Language Selection

English French German Italian Portuguese Spanish

Intel is Full of Holes

Filed under
Hardware
Security
  • A Security Issue in Intel’s Active Management Technology (AMT)
  • Backdoor In 30 Seconds: New Major AMT Security Flaw Is Here To Haunt Intel Laptops
  • Meltdown and Spectre FAQ: Crapification at Scale

    Yesterday, Yves posted a “primers on Meltdown and Spectre”, which included several explanations of the two bugs from different viewpoints; if you feel you don’t have a handle on them, please review it. Today, I want to give an overview of the two bugs. I will dig into the details of these two bugs in the form of a FAQ, and then I’ll open a discussion of the larger business and political economy issues raised in the form of a MetaFAQ. First, I should make one point: Meltdown is a bug; Specture is a class of bugs (or, if you prefer, a strategy).

    [...]

    What Are The Costs of the Meltdown and Spectre Bugs?

    A few billions.

  • Fixing Chipmageddon Will Slow Down Older Computers

    Microsoft has come out and said it: cures for the pervasive chip flaws Meltdown and Spectre are likely to dent the performance of your PC if it’s a few years old.

  • Intel needs to come clean about Meltdown and Spectre

    Intel hasn’t had the best of times recently. Meltdown and Spectre security flaws have helped reveal fundamental issues with processor designs over the past 20 years, and the software updates to protect PCs will have performance impacts. Even as I write this, it’s still not clear to anyone exactly how bad these performance impacts will be for older desktop systems, or how significant they’ll be to server-based cloud platforms. It’s all a bit of a mess, and Intel hasn’t helped with its lack of transparency. It’s time for Intel to stop hiding behind cleverly worded statements.

  • Intel details performance hit for Meltdown fix on affected processors
  • Keeping Spectre secret

    When Graz University of Technology researcher Michael Schwarz first reached out to Intel, he thought he was about to ruin the company’s day. He had found a problem with their chips, together with his colleagues Daniel Gruss, Moritz Lipp, and Stefan Mangard. The vulnerability was both profound and immediately exploitable. His team finished the exploit on December 3rd, a Sunday afternoon. Realizing the gravity of what they’d found, they emailed Intel immediately.

  • Intel's telling some customers to avoid its fix for the Spectre and Meltdown attacks — because of a big bug
  • Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

    The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research.

    A team of boffins from IOActive and IoT security startup Embedi said they had discovered 147 vulnerabilities in 34 of the most popular Android mobile apps for SCADA systems.

    Mobile applications are increasingly being used in conjunction with SCADA systems. The researchers warned these apps are "riddled with vulnerabilities that could have dire consequences on SCADA systems that operate industrial control systems".

More in Tux Machines

Everything You Need to Know About Using PPA in Ubuntu

An in-depth article that covers almost all the questions around using PPA in Ubuntu and other Linux distributions. Read more

today's howtos

Server: IBM, Oracle, Google, Red Hat and More From Cloud Native Computing Foundation (CNCF) Event

