Researchers keep finding Spectre-style bugs in processors

In January 2018, researchers made a blockbuster announcement of seemingly unpatchable security bugs lurking in Intel processors; after a round of initial reassurances about the mitigations for these bugs, it became apparent that the reassurances were overblown, and active exploits were found in the field -- and then still-more bugs exploiting "speculative execution," started to pour out of the security research community. Read the rest

Son of Spectre: researchers are about to announce eight more Meltdown-style defects in common microprocessors

The New Years revelation that decades' worth of Intel's processors had deep, scary defects called "Spectre" and "Meltdown" still has security experts reeling as they contemplate the scale of patching billions of devices that are vulnerable to attack. Read the rest

AMDFLAWS: a series of potentially devastating (but controversial) attacks on AMD processors

Israeli security research firm CTS-Labs has published a white paper detailing nine flaws in AMD processors that they claim leave users open to devastating attacks with no mitigation strategies; these attacks include a range of manufacturer-installed backdoors. Read the rest

139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild

This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. Read the rest

What Ken Thompson's seminal (terrifying!) "On Trusting Trust" tells us about the Spectre and Meltdown bugs

When Unix co-inventor Ken Thompson won the Turing Prize for his work, he dropped a bombshell in his acceptance speech: as an exercise, he had buried a back-door so deeply into the Unix infrastructure that no one had ever found it (to his knowledge). Read the rest

OK, panic again: patching Spectre and Meltdown has been a disaster

When the news of two showstopping bugs in virtually every computer in use today broke, it was scary stuff -- experts predicted that mitigating these bugs would be difficult and impose severe performance penalties on patched systems; a week later, Google released research suggesting that the fear was misplaced, and that patching would be an orderly and relatively painless process. Read the rest

Google says it can mitigate Spectre with "negligible" effect

Two days ago, an industry/academic team released a terrifying alert about a pair of CPU bugs called Spectre and Meltdown that allowed one program to steal data from another, even with the best memory-management and isolation techniques -- news that meant that virtually all the mission-critical computers in the world could no longer be trusted to handle sensitive data securely. Read the rest

Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws

Five months after learning of the devastating Spectre and Meltdown bugs, Intel CEO Brian Krzanich sold off more than $39,000,000 worth of his Intel stock, all he was permitted to liquidate. Read the rest

Virtually every modern computer is vulnerable to a pair of devastating attacks, and there's only a fix for one of them, and it sucks

Today, three groups of security researchers from the Technical University of Graz, Cerberus Security, and Google Project Zero revealed a pair of defects in modern computers that allow adversaries to steal passwords and other sensitive data from virtually any computer in use today. Read the rest

A new, made-in-China subprime crisis

As China's banks struggle under the weight of never-to-be-repaid subprime loans (which were turned into bonds using the same trick that produced the US/EU subprime crisis), the Chinese government is throwing money at them to loan out to ever-dodgier borrowers, just to change the ratio of delinquent debts to ones that have yet to turn delinquent. Read the rest