Two days ago, an industry/academic team released a terrifying alert about a pair of CPU bugs called Spectre and Meltdown that allowed one program to steal data from another, even with the best memory-management and isolation techniques -- news that meant that virtually all the mission-critical computers in the world could no longer be trusted to handle sensitive data securely.
Both bugs attack "speculative execution" -- a performance-enhancing technique used in microprocessors, in which the processor makes shrewd predictions about operations it will be asked to undertake in the near future and does that work pro-actively, discarding the results when it guesses wrong. Because speculative execution is so important to processor speed, the initial news alerts warned that mitigation would impose up to 30% performance-hits on processors.
Yesterday, the Google Security Blog featured an analysis of two new techniques for guarding against Spectre-style speculative execution attacks: "Retpoline" ("a binary modification technique that protects against 'branch target injection' attacks") and "Kernel Page Table Isolation" ("a general purpose technique for better protecting sensitive information in memory from other software running on a machine"), both of which had been deployed to all of Google's worldwide Linux systems, which power the majority of Google's services.
On these systems, the mitigation techniques imposed "negligible impact on performance" -- a far cry from the 30% we were warned of the day before. Google warns that your mileage may vary: since these techniques guard against interference with speculative execution, they may be highly application-specific, so Google advises "thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact."
Google’s Mitigations Against CPU Speculative Execution Attack Methods [Google Help]
More details about mitigations for the CPU Speculative Execution issue [Matt Linton/Google Security Blog]
(via The Verge)
VPNFilter is a virulent, sophisticated, multistage worm that has successfully infected 500,000 home routers, leaving them vulnerable to both surveillance (the malware snoops network traffic for passwords) and region-wide internet shutdowns (VPNFilter can brick the routers it infects, and an attacker could shut down most or all of the home/small business internet access in a […]
VPNFilter is a sophisticated, multi-stage malware package, part of the new breed of boot-persistent malware (software that can survive a reboot); it targets home routers and network-attached storage devices, then steals passwords and logins that traverse the network and exfiltrates it to the creators' servers.
The White House Communications Agency, staffed with military information security experts, is in charge of making sure that the President's cellular phone isn't getting hacked by adversaries who might otherwise be able to listen in on his calls, capture his messages, intercept his search history, and remotely operate his camera and microphone. Donald Trump routinely […]
Businesses big and small use Microsoft Excel for everything from data visualization to bookkeeping, and chances are you’ve already had some exposure to this ubiquitous tool. Whether you’re looking to improve your hiring potential or boost your Excel efficiency, the Ultimate All-Level Excel Bootcamp can get you Excel-savvy with nearly 70 hours of training, and it’s […]
The workday is long, and inevitably, you’re going to find yourself needing to take a break from the daily grind. With Mini Materials Miniature Cinder Blocks, you can take some time for yourself and decompress by turning your desk into a miniature construction site. They’re available today in the Boing Boing Store for $22.49. Handmade […]
Handheld radios might seem a bit archaic, but in an emergency situation, few things will keep you as reliably connected to the outside world. This Emergency Multi-Function Radio & Flashlight takes the utility of the tried-and-true radio and combines it with a powerful flashlight and self-sufficient energy system. It’s available in the Boing Boing Store for […]