consulente aziendale per le maggiori aziende italiane ed estere. https://www.ruggerorespigo.it

 

Related Topics

  Oggetto / Aperto da Risposte Ultimo post
0 Risposte
48 Visite
Ultimo post Luglio 11, 2018, 08:00:49 pm
da Flavio58
0 Risposte
71 Visite
Ultimo post Luglio 11, 2018, 11:38:59 pm
da Marco1971
0 Risposte
48 Visite
Ultimo post Luglio 12, 2018, 08:03:04 pm
da Flavio58
0 Risposte
44 Visite
Ultimo post Agosto 18, 2018, 04:01:12 am
da Ruggero Respigo
0 Risposte
33 Visite
Ultimo post Ottobre 10, 2018, 12:03:37 am
da Flavio58

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326