  • Open Source Is the Future, So Where Does IBM i Fit In?
    The IBM i server reached a milestone this year when it turned 30 years old, an amazing feat for a remarkable system that continues to provide computational value to tens of thousands of organizations around the world. But another birthday was celebrated this year that the IBM i community should take note of: The 20th anniversary of the beginning of the open source movement. Now, this birthday is a little bit questionable because open source software existed before 1998, of course. But the time is worth marking because an important meeting took place in Palo Alto, California, where the phrase “open source” was deliberately created by a group of industry leaders. That meeting, which was spurred by the release of the source code to the Netscape Web browser, would set into motion a movement that would change the entire IT industry. The concept of freely sharing the guts of software, rather than treating it as private property, started slowly, but it would eventually build into an insurmountable force. [...] There’s no reason why both approaches can’t co-exist. IBM can bring machine learning tools like Scikit-Learn and Numpy to the platform via PASE, while others in the IBM i community can develop native open source software, including an ERP package. There will be tradeoffs in performance and usability, of course, but having choices is part of the joy of having a healthy, robust community – and there’s even a place for proprietary software too. In the end, the momentum behind the open source software movement is just too great to ignore. Where IBM i sits in 2028, when it celebrates its 40th birthday, will largely depend on how welcoming IBM and the IBM i community are to open source software and modern software development methodologies. The future literally depends on it.
  • Oracle shows up at KubeCon bearing ‘comprehensive cloud native framework’
    Oracle crashed the party at KubeCon today, promising to free developers from vendor lock-in with what it claims is the “most comprehensive cloud native framework”. The veteran enterprise software vendor said its Oracle Cloud Native Framework “arms” developers with “a cloud native solution that spans public cloud, on premises and hybrid cloud deployments.”
  • Everything that was announced at KubeCon + CloudNativeCon
    KubeCon + CloudNativeCon 2018 is being held this week in Seattle, and naturally a long list of companies and organizations are using the event to update the public on their projects related Kubernetes and Cloud Native Computing. The event is hosted by the Cloud Native Computing Foundation, under the auspices of the Linux Foundation. The foundation oversees Kubernetes and other open source projects related to microservices.
  • Google's rent-a-cloud biz revs Istio for its Kubernetes service
    As a gathering of DevOps types at KubeCon + CloudNativeCon North America 2018 gets under way in Seattle, Washington, Google plans to tell anyone who will listen that its managed Kubernetes service, GKE, now can be ordered with Istio on the side, though you'll have to ladle it on yourself. Here's how the Chocolate Factory described the open source software: "Istio is a service mesh that lets you manage and visualize your applications as services, rather than individual infrastructure components," said Chen Goldberg, director of engineering at Google Cloud and Jennifer Lin, director of Google Cloud management, in a blog post provided in advance to The Register.
  • Exploring Kubernetes’ impact in hybrid cloud at KubeCon + CloudNativeCon North America 2018
    In a computing market constantly chasing more agile methods of deploying data, portable container technologies have become the lynchpin in enterprise multicloud strategy with the Kubernetes container orchestration at the helm. Boasting historic growth and popularity among leading cloud vendors, the relatively young technology is proving fundamental within a market transforming as a result of the freedom and experimentation it has enabled. As a shift in favor of hybrid cloud computing prompts cloud leaders to prioritize Kubernetes and, more directly, leverage its capabilities, how will its standardization and widening adoption transform the open-source tool? Moreso, how will Kubernetes continue to transform the market at large? Looking to answer these and other questions, SiliconANGLE is at KubeCon + CloudNativeCon North America 2018, currently underway in Seattle, Washington, with exclusive commentary and interviews from our roving news desk, theCUBE. TheCUBE coverage will begin at 10:30 a.m. PST Tuesday, Dec. 11, and end at 3:30 pm. Thursday, Dec. 13.
  • CNCF Takes Control of Open Source etcd Data Store Project
    The Cloud Native Computing Foundation (CNCF), which oversees the development of Kubernetes, announced today that the open source etcd distributed key value store has now been accepted as a complementary incubation project. The announcement was made at the KubeCon + CloudNativeCon North America 2018 conference today. etcd was developed by CoreOS to provide a reliable way to store data across a cluster of machines. CoreOS was subsequently acquired by Red Hat. At its base level, etcd is written in Go and relies on the Raft consensus algorithm to manage a highly available replicated log to manage everything from recovering from hardware failures to portioning networks.
  • Red Hat donates a key open-source Kubernetes tool to the Cloud Native Computing Foundation
  • The Cloud Native Computing Foundation adds etcd to its open-source stable
    The Cloud Native Computing Foundation (CNCF), the open-source home of projects like Kubernetes and Vitess, today announced that its technical committee has voted to bring a new project on board. That project is etcd, the distributed key-value store that was first developed by CoreOS (now owned by Red Hat, which in turn will soon be owned by IBM). Red Hat has now contributed this project to the CNCF. Etcd, which is written in Go, is already a major component of many Kubernetes deployments, where it functions as a source of truth for coordinating clusters and managing the state of the system. Other open-source projects that use etcd include Cloud Foundry, and companies that use it in production include Alibaba, ING, Pinterest, Uber, The New York Times and Nordstrom.

Android Leftovers