Google's Project Zero says it discovered three variants of CPU attack, affecting AMD, ARM, and Intel; Android devices with latest security update are safe
Last year, Google's Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors …
Google Online Security Blog
Related Coverage
- What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability The Keyword · Ben Treynor Sloss
- View article CSO
- Reading privileged memory with a side-channel Project Zero · Jann Horn
- Here Are All The Available Fixes You Need For Those Huge Chip Hacks Forbes · Thomas Fox-Brewster
- Google knew about Spectre and Meltdown processor bugs last year, so its products are (mostly) protected BetaNews · Mark Wycislik-Wilson
- View article Silicon Republic
- Securing Azure customers from CPU vulnerability Microsoft Azure Cloud …
- Product Status — Google's Mitigations Against CPU Speculative Execution Attack Methods Google Help
- The Clever Engineering Behind Intel's Chipocalypse Motherboard · Michael Byrne
- Spectre, Meltdown: Critical CPU Security Flaws Explained ExtremeTech · Joel Hruska
- Researchers discover major security flaw that affects every modern CPU MediaNama · Siladitya Ray
- How to protect yourself from Meltdown and Spectre CPU flaws CNET · Sean Hollister
- AWS, Google, and Microsoft promise their clouds are mostly protected from processor flaw VentureBeat · Blair Hanley Frank
- Cloud infrastructure vendors begin responding to chip kernel vulnerability TechCrunch · Ron Miller
- Cyber Security Alert: Intel, AMD and ARM-powered computers, phones vulnerable to hacking International Business Times · Rohit KVN
- Google's Project Zero Team Discovered Critical CPU Flaw Last Year Slashdot · BeauHD
- Amazon, Microsoft, and Google respond to Intel chip vulnerability CNBC · Jordan Novet
- Intel's Response to Its Security Problem Suggests AMD Has an Opening TheStreet · Eric Jhonsa
- View article Ars Technica
- Google says it's got your back on major CPU vulnerability Mashable · Jack Morse
- Azure customers should not see a “noticeable performance impact” due to Intel, AMD CPU vulnerability patches On MSFT · Arif Bacchus
- Intel, Microsoft Grapple With Widespread Computer-Chip Weakness Bloomberg · Ian King
- Security Bulletins Google Cloud Platform
- Google's Project Zero team discovered processor security flaw, sought fixes Neowin · John Keefer
- Intel, AMD, and ARM weigh in on Spectre and Meltdown security vulnerabilities, discovered by Google's Project Zero Liliputing · Brad Linder
- “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws Ars Technica · Peter Bright
- Intel reveals chip design flaw that could have allowed hackers to access hidden info USA Today · Elizabeth Weise
- Billions of Devices at Risk of Attacks Because of Two Critical Hardware Bugs Softpedia News · Marius Nestor
- Google's Project Zero details CPU security flaw as well as patches for Android, Chrome, more 9to5Google · Abner Li
- Google reveals CPU security flaw Meltdown and Spectre details SlashGear · Chris Davies
- Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers The Guardian · Samuel Gibbs
- Background Information — An industry-wide issue was found … Red Hat
- CPU hardware vulnerable to side-channel attacks US-CERT
- Tech Giants Race to Address Widespread Chip Flaws Wall Street Journal
- CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU VentureBeat · Chris O'Brien
- The Complete Guide: How to Patch Meltdown and Spectre Vulnerabilities on Windows Softpedia News · Bogdan Popa
- Processor Vulnerabilities - Meltdown and Spectre Qualys Blog · Jimmy Graham
- What you need to know about the massive chip security flaw Axios · Ina Fried
- We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare The Register · Thomas Claburn
- Critical vulnerability afflicts all processor chips, not just Intel's SiliconANGLE · Mike Wheatley
- Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device? TechCrunch · Devin Coldewey
- Intel, ARM and AMD processors all impacted by new Meltdown and Spectre exploits, Google issuing patches Android Central · Dan Thorp-Lancaster
