Archive for Intel

BREAKING: New CPU Vulnerability Disclosed. Patches From Microsoft And Apple Inbound

Posted in Commentary with tags , , on May 14, 2019 by itnerd

There’s a new CPU vulnerability that has literally just been disclosed by researchers. It’s called ZombieLoad and it is similar to the Spectre and Meltdown CPU flaws that popped up a while ago. Here’s what you need to know:

“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.

 Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.

 ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.

Speaking of those patches….:

Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips, Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are affected, and all Atom and Knights processors.

But other tech giants, like consumer PC and device manufacturers, are also issuing patches as a first line of defense against possible attacks.

Computer makers Apple  and Microsoft  and browser makers Google and Mozilla  are releasing patches today.

So as soon as those patches appear for your Windows 10 computer or Mac, I would install them to protect yourself. I’ll update this post as soon as patches pop up.

UPDATE: Apple just put up this page addressing this issue:

https://support.apple.com/en-us/HT210107

In short, Apple released mitigations when they released 10.14.5 as well as other software updates for older OSes that they still support.

UPDATE #2: Google has confirmed it has released patches to mitigate against ZombieLoad. The Chrome team has a technical advisory out that says that users should rely on patches for their computer. “Operating system vendors may release updates to improve isolation, so users should ensure they install any updates and follow any additional guidance from their operating system vendor,” said Google. In other words, make sure your Windows PC or your Mac is patched. Though I will point out that a new version of Chrome just hit my PC and Mac.

UPDATE #3: Microsoft has put up a document on this. And patches have apparently been released via Windows Update. Microsoft also has a page with guidance for how to protect against the new attacks. Meanwhile over at Amazon Web Services, AWS has been updated to prevent attacks.

UPDATE #4: VMware has released software updates for vCenter Server, ESXi, Workstation, and Fusion to mitigate this threat. Details here.

 

 

Advertisements

Infographic: OEM Partnerships Are Driving Business More So Now Than Ever Before

Posted in Commentary with tags , on January 19, 2019 by itnerd

Dell and Intel released a Futurum Research study sharing insights on the evolution of OEM partnerships in the digital economy. In order to unlock these insights, they had to ask, “What drives OEM partnership?”

The overwhelming answer to this question was that OEM partnerships are driven by Digital Transformation and the desire to embrace emerging technologies for an innovation-ready future. See below for some great insights that evolved from this discovery.

Key report findings:

  • 75% of enterprises expect use of OEM partnerships to increase
  • 25% of enterprises anticipate a dramatic increase in OEM adoption
  • Top growing sectors of OEM partnerships: Banking & Finance, Media & Technology and Consumer Products (Retail, E-Tailers, etc.)
  • The use of OEM Partners to meet critical product and services needs is on the rise, a trend we expect to increase dramatically over the coming 3 to 5 years
  • 87% of organizations agree that OEM partnerships help enterprises embrace emerging technologies for an innovation-ready future
  • Top benefit of OEM partnerships: Helps organizations accelerate product & services innovation

Dell has published a blog post on this here here.

090119-oem infographic

Oh Noes! Seven New Meltdown And Spectre Style CPU Attacks Found!

Posted in Commentary with tags , , on November 14, 2018 by itnerd

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees:

Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack — two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995. Researchers say they’ve discovered the seven new CPU attacks while performing “a sound and extensible systematization of transient execution attacks” — a catch-all term the research team used to describe attacks on the various internal mechanisms that a CPU uses to process data, such as the speculative execution process, the CPU’s internal caches, and other internal execution stages. The research team says they’ve successfully demonstrated all seven attacks with proof-of-concept code. Experiments to confirm six other Meltdown-attacks did not succeed, according to a graph published by researchers.

Well. This isn’t good. It’s a safe bet that people at ARM, AMD, and Intel are scrambling to verify if these attacks are fixable and how fast they can get those fixes out to the public.

Fun times….

