Security News

You only LVI twice: Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling flaw will cost you 50%+ of performance
2020-03-10 17:00

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

BlueKeep Attacks Crash Systems Due to Meltdown Patch
2019-11-11 12:09

The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines. read more

New SWAPGS Side-Channel Attack Bypasses Spectre and Meltdown Defenses
2019-08-07 13:55

Researchers demonstrate a new side-channel attack that bypass mitigations against Spectre and Meltdown.

OpenSSH adds protection against Spectre, Meltdown, RAMBleed
2019-06-24 12:10

OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private...

Why MDS vulnerabilities present a threat as serious as Spectre and Meltdown
2019-05-15 18:00

Microarchitectural Data Sampling are CPU side-channel vulnerabilities that allow attackers to view in-flight data from CPU-internal buffers. Learn more about MDS attacks in this comprehensive guide.

Perpetual 'Meltdown': Security in the Post-Spectre Era
2019-03-28 17:18

SonicWall's Bill Conner on Side-Channel Attacks and Other Emerging ThreatsThe information security world has been beset by the emergence of multiple side-channel attacks, including Meltdown,...

'This collaboration is absolutely critical going forward'... One positive thing about Meltdown CPU hole? At least it put aside tech rivalries...
2019-02-15 07:12

Execs, experts hope this cooperation continues to hold for the next big bug A panel of eggheads from Intel, the US government, and academia held court this week to figure how they can keep the...

Boffin suggests taking the ostrich approach for Spectre-Meltdown-grade processor flaws, other security holes: Don't say anything public – zip it
2019-02-04 22:36

Prof asks: What good comes from letting everyone know a vulnerability exists? A computer engineering professor has an interesting idea for how to handle the public disclosure of serious...

Boffin suggests Trappist monk approach for Spectre-Meltdown-grade processor flaws, other security holes: Don't say anything public – zip it
2019-02-04 22:36

Prof asks: What good comes from letting everyone know a vulnerability exists? A computer engineering professor has an interesting idea for how to handle the public disclosure of serious...

Spectre and Meltdown explained: New variants and more efficient patches
2019-02-01 20:32

Learn about these uniquely dangerous vulnerabilities as TechRepublic's James Sanders discusses up-to-date info on the latest variants and best mitigation strategies to minimize performance impact.