- Report: Intel chips have major security flaws, billions of devices affected UPI · Ray Downs
- Intel, AMD Chip Vulnerabilities Put Billions of Devices at Risk SecurityWeek · Eduard Kovacs
- Red Hat, tech giants move to counter major security flaws Meltdown, Spectre WRAL TechWire
- Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs The Register · Chris Williams
- Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors The Hacker News · Mohit Kumar
- Intel confirms Meltdown while Spectre hits everyone bit-tech.net · Gareth Halfacree
- Massive CPU flaws get a name: Meltdown and Spectre — what you need to know TechSpot · Julio Franco
- Meltdown and Spectre Side-Channel Vulnerabilities US-CERT
- Microsoft Releases Emergency Updates to Fix Meltdown and Spectre CPU Flaws BleepingComputer.com · Catalin Cimpanu
- Red Hat Says Security Updates for Meltdown & Spectre Bugs May Affect Performance Softpedia News · Marius Nestor
- Further details emerge explaining the nature of processor exploit Neowin · Muhammad Jarir Kanji
- What We Know So Far About Meltdown and Spectre, the Devastating Vulnerabilities in Modern CPUs Gizmodo
- EXPLAINED: ‘Meltdown’ and ‘Spectre’ … Business Insider · Matt Weinberger
- Researchers reveal Meltdown and Spectre CPU exploits The Tech Report · Jeff Kampman
- Spectre and Meltdown: Details you need on those big chip flaws CNET · Laura Hautala
- Intel, cloud vendors shed more light on two major chip security issues that emerged this week GeekWire · Tom Krazit
- Major chip flaws affect billions of devices CNNMoney · Selena Larson
- Here's what you need to know about the security flaw that could affect almost every computer CNBC · Matt Rosoff
- Most processors produced since 1995 have a flaw that could let hackers steal sensitive information Quartz · Mike Murphy
- ‘Meltdown’ and ‘Spectre’ FAQ: What Mac and iOS users need to know about the Intel, AMD, and ARM flaw iMore · Rene Ritchie
- How to protect your PC against the major ‘Meltdown’ CPU security flaw The Verge · Tom Warren
- The “Meltdown” bug is hitting Intel's shares hard, while rival AMD is soaring Quartz · Joon Ian Wong
- Two severe vulnerabilities found in Intel's hardware Kaspersky Lab official blog · Jornt van der Wiel
- Major Linux redesign in the works to deal with Intel security flaw ZDNet · Steven J. Vaughan-Nichols
- Researchers Discover Two Major Flaws in the World's Computers - The New York Times Peter O'Kelly's Reality Check · Peter O'Kelly
- Microsoft rolling out an emergency fix for the Intel kernel flaw today Neowin · Muhammad Jarir Kanji
- Intel Processor Bug Leaves All Current Chips Vulnerable And Its Fix Saps Performance [Updated] Forbes · Dave Altavilla
- Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer Microsoft Edge Dev Blog
- Mitigations landing for new class of timing attack Mozilla Security Blog · Luke Wagner
- Re: Avoid speculative indirect calls in kernel lkml.org · Linus Torvalds
- ‘Spectre’ and ‘Meltdown’: New CPU vulnerabilities affect most smartphones and computers Android Authority · Gary Sims
- Will Huge Chip Vulnerabilities Lead To Mass Intel, AMD And ARM Recalls? Forbes · Thomas Fox-Brewster
- Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks BleepingComputer.com · Catalin Cimpanu
- Microsoft Details Windows Security Update Addressing Meltdown & Spectre Flaws Softpedia News · Bogdan Popa
- All about Spectre and Meltdown, the security bugs setting the tech world on fire Silicon Republic · John Kennedy
- Microsoft mitigates JavaScript vulnerabilities in Edge and Internet Explorer Neowin · Boyd Chan
- Microsoft explains changes made to Edge to address Spectre vulnerability MSPoweruser · Surur
- MS-DEFCON 2: Batten down the hatches, there's a kernel patch headed your way AskWoody · Woody
- Major Intel, Arm chip security flaw puts your PCs, phones at risk CNET · Shara Tibken
- Intel Says Range of Chips Vulnerable to Hack, Denies ‘Bug’ Bloomberg · Ian King
- Microsoft issues an emergency fix for Windows 10 to address processor bug BetaNews · Mark Wycislik-Wilson
