Security News
Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."
The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines. read more
Researchers demonstrate a new side-channel attack that bypass mitigations against Spectre and Meltdown.
OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private...
Microarchitectural Data Sampling are CPU side-channel vulnerabilities that allow attackers to view in-flight data from CPU-internal buffers. Learn more about MDS attacks in this comprehensive guide.
SonicWall's Bill Conner on Side-Channel Attacks and Other Emerging ThreatsThe information security world has been beset by the emergence of multiple side-channel attacks, including Meltdown,...
Execs, experts hope this cooperation continues to hold for the next big bug A panel of eggheads from Intel, the US government, and academia held court this week to figure how they can keep the...
Prof asks: What good comes from letting everyone know a vulnerability exists? A computer engineering professor has an interesting idea for how to handle the public disclosure of serious...
Prof asks: What good comes from letting everyone know a vulnerability exists? A computer engineering professor has an interesting idea for how to handle the public disclosure of serious...
Learn about these uniquely dangerous vulnerabilities as TechRepublic's James Sanders discusses up-to-date info on the latest variants and best mitigation strategies to minimize performance impact.