Language Selection

English French German Italian Portuguese Spanish

Intel is Full of Holes

Filed under
Hardware
Security
  • A Security Issue in Intel’s Active Management Technology (AMT)
  • Backdoor In 30 Seconds: New Major AMT Security Flaw Is Here To Haunt Intel Laptops
  • Meltdown and Spectre FAQ: Crapification at Scale

    Yesterday, Yves posted a “primers on Meltdown and Spectre”, which included several explanations of the two bugs from different viewpoints; if you feel you don’t have a handle on them, please review it. Today, I want to give an overview of the two bugs. I will dig into the details of these two bugs in the form of a FAQ, and then I’ll open a discussion of the larger business and political economy issues raised in the form of a MetaFAQ. First, I should make one point: Meltdown is a bug; Specture is a class of bugs (or, if you prefer, a strategy).

    [...]

    What Are The Costs of the Meltdown and Spectre Bugs?

    A few billions.

  • Fixing Chipmageddon Will Slow Down Older Computers

    Microsoft has come out and said it: cures for the pervasive chip flaws Meltdown and Spectre are likely to dent the performance of your PC if it’s a few years old.

  • Intel needs to come clean about Meltdown and Spectre

    Intel hasn’t had the best of times recently. Meltdown and Spectre security flaws have helped reveal fundamental issues with processor designs over the past 20 years, and the software updates to protect PCs will have performance impacts. Even as I write this, it’s still not clear to anyone exactly how bad these performance impacts will be for older desktop systems, or how significant they’ll be to server-based cloud platforms. It’s all a bit of a mess, and Intel hasn’t helped with its lack of transparency. It’s time for Intel to stop hiding behind cleverly worded statements.

  • Intel details performance hit for Meltdown fix on affected processors
  • Keeping Spectre secret

    When Graz University of Technology researcher Michael Schwarz first reached out to Intel, he thought he was about to ruin the company’s day. He had found a problem with their chips, together with his colleagues Daniel Gruss, Moritz Lipp, and Stefan Mangard. The vulnerability was both profound and immediately exploitable. His team finished the exploit on December 3rd, a Sunday afternoon. Realizing the gravity of what they’d found, they emailed Intel immediately.

  • Intel's telling some customers to avoid its fix for the Spectre and Meltdown attacks — because of a big bug
  • Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

    The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research.

    A team of boffins from IOActive and IoT security startup Embedi said they had discovered 147 vulnerabilities in 34 of the most popular Android mobile apps for SCADA systems.

    Mobile applications are increasingly being used in conjunction with SCADA systems. The researchers warned these apps are "riddled with vulnerabilities that could have dire consequences on SCADA systems that operate industrial control systems".

More in Tux Machines

today's howtos

Linux Microsoft Office Alternatives

Despite what you may have been led to believe, there are in fact a number of solid Linux alternatives for Microsoft Office available. In fact, there are even options available with varied levels of docx support, if that is something relevant to your business. This article will explore my recommended Microsoft Office alternatives for Linux. Some of them you've likely heard of, others may be cloud/server based options that you might not have thought much about until now. Read more Also: The best open source video editors 2018: free to download, edit, use and share

Security: Updates, WordPress, Hardware Patches, and Open Source Security Podcast

  • Security updates for Tuesday
  • WordPress 4.9.2 Security and Maintenance Release
    WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.
  • Debian-Based SolydXK Linux OS Receives Patch for Meltdown Security Vulnerability
    The Debian-based SolydXK Linux operating system has been updated today with patches for the Meltdown security vulnerability, as well as various other new features and improvements. To mitigate the Meltdown security exploit that allows a locally installed program to access the memory, including the kernel memory, and steal sensitive information like passwords and encryption keys, the SolydXK 201801 ISO images are now powered by the latest kernel release with patches against this vulnerability.
  • Chakra GNU/Linux Now Patched Against Meltdown & Spectre Security Vulnerabilities
    It's time for users of the Chakra GNU/Linux operating system to patch their systems against the Meltdown and Spectre security vulnerabilities as new kernel updates landed today in the repos. Publicly disclosed earlier this month, the Meltdown and Spectre security vulnerabilities are affecting us all, but OS vendors and OEMs are trying their best to mitigate them so that no user can be the victim of attacks where their sensitive data is at risk of getting in the hands of the wrong person.
  • Open Source Security Podcast: Episode 78 - Risk lessons from Hawaii

GNOME Devs to Users: Desktop Icons Are Moving to GNOME Shell with GNOME 3.28

There appears to be a lot of fuss lately about the removal of an option from the GNOME desktop environment that allows users to display icons on their desktops. Long story short, last month, near the Christmas holidays, GNOME developer Carlos Soriano shared his plans on removing a so-called "the desktop" feature from the Nautilus file manager starting with the upcoming GNOME 3.28 release of the desktop environment, proposing its integration into the GNOME Shell component. The feature is there to handle application icons on the user's workspace, but it shouldn't have been implemented in Nautilus in the first place, according to the developer. So for the GNOME devs to be able to add new features to the Nautilus file manager, they need to remove its ability to handle desktop icons and place the code somewhere else. Read more