- Some notes on Meltdown/Spectre Errata Security · Robert Graham
- heads up: Fix for intel hardware bug will lead to performance regressions PostgreSQL news
- Intel CPU Bug Performance Loss Reports Are Premature Tom's Hardware · Paul Alcorn
- Google reveals trio of speculative execution flaws, says AMD affected ZDNet · Chris Duckett
- Rush to fix ‘serious’ computer chip flaws BBC
- Massive Security Flaw Could Affect Almost Every Computer NBC Bay Area
- Intel, ARM, and AMD processors all impacted by new Meltdown and Spectre exploits iMore · Dan Thorp-Lancaster
- Microsoft to release emergency Windows Update to address Intel, AMD processors security concerns On MSFT · Arif Bacchus
- Microsoft just issued a fix for that big Intel processor vulnerability Mashable · Jack Morse
- Meltdown and Spectre: Chip hack gets a name, emergency patch and official statement from Microsoft MSPoweruser · Surur
- Meltdown and Spectre CPU flaws threaten PCs, phones and servers Engadget · Richard Lawler
- New details emerge on severe processor flaw affecting Windows, macOS, and Linux The Verge · Russell Brandom
- Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated] MacRumors · Juli Clover
- Intel CEO sold millions in stock after company was informed of vulnerability, before disclosure MarketWatch · Jeremy C. Owens
- Intel's CEO reportedly sold shares after the company already knew about massive security flaws CNBC · Saheli Roy Choudhury
- Intel Says CEO Dumping Tons of Stock Last Year ‘Unrelated’ to Big Security Exploit Gizmodo · Harrison Weber
- Intel CEO Sold Off $24M in Stock After Google Reported Chip Vulnerability Softpedia News · Bogdan Popa
- Intel CEO: Google discovered the chip problem ‘months ago’ Business Insider · Antonio Villas-Boas
- Intel CEO share sale under the spotlight Seeking Alpha · Yoel Minkoff
- Microsoft releases Windows 10 builds 16299.192, 15063.850 - here's what's new Neowin · Rich Woods
- Microsoft pushing out emergency fix for newly disclosed processor exploit Windows Central · Dan Thorp-Lancaster
- A few short hours ago, we noted that Microsoft was planning … On MSFT · Arif Bacchus
- Microsoft issues emergency Windows update for processor security bugs - The Verge Peter O'Kelly's Reality Check · Peter O'Kelly
- Microsoft is already fixing the big chip bug — here are the Windows PCs that will be most affected Business Insider · Matt Weinberger
- CPU flaw: Key details of the huge processor problem [Fixes are here!] SlashGear · Chris Burns
- AWS, Microsoft, Google and more respond on chip vulnerability issue cloudcomputing-news.net · James
- Google: Almost All CPUs Since 1995 Vulnerable To “Meltdown” And “Spectre” Flaws BleepingComputer.com · Catalin Cimpanu
- ARM security update suggests some iPhones, iPads, iPods and Apple TVs may be affected 9to5Mac · Ben Lovejoy
- Intel Responds to Security Research Findings Intel Newsroom · Jjcasey
- Arm Processor Security Update ARM Developer
- Older, jailbroken iPhones or Apple TVs possibly susceptible to CPU kernel vulnerability AppleInsider · Mike Wuerthele
- Apple's iPhone Could Also Be Affected by Meltdown and Spectre Vulnerabilities Softpedia News · Bogdan Popa
- Security flaws put virtually all phones, computers at risk Reuters
- Tech Giants Address Critical CPU Vulnerabilities SecurityWeek · Eduard Kovacs
- ARM Security Update Suggests Several iPhones, iPods, iPads, and Apple TVs Could Be Vulnerable … iPhone Hacks · Chethan Rao
- Security Flaw Puts Most Connected Devices At Risk PYMNTS.com
- Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk MacDailyNews
- Microsoft updating Win10 today with “special fix” for the Kernel Memory Vulnerability AskWoody · Woody
- Intel, ARM and AMD chip scare: What you need to know BBC
- AMD Says ‘Near Zero Risk’ to Its Chips Barron's Online · Tiernan Ray
- AMD rebukes Intel, says flaw poses ‘near-zero risk’ to its chips CNBC · Jordan Novet
- AMD Contradicts Intel and Says Its CPUs Are at Zero Risk from Hardware Flaw Softpedia News · Silviu Stahie
- Intel chip security flaw: Here's all you need to know about ‘Meltdown’ and ‘Spectre’ Firstpost · Nimish Sawant