Intel Tries And Then Backtracks On Restricting Benchmarking Of CPU Fixes

Posted in Commentary with tags on August 24, 2018 by itnerd

Since the Spectre and Meltdown CPU flaws first became public, Intel has been on the case to fix them. The thing is their fixes have the effect of slowing down the CPU’s ability to process data, and various people and media outlets have documented that. And it appears that Intel is none too pleased about that because thanks to a reader who tipped me off about this, they tried to restrict benchmarking of their fixes:

Intel is updating its loadable CPU microcode to handle various side-channel and timing attacks. There is a new license term applied to the new microcode:

You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results.

Since the microcode is running for every instruction, this seems to be a use restriction on the entire processor. Don’t run your benchmarker at all, not even on your own software, if you “provide” or publish the results.

I say tried because once this became public, there was an epic backlash as one would expect. That forced the CPU giant to go into damage control mode via Imad Sousou, the GM of Intel’s Open-Source Technology Center:

Well at least they listened and took action quickly. But one has to wonder why they even tried to do this in the first place as you would have to imagine that this was going to be the outcome 100 times out of 100. I guess that the fact that their CPUs take a performance hit to some degree or another because of these fixes is a really touchy subject over at Intel.

BREAKING: Intel CEO Resigns Over Relationship With Employee That Was “Consensual”

Posted in Commentary with tags on June 21, 2018 by itnerd

It appears that Intel is having a #MeToo moment.

Intel has put out a press release in the last hour saying that CEO Brian Krzanich has resigned after it came to light that he had a “consensual” relationship with an employee:

Intel was recently informed that Mr. Krzanich had a past consensual relationship with an Intel employee. An ongoing investigation by internal and external counsel has confirmed a violation of Intel’s non-fraternization policy, which applies to all managers. Given the expectation that all employees will respect Intel’s values and adhere to the company’s code of conduct, the board has accepted Mr. Krzanich’s resignation.

Now taking over on an interim basis as CEO is Robert Swan who was the CFO.

The first thing that I thought of when this came to my attention was the Mark Hurd gong show that went down while he was at HP. Though he did eventually resurface at Oracle. I guess a similar reinvention is what Krzanich is hoping for. But in the here and now, Krzanich is dealing with optics that don’t look too good.

Oh Noes! Even More Spectre Like CPU Flaws Found

Posted in Commentary with tags , on May 22, 2018 by itnerd

Google and Microsoft are out with details on yet another Spectre like CPU flaw which is documented in CVE-2018-3639. It is similar to the other Spectre flaws as it stems from speculative execution. This is a technique that modern chips use to optimize their performance by making assumptions about upcoming operations. In this case if the CPU begins a process that doesn’t take place, then it should unwind and delete all of the related data. But sometimes it doesn’t do that which means that someone could get access to that data and here we are talking about it.

Intel has said that the fixes it has already deployed for other variants of this flaw should make this more difficult to exploit. And new fixes are on the way. But they may impact performance. Thus they will be off by default because the risk level is low. But the risk exists so you should expect to see some action on this front in the near future.

Security Researchers Find 8 New ‘Spectre-Class’ Flaws In Intel CPUs…. Possibly ARM Too

Posted in Commentary with tags on May 7, 2018 by itnerd

Here we go again.

Sometime today, we’re going to get details on eight… Yes eight CPU flaws that are being dubbed “Spectre NG” or Spectre Next Generation. First, here’s the details from Reuters:

Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday. The magazine, called c’t, said it was aware of Intel Corp’s plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan’s Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable… The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7…

“Considering what we have seen with Meltdown and Spectre, we should expect a long and painful cycle of updates, possibly even performance or stability issues,” said Yuriy Bulygin, chief executive officer of hardware security firm Eclypsium and a former Intel security researcher. “Hopefully, Meltdown and Spectre led to improvements to the complicated process of patching hardware.”

The reason why

Neowin also reports that Intel is expected to release microcode updates in two waves; one in May, and the other in August. But it also says this:

That being said, it appears that Google’s Project Zero may have discovered at least one of the eight vulnerabilities a while ago, and their stringent 90-day non-disclosure window may be very close to lapsing, perhaps as early as May 7, if sources are to be believed. After that, their policy is to publicly release information on the vulnerability, regardless of whether a fix is out.

Which means that this is about to get very real very quickly. I’ll be watching this story and I’ll be posting updates as new info comes to light.