Spectre and Meltdown are a pair of chip-level security bugs that exploit something called “speculative execution,” through which chips boost performance by making shrewd guesses about which computer operations are performed together.
Spectre and Meltdown represented a new class of never-seen-before attacks, and as news of their existence percolated through security circles, it sparked a scavenger hunt for more errors of their sort, with many more coming to light.
Intel calls these “Microarchitectural Data Sampling” (MDS) attacks, and now a team of industry and academic researchers (some of whom worked on the original Spectre/Meltdown papers) have gone public with a new set of MDS bugs that Intel was given advance notice of (some of these bugs were discovered more than a year ago). All but the most recent Intel chips are vulnerable to these attacks (you can check your system here).
The researchers have dubbed the new defects CPU Fail, and they have disclosed three CPU Fail attacks: Zombieload, RIDL, and Fallout, which they class as “less serious than Meltdown but worse than Spectre.”
Intel and the researchers disagree about the seriousness of this defect. Intel says it’s not a very big deal, while the researchers say it’s pretty urgent.
There’s likely a lot more of this to come, too: researchers are just getting to grips with the possibilities of MDS attacks.
“It’s kind of like we treat the CPU as a network of components, and we basically eavesdrop on the traffic between them,” says Cristiano Giuffrida, one of the researchers in the VUSec group at Vrije Universiteit Amsterdam who discovered the MDS attack. “We hear anything that these components exchange.”
“In essence, [MDS] puts a glass to the wall that separates security domains, allowing attackers to listen to the babbling of CPU components,” reads one line of a VUSec paper on the flaws, which will be presented next week at the IEEE Security and Privacy conference.
Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs [Andy Greenberg/Wired]
Back in 2018, evil got a shot in the arm when Nazi collaborators Bayer were allowed to buy Big Ag monopolists Monsanto, celebrating the marriage by getting rid of the Monsanto name (on the grounds that Monsanto’s tactics had tarnished their reputation even worse than Bayer’s use of concentration camp slaves and fatal medical experiments […]
Warren Buffet is famous for identifying the need for businesses to have “moats” and “walls” around their profit-centers to keep competitors out, and data-centric companies often cite their massive collections of user-data as “moats” that benefit from “network effects” to make their businesses good investments.
Mega-retailer Walmart on Tuesday announced next-day delivery on more than 200,000 items for orders over $35.
Tired of bulging pockets? It seems crazy that we’re carrying around tiny AI computers in one pocket, while the other one is overstuffed with cash, cards and old receipts held together by a flimsy piece of cloth or leather. The bad news is, most of us still need those cards (and occasionally, even the cash). […]
Ask any webmaster, photographer or graphic designer: Adobe Photoshop is about so much more than touching up pictures. If you want to learn a wide array of marketable skills in this essential software, there’s no better way than to dive in with the Complete Photoshop Master Class Bundle 2019. Even if you’ve never so much […]
Plastic straws are on their way out. Big cities and entire states have realized this, and more are sure to join Seattle, California and a growing number of others in curbing the use of single-serve straws in the months and years to come. The thing is, there’s already 175 billion of them going into our […]