- Intel Acknowledges Chip-Level Security Vulnerability In Processors NPR · Scott Neuman
- A Critical Intel Flaw Breaks Basic Security for Most Computers Wired · Andy Greenberg
- AMD Quickly Rebukes Intel's Characterization of the Chip Flaw and says their Chips pose ‘Near-Zero Risk’ Patently Apple · Jack Purcher
- A Message About Intel Security Findings The DigitalOcean Blog · Josh Feinblum
- Intel issues statement on security flaw, notes that AMD and ARM chips are also vulnerable BGR · Yoni Heisler
- Intel Denies Reports of Huge Performance Dip Due to Patches for CPU Security Bug BleepingComputer.com · Catalin Cimpanu
- Intel responds to reports of processor security flaw, says other manufacturers are affected Windows Central · Dan Thorp-Lancaster
- Security flaw found in Intel chips may also affect AMD and ARM processors The Next Web · Rachel Kaser
- Dow, Nasdaq, S&P Hit Record Closes TheStreet · Anders Keitz
- Design flaw found in Intel chips; fix causes them to slow: report Reuters
- Intel release statement on serious chip vulnerability MSPoweruser · Surur
- Intel doesn't expect massive vulnerability to hit bottom line Axios · Ina Fried
- AMD: Processor exploit is ‘near-zero’ risk to its chips Seeking Alpha · Jason Aycock
- Massive Intel CPU Bug Leaves Kernel Vulnerable, Slows Performance: Report ExtremeTech · Joel Hruska
- Intel working to fix security flaw in its chips without slowing computers Reuters
- Intel responds to the CPU kernel bug, downplaying its impact on home users PCWorld · Mark Hachman
- Intel CEO: We believe we have the right fixes for security exploit CNBC · Anita Balakrishnan
- Intel's bug response: It's not just us! [UPDATE: AMD, ARM, Google statements] SlashGear · Chris Burns
- What's behind the Intel design flaw forcing numerous patches? Ars Technica · Peter Bright
- Intel Says Security Bug Not Specific to its Processors EE Times · Dylan McGrath
- Intel says memory security issue extends beyond its own chips (updated) Engadget · Jon Fingas
- Intel's memory access vulnerability addressed by Apple in macOS 10.13.2 iDownloadBlog.com · Andrew O'Hara
- Intel responds to security vulnerability, calling out AMD and ARM Neowin · Rich Woods
- Report: All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw Gizmodo · Tom McKay
- Intel issues statement on security vulnerability Liliputing · Brad Linder
- Intel Security Issue Engulfs Apple, Microsoft, Linux—Intel Claims Other Processors Also Affected The Mac Observer · Bryan Chaffin
- Apple has partially repaired effects of Intel “KPTI” … O'Grady's PowerPage · Chris Barylick
- Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw AppleInsider · Mike Wuerthele
- Security flaw found in Intel chips; fix could slow down older computers: report Mercury News
- ‘Spectre’ and ‘Meltdown’ CPU vulnerabilities become public, most Google products already protected Android Police · Corbin Davenport
- Apple's macOS 10.13.2 Partially Patches That Nasty Intel CPU Security Flaw Softpedia News · Marius Nestor
- Intel Officially Responds to Inaccurate Media Reporting on its Products and is Working with AMD and ARM on the issue Patently Apple · Jack Purcher
- Intel responds to CPU security flaw as macOS 10.13.2 said to include fix for Macs 9to5Mac · Chance Miller
- Intel's Security Flaw Is Messy, But Probably Not a Reason to Panic TheStreet · Eric Jhonsa
- Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw MacDailyNews
- Early Data Shows Linux Update to Fix Intel Security Flaw Hits Performance Hard ExtremeTech · Joel Hruska
- Spectre and Meltdown Attacks Schneier on Security · Bruce Schneier
- List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates BleepingComputer.com · Lawrence Abrams
- KPTI Intel Chip Flaw Exposes Security Risks eWeek · Sean Michael Kerner
Discussion
-
@stevesi
@stevesi
on x
Google Online Security Blog:Today's CPU vulnerability: what you need to know https://security.googleblog.com/ ... via @google STEP 1: “To take advantage of this vulnerability, an attacker first must be able to run malicious code on the targeted system.”
