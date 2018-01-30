Language Selection

Security: Updates, NSA-Windows, Image Previewer, and CPU Bugs

Thursday 1st of February 2018 11:45:39 PM
Security
  • Security updates for Thursday
  • Cryptocurrency mining malware infects over 500,000 PCs with NSA exploit

    New cryptocurrency mining viruses have lately spread to infect Windows computers as virtual currency-related malware becomes popular and profitable among cyber criminals.

    The viruses are being spread using same EternalBlue exploit, which has been developed by the US National Security Agency (NSA). The exploit was recently used as part of the worldwide WannaCry ransomware attack.

  • Image Previewer: First Firefox Addon that Injects an In-Browser Miner?

    The Image Previewer addon is promoted by web sites that pretend to be a manual Firefox update, but in reality push a Firefox addon to the visitor. This is done through repeated Javascript alerts and user authentication prompts that push the user into installing the addon directly from the site.

  • Beware! This Is The First Firefox Extension That Injects Crypto Miner In Your Browser
  • ​Linux performance before and after Meltdown and Spectre fixes
  • Spectre/Meltdown Pits Transparency Against Liability: Which is More Important to You?

    There is a lot of righteous anger directed toward Intel over CPU bugs that were revealed by Spectre/Meltdown. I agree that things could have been handled better, particularly with regards to transparency and the sharing of information among the relevant user communities that could have worked together to deploy effective patches in a timely fashion. People also aren’t wrong that consumer protection laws obligate manufacturers to honor warranties, particularly when a product is not fit for use as represented, if it contains defective material or workmanship, or fails to meet regulatory compliance.

    However, as an open source hardware optimist, and someone who someday aspires to see more open source silicon on the market, I want to highlight that demanding Intel return, exchange, or offer rebates on CPUs purchased within a reasonable warranty period is entirely at odds with demands that Intel act with greater transparency in sharing bugs and source code.

    [...]

    The open source community could use the Spectre/Meltdown crisis as an opportunity to reform the status quo. Instead of suing Intel for money, what if we sue Intel for documentation? If documentation and transparency have real value, then this is a chance to finally put that value in economic terms that Intel shareholders can understand. I propose a bargain somewhere along these lines: if Intel releases comprehensive microarchitectural hardware design specifications, microcode, firmware, and all software source code (e.g. for AMT/ME) so that the community can band together to hammer out any other security bugs hiding in their hardware, then Intel is absolved of any payouts related to the Spectre/Meltdown exploits.

  • Reckoning The Spectre And Meltdown Performance Hit For HPC
