iGyaan Network

Tag: Spectre

  • Intel Facing Multiple Lawsuits Over Chip Security Flaw

    Intel Facing Multiple Lawsuits Over Chip Security Flaw

    The last couple of days have been frantic for the tech community. Ever since Google released two documents detailing the security flaws in almost every CPU in the world right now, the consumers have patiently waited for a fix for their devices. Some, however, have decided to take matters into their own hands. Owners of Intel-based CPUs in Oregon, California and Indiana have sued Intel over the security flaws that have been highlighted in its chipset.

    They claim that the vulnerability in the chipset, which Intel learned about several months ago, make its chips inherently faulty. Intel has provided security patches ever since, but, the complaints raise concerns that these patches will hinder the performance of their computers and is not an adequate response to the serious issues raised against the company’s products.

    A couple of days ago, Google along with other security researchers released a couple of documents which chronicled the major security flaws in Intel, AMD, and ARM processors. The reason this flaw is much more complex than the usual software or hardware bugs is that it’s more than just a bug that can be fixed with an update. The flaw lies in the middle, at the level of the processors’ “architectures,” in the way all the millions of transistors and logic units work together to carry out tasks.

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

    Google announced a fix for one Meltdown and Spectre vulnerability each and claimed that these fixes won’t result in system slowdowns which was feared by many.

  • Google’s Fix For Spectre And Meltdown Won’t Cause Significant Slowdowns

    Google’s Fix For Spectre And Meltdown Won’t Cause Significant Slowdowns

    A couple of days ago, Google along with a few other security researchers conceded that almost all the CPUs currently functioning across the world are susceptible to a major security breach. The company released two white papers chronicling the two main ways through which the CPUs can be affected, called Meltdown and Spectre.

    It now appears that Google has a fix for this flaw and it might not cause a significant slowdown as well. In a blog post, Google said that it has shared a new fix, called Retpoline which fixes one of the Spectre vulnerabilities (CVE-2017-5715). Along with that, the company also deployed a Kernel Page Table Isolation (KPTI) fix that protects against the Meltdown (CVE-2017-5754) vulnerability.

    There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

    However, Google has maintained that it doesn’t guarantee that there won’t be any slowdowns.

    In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

     

  • Apple Admits Spectre And Meltdown Affects All macOS And iOS Devices

    Apple Admits Spectre And Meltdown Affects All macOS And iOS Devices

    Alphabet’s Google, along with a few other security researchers published a document which chronicled two major flaws found in nearly all modern CPUs. The reason this flaw is much more complex than the usual software or hardware bugs is that it’s more than just a bug that can be fixed with an update. The flaw lies in the middle, at the level of the processors’ “architectures,” in the way all the millions of transistors and logic units work together to carry out tasks.

    In the architecture of modern CPUs, there are unpenetrable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

    MacBook Pro

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

    Meltdown affects Intel processors and works by penetrating through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Spectre affects Intel, AMD, and ARM processors, which basically means that it affects anything with a chip in it, from mobile phones to thermostats.

    iPhone X

    In a response to this revelation, Apple has come out and conceded that its devices are not immune to the security flaws. In a statement, the company announced that all its macOS and iOS devices are affected but, mitigations are either already in place or in the final stages of being rolled out. Apple has stated that it has already dealt with Meltdown:

    Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation.

    This is what the company had to say about Spectre:

    Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser.

    Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.

    In a nutshell, this means that while Meltdown is no longer a threat, Spectre remains the only major flaw which can be exploited and Apple will soon release a fix for that.

  • Daniel Craig Refused $50 Million Android Product Placement in ‘Spectre’

    Daniel Craig Refused $50 Million Android Product Placement in ‘Spectre’

    A James Bond movie is a hotbed for product placements. That’s because Bond himself has a rich taste when it comes to cars, watches and everything else and only prefers the luxurious side of life. Bond films are characterized by Aston Martin cars, Rolex and Omega watches and the latest in Q technology. So, there is no way that Bond would be caught with a phone that does not keep with his image.

    However, too much product placement can damage the image of the character as well. Which is why the latest James Bond flick, Spectre, has cut down on endorsing products. This also included not giving Bond a smartphone. Both Bond star Daniel Craig and director Sam Mendes refused offers by Sony and Samsung to have Bond stylishly carry their smartphone.

    The offers that started with $5 million escalated to $50 million (Samsung’s offer). Samsung was additionally ready to pay $5 million to Craig for being seen using an Android phone in the movie with Samsung’s logo. However, both offers were rejected after judging the phones to be too lackluster for Bond.

    “Beyond the $$ factor, there is, as you may know, a creative factor whereby Sam and Daniel don’t like the Sony phone for the film (the thinking, subjectively/objectively is that James Bond only uses the ‘best,’ and in their minds, the Sony phone is not the ‘best’),” wrote Andrew Gumpert, President of Worldwide Business Affairs and Operations for Columbia Pictures.

    Another reason behind shunning Android could be because of its cheap image and notoriety for suffering security vulnerabilities like Stagefright that happened only a few months ago. This surely does not keep with the image of an international super-spy.

    Spectre has surpassed Skyfall, the previous Bond film, in the opening week at the box office. The film has grossed $80.4 million in UK alone. The movie will hit theaters in India on 20th November.

  • The New Full-length Bond Trailer is Here

    The New Full-length Bond Trailer is Here

    The full-length version of the new film ‘Spectre’ directed by Sam Mendes, that is part of the James Bond franchise, has been released. The film is rumoured to be the biggest and most expensive Bond movie till date. The trailer opens with M (being played by Ralph Fiennes aka Lord Voldemort) questioning Bond about his unofficial and controversial trip to Mexico City for which he gets a typical Bond-like response “I was on a vacation”.

    Instantly, one gets the new Bond vibe that Daniel Craig has so effortlessly created.

    Bond Cast Poster

    The trailer seems to have all the ingredients of a successful Bond film – exotic locations in Mexico, fast cars, witty dialogues, a Bond-like story and a stellar cast. But we shouldn’t get ahead of ourselves. Sam Mendes has returned with Spectre and the trailer sees Bond going rogue to infiltrate a secret organization called Spectre. This movie is also expected to tie up lose ends from Casino Royale and Quantum of Solace, especially where Bond villain Mr. White (Jesper Christensen) is concerned and deals with Bond’s past.

    The star studded cast sees Daniel Craig reprising the role of James Bond, Ralph Fiennes as M, Christoph Waltz as the new villain (perhaps the only one who can compete with Javier Bardem),the underrated but absolutely brilliant, Ben Wishaw as Q, and of course, the new Bond girl Monica Bellucci. The film also stars Naomie Harris,Léa Seydoux and Andrew Scott (from Sherlock fame).

    Dates for a worldwide release have not been announced although Spectre releases in the UK first on October 26, 2015 and in the U.S. on November 6, 2015.

    Are these ingredients enough to make Spectre as smart and riveting as Skyfall? Watch the trailer below and let us know.

iGyaan Network
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.