-
@fioraaeterna
Atelier Fiora
on x
okay i actually f**king LOVE this bug so much omg. this is even better than i thought it was. sorry, i apologize, i'm gonna fangirl a little bit here sorry https://twitter.com/...
-
@bryanbma
Bryan Ma
on x
Busy morning talking abt Meltdown/Spectre. My quick take: Meltdown should be contained quickly via patches. Agree w/INTC that most users won't likely feel perf hit. But bigger Q is Spectre's long term impact to chip design
-
@stevesi
@stevesi
on x
Yes. Re-reading this would be good for many people right now. The reason this is not the same level of issue across platforms is because of how much more difficult it is to get malicious code onto machines. https://twitter.com/...
-
@bittrexexchange
Bittrex
on x
Azure accelerated a planned reboot due to the public Intel disclosure. Wallets will be online again once they complete post reboot audits. http://azure.microsoft.com/...
-
@lizthegrey
Liz Fong-Jones
on x
Just to correct: ChromeOS 63 is protected. Chrome desktop 64 *will be* protected but chrome desktop 63 requires: “Full Site Isolation can be turned on by enabling a flag found at chrome://flags/#enable-site-per- process.” http://support.google.com/...
-
@gossithedog
Kevin Beaumont
on x
Azure statement, they're rebooting customer VMs to patch hypervisor layer, expect little performance impact. http://azure.microsoft.com/...
-
@mjg59
Matthew Garrett
on x
This (from http://developer.arm.com/...) reads uh pretty badly tbh. If exploitation via Javascript is viable then you can't put the onus on users to avoid malicious Javascript. http://twitter.com/...
-
@andrewwrites
Andrew Cunningham
on x
Keep your phones and computers updated to avoid the worst of these processor-related security flaws, but at least one of them apparently CAN'T be fixed with software: http://googleprojectzero.blogspot.com/ ... http://twitter.com/...
-
@rlove
Robert Love
on x
[THREAD] The details of the CPU vulnerability are now public. Through flaws in speculative execution, which is a CPU optimization, malicious code may read from (but not write to) memory of which they should not have access. 1/5 http://security.googleblog.com/ ...
-
@grittygrease
Nick Sullivan
on x
The first computer security must-read of 2018: http://googleprojectzero.blogspot.co.uk / ...
-
@k8em0
Katie Moussouris
on x
Especially appropriate guidance from the researchers, who coordinated w the vendors on these bugs. “we believe that the processor vendors are in a much better position than we are to design & evaluate mitigations, and we expect them to be the source of authoritative guidance” htt…
-
@laparisa
Parisa Tabriz
on x
Incredible research by @tehjh of Google Project Zero forthcoming soon: http://security.googleblog.com/ ...
-
@selenalarson
Selena Larson
on x
Google on the CPU flaws, said they reported to chipmakers in June https://googleprojectzero.blogspot.co.u k/ ...
-
@campuscodi
Catalin Cimpanu
on x
Android Security Bulletin for January 2018 is out http://source.android.com/... http://twitter.com/...
-
@tomwarren
Tom Warren
on x
Google confirms its Project Zero team disclosed processor vulnerabilities. Says CPUs from AMD, ARM, and Intel are affected https://security.googleblog.com/ ...
-
@attritionorg
Sciuridae Hero
on x
CERT brings the harsh truth. #Meltdown #Spectre pic.twitter.com/UFPiYA39hd
-
@nicoleperlroth
Nicole Perlroth
on x
1. Apparently I don't know how to thread, so here goes my second attempt at blasting you with critical news on this “Intel Chip problem” which is not an Intel problem but an entire chipmaker design problem that affects virtually all processors on the market.
-
@albertwenger
Albert Wenger
on x
Meltdown and Spectre Vulnerabilities are Good ... for Innovation http://continuations.com/... http://twitter.com/...
-
@agl__
Adam Langley
on x
Architecture researchers: having caches be implicit was a decision; it doesn't have to be that way. Perhaps high-speed memories can be exposed in the address space with fixed timings at each level of the hierarchy. (1/4)
-
@dnvolz
Dustin Volz
on x
US-CERT says it is not aware of any active exploitation of Meltdown or Spectre https://twitter.com/...
-
@migueldeicaza
Miguel de Icaza
on x
Amazing: Mozilla confirms that the leak attack can be exploited from JavaScript. Update your browsers too. https://blog.mozilla.org/...
-
@malwarejake
Jake Williams
on x
Meltdown and Spectre will be a case study in how to totally screw up a vulnerability embargo. I wonder if this will discourage researchers from responsibly disclosing critical vulnerabilities in the future. http://meltdownattack.com/
-
@micahflee
Micah Lee
on x
The CPU vulnerability embargo was supposed to be Jan 9, but due to leaked details and public speculation, Google published about it today. And now it has branded bug website: http://meltdownattack.com/
-
@stephennellis
Stephen Nellis
on x
The one that works against Intel only is Meltdown, and the AMD/ARM/Intel one is Spectre. Read more here: https://meltdownattack.com/ and https://spectreattack.com/
-
@briankrebs
@briankrebs
on x
Leaving aside the brilliance of the people that found this Intel bug, may I submit that perhaps coining threat names and invoking cute icons is a gratuitous and disingenuous way to get people to care about an impossibly arcane flaw that they in all likelihood can't do much about?
-
@ow
@ow
on x
Oh God it has a logo http://meltdownattack.com/ http://twitter.com/...
-
@micahflee
Micah Lee
on x
It's a nitpick, but the Meltdown patch doesn't affect download speeds it all. It changes how fast your CPU can execute instructions and do math. Online services like streaming will only be affected if the web app is JavaScript heavy http://nytimes.com/... http://twitter.com/...
-
@tomwarren
Tom Warren
on x
Microsoft says most of its Azure customers “should not see a noticeable performance impact” due to the patches https://azure.microsoft.com/ ...
-
@_jonasschnelli_
Jonas Schnelli
on x
The current privileged memory side channel attacks just confirms what many Bitcoin users already “know” (feel): * Don't trust your PC. * Don't think applications (and private keys) are shielded * Use a hardware wallet Background: http://blog.mozilla.org/... http://googleprojectze…
-
@aras_p
@aras_p
on x
Just about when WebGL was to get multi-threading capabilities, boom, Spectre and Meltdown happen (http://googleprojectzero.blogspot.lt/ ...), and both Firefox and Chrome disable SharedArrayBuffers (http://blog.mozilla.org/... and http://www.chromium.org/...). Sad :(((
-
@jschauma
Jan Schaumann
on x
The way #spectre / #meltdown trickle down to browser security is seriously scary. http://blog.mozilla.org/... “... experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins.”
-
Phoronix
Michael Larabel
on x
Linux Gaming Performance Doesn't Appear Affected By The x86 PTI Work
-
@k8em0
Katie Moussouris
on x
Today, infosec Twitter (re)learned the following are hard: 1. Fixing design bugs in chips 2. Multiparty Coordinated Vuln Disclosure 3. Differentiating authoritative fact vs speculative hype 4. Holding embargoes 5. Naming things so they don't sound goofy #Meltdown #Spectre pic.twi…
-
@internetofs**t
Internet of S**t
on x
Apple: we're slowing down processors cause your battery might be bad Intel: pic.twitter.com/qBR1MpcNXz
-
@nicoleperlroth
Nicole Perlroth
on x
2. Christmas didn't come for the computer security industry this year. A critical design flaw in virtually all microprocessors allows attackers to dump the entire memory contents off of a machine/mobile device/PC/cloud server etc.
-
@swiftonsecurity
@swiftonsecurity
on x
The CPU issues today are immensely interesting and consequential, but I hesitate hyping this to the public. Same as always: Make sure autoupdates are on and working. People have been working on addressing this for six months. It's not a surprise to the people defending you.
-
@nicoleperlroth
Nicole Perlroth
on x
6) Now, Meltdown and Spectre, show that it is possible for attackers to exploit these design flaws to access the entire memory contents of a machine. The most visceral attack scenario is an attacker who rents 5 minutes of time from an Amazon/Google/Microsoft cloud server and
-
@nicoleperlroth
Nicole Perlroth
on x
17. Google says its systems have been updated to defend against Meltdown https://security.googleblog.com/ ... . Microsoft issued an emergency update today. Amazon said it protected AWS customers running Amazon's tailored Linux version, and would roll out the MSFT patch for other …
-
@gossithedog
Kevin Beaumont
on x
If you're a business relying on virtualisation security for boundaries, eg you're a cloud provider, drop everything and patch. If you're a regular business, follow your regular patching process when patches are available. If you're a consumer, let OS apply usual patches.
-
@nicoleperlroth
Nicole Perlroth
on x
15. The flaws were originally discovered last June by a researcher at Google Project Zero (shout out @ Jann Horn) and then separately by Paul Kocher and a crew of highly impressive researchers at Rambus and academic institutions. Originally public disclosure was set for next week
-
@zackwhittaker
Zack Whittaker
on x
This is a crazy bad bug, affecting two-decades worth of Intel chips and some ARM chips, that can let an attacker steal data from the memory of running apps, such as data from password managers, browsers, emails, and photos and documents. http://zd.net/2lSEtKF pic.twitter.com/5YEU…
-
@erratarob
@erratarob
on x
So the #meldown steps are: 1. Load a byte of memory from kernel. This crashes. 2. Use that byte to load one of 256 cache-lines. This happens before the crash is registered, so while the data is discarded, the data is still cached. 3. Measure which of the 256 cache-lines are fast
-
@aallan
Alasdair Allan
on x
So that's proof of concept for the #IntelBug. That's potentially game over for every Intel processor manufactured in the last 10 years, slowdowns could be between 5 and 30% after patching, http://www.theverge.com/.... http://twitter.com/...
-
@tomwarren
Tom Warren
on x
It constantly feels like we're edging closer to a tech doomsday scenario. The Wi-Fi attack vulnerability was less than 3 months ago, and now we have two major flaws in processors. What's next?
-
@kimzetter
Kim Zetter
on x
For those looking for basic info about whether they're affected by the Intel bug, scroll to bottom of this page put together by the researchers who discovered it - https://meltdownattack.com/ pic.twitter.com/JTRykdSbjv
-
@mattblaze
Matt Blaze
on x
Meltdown and Spectre are serious problems. I look forward to seeing the innovative ways in which their impact will be both wildly exaggerated and foolishly dismissed over the coming weeks.
-
@pwnallthethings
@pwnallthethings
on x
The Intel bug is a really cool bug that took a lot of work to find, exploit and fix, but most folks don't need to do anything other than install OS updates when they arrive.
-
@nicoleperlroth
Nicole Perlroth
on x
4. We're dealing with two serious threats. The first is isolated to #IntelChips, has been dubbed Meltdown, and affects virtually all Intel microprocessors. The patch, called KAISER, will slow performance speeds of processors by as much as 30 percent.
-
@martinsfp
Martin Bryant
on x
Well this is a hot mess. http://twitter.com/...
-
@tomwarren
Tom Warren
on x
Google was planning to disclose next week with the rest of the industry, but “existing public reports and growing speculation in the press and security research community about the issue” pushed them to publish today.
-
@internetofs**t
Internet of S**t
on x
Every Intel processor since 1995 has a critical security flaw. Good news: - it's kinda sorta patched Bad news: - the patch slows down your machine - you can't avoid the patch http://www.zdnet.com/...
-
@ow
@ow
on x
Oof. Critical Intel bug affects processors all the way back to