Spectre and Meltdown are a pair of chip-level security bugs that exploit something called "speculative execution," through which chips boost performance by making shrewd guesses about which computer operations are performed together. Read the rest

In January 2018, researchers made a blockbuster announcement of seemingly unpatchable security bugs lurking in Intel processors; after a round of initial reassurances about the mitigations for these bugs, it became apparent that the reassurances were overblown, and active exploits were found in the field -- and then still-more bugs exploiting "speculative execution," started to pour out of the security research community. Read the rest

The New Years revelation that decades' worth of Intel's processors had deep, scary defects called "Spectre" and "Meltdown" still has security experts reeling as they contemplate the scale of patching billions of devices that are vulnerable to attack. Read the rest

Israeli security research firm CTS-Labs has published a white paper detailing nine flaws in AMD processors that they claim leave users open to devastating attacks with no mitigation strategies; these attacks include a range of manufacturer-installed backdoors. Read the rest

This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. Read the rest

When Unix co-inventor Ken Thompson won the Turing Prize for his work, he dropped a bombshell in his acceptance speech: as an exercise, he had buried a back-door so deeply into the Unix infrastructure that no one had ever found it (to his knowledge). Read the rest

When the news of two showstopping bugs in virtually every computer in use today broke, it was scary stuff -- experts predicted that mitigating these bugs would be difficult and impose severe performance penalties on patched systems; a week later, Google released research suggesting that the fear was misplaced, and that patching would be an orderly and relatively painless process. Read the rest

Two days ago, an industry/academic team released a terrifying alert about a pair of CPU bugs called Spectre and Meltdown that allowed one program to steal data from another, even with the best memory-management and isolation techniques -- news that meant that virtually all the mission-critical computers in the world could no longer be trusted to handle sensitive data securely. Read the rest

Five months after learning of the devastating Spectre and Meltdown bugs, Intel CEO Brian Krzanich sold off more than $39,000,000 worth of his Intel stock, all he was permitted to liquidate. Read the rest

Today, three groups of security researchers from the Technical University of Graz, Cerberus Security, and Google Project Zero revealed a pair of defects in modern computers that allow adversaries to steal passwords and other sensitive data from virtually any computer in use today. Read the rest

As China's banks struggle under the weight of never-to-be-repaid subprime loans (which were turned into bonds using the same trick that produced the US/EU subprime crisis), the Chinese government is throwing money at them to loan out to ever-dodgier borrowers, just to change the ratio of delinquent debts to ones that have yet to turn delinquent. Read the rest