Research

Intel Acknowledges Chip-Level Security Vulnerability In Processors

Intel Acknowledges Chip-Level Security Vulnerability In Processors

Researchers said they named one flaw "Meltdown" because it "basically melts security boundaries which are normally enforced by the hardware".

Researchers at Alphabet's Google Project Zero, working with academics, discovered the security problems, including one that affects computer chips by leading maker Intel. There is no known fix for it, and it is not clear what chip makers like Intel will do to address the problem.

The industry has been aware of the problem for months and hoped to solve it before details were made public.

There's no evidence that bad actors have yet exploited the bugs, but companies from Microsoft to Mozilla said this week they have worked to patch up vulnerabilities to their operating systems and browsers to protect against one of the bugs.

It has issued guidance about Meltdown and Spectre, including advice on what people can do to protect themselves.

According to the researchers, every Intel processor made since 1995 (specifically, those that implement out-of-order execution) are affected.

"Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws".

"These bugs are an absolute disaster", said Matthew Hickey, a cyber-security expert at Hacker House.

"You may find that patches aren't yet available", he told the BBC.

More news: Kratos Defense & Security Solutions (KTOS) Stock Rating Upgraded by Zacks Investment Research

Microchips are the basic electronic systems behind many devices such as computers and mobile phones. This basically removes the part of kernel from the memory of the program.

In many cases, that information is supposed to be secure from attempts to snoop on it, but these two bugs mean that it could in fact be accessed by a third party.

In a statement published yesterday, Intel claims that the loophole is not specific to their products and reports of slowdowns during fixes have been exaggerated.

"What actually happens with these flaws is different and what you do about them is different", said Paul Kocher, a researcher who was an integral member of a team of researchers at big tech companies like Google and Rambus and in academia that discovered the flaws.

Horn said Google built proof-of-concepts for problems that were exposed in earlier academic work by researchers affiliated with institutions in Austria, the United States and Australia, and some private firms.

Update - The story has been updated with Intel's response.

The open-source community that oversees the Linux operating system, which powers around 30% of the world's computer servers, has posted a patch for Meltdown, the New York Times reported. It is easier to exploit than Spectre, and can steal secrets buried inside a PC. In addition, be sure to check out Google's blog detailing the exploits and its efforts to help mitigate attacks across its hardware and software platforms. Google says Android devices are protected if they have the latest security updates. The flaw could let attackers bypass kernel access protections and allow regular apps to read the contents of kernel memory. Intel has not spoken publicly about the issue, and security researchers are believed to be working under an embargo to patch the affected system.

"It is significant but whether it will be exploited widely is another matter", said Prof Alan Woodward, from the University of Surrey.


  • Vodafone Group (VOD) Upgraded to "Overweight" at Barclays

    After $0.34 actual EPS reported by Weyerhaeuser Company for the previous quarter, Wall Street now forecasts 2.94% EPS growth. Marble Harbor Investment Counsel Llc increased Vodafone Group Plc New ( VOD ) stake by 8.71% reported in 2017Q3 SEC filing.
    Baltimore Schools Closed After Outrage Over Frigid Classrooms

    Baltimore Schools Closed After Outrage Over Frigid Classrooms

    Staff in about 60 district schools complained about heating issues, nearly one-third of the city's total. On Wednesday, Maybin posted a video to Twitter of a discussion he had with students at Matthew A.
    'Fire and Fury' release causes frenzy at DC bookstores

    'Fire and Fury' release causes frenzy at DC bookstores

    In D.C., shoppers lined up late Thursday night when Kramer's Bookstore announced they would start selling the book at 12:01 a.m. By Friday afternoon, the book had 84 reserve requests. "We have seen this degree of interest in books before", she said.
  • TransDigm Group Incorporated (TDG) Draws Bullish Attention After Forming Double Top Pattern

    The aerospace company reported $3.48 earnings per share for the quarter, topping the consensus estimate of $3.18 by $0.30. The stock of TransDigm Group Incorporated (NYSE:TDG) earned "Buy" rating by RBC Capital Markets on Friday, October 6.
    Unknown apps: How does Android Oreo control installation?

    Unknown apps: How does Android Oreo control installation?

    So that means it is not being done in secret really , but most people are not aware this is happening. The good news is that there is a way to opt-out of this information being collected.
    Manchester United Fans Hammer Henrikh Mkhitaryan After Another Poor Performance

    Manchester United Fans Hammer Henrikh Mkhitaryan After Another Poor Performance

    He had a couple of missed possessions but he was playing well, he was giving (a) good dynamic to the team. I did at half-time. "Doubt he'll be coming our for the 2nd half at this rate".
  • Young Sheldon will return for a second season

    Zoe Perry plays Sheldon's mother Mary, a role originated on The Big Bang Theory by Perry's real-life mother Laurie Metcalf . Parsons got himself a gig on " The Big Bang Theory " spin-off " Young Sheldon ", on which he serves as narrator.
    Samsung to supply hardware for Verizon's 5G service

    Samsung to supply hardware for Verizon's 5G service

    Samsung will use its in-house technology and assets to build commercial 5G home routers and 5G radio access units for Verizon. Meanwhile, T-Mobile announced that is working with Intel and Nokia on trials ahead of commercial 5G services by 2020.

    Earnings Analysis Of Citizens Financial Group, Inc. (CFG)

    The institutional investor owned 70,865 shares of the bank's stock after acquiring an additional 4,026 shares during the period. It increased, as 50 investors sold CFG shares while 178 reduced holdings. 55 funds opened positions while 175 raised stakes.
  • Amid chip flap, Intel scurries to combat 'inaccurate media reports'

    Amid chip flap, Intel scurries to combat 'inaccurate media reports'

    Apple did not respond to requests for comment about how the chip issue may be affecting the company's operating systems. Both Intel and Google said they were planning to disclose the issue next week when fixes will be available .

    Lowe's Companies, Inc. (LOW) Shares Bought by Robecosam AG

    Dynamic Solutions Ltd Liability Corp holds 0.26% of its portfolio in Lowe's Companies, Inc. (NYSE:LOW) for 157,214 shares. Among 28 analysts covering Ulta Salon Cosmetics & Fragrance Inc ( NASDAQ:ULTA ), 15 have Buy rating, 0 Sell and 13 Hold.

    Macs and iOS devices also affected by Meltdown and Spectre vulnerabilities

    Apple plans to reduce the risk of attacks exploiting Spectre by releasing an update for Safari for iOS in the coming days. Users should only download apps from trusted sources to avoid being made vulnerable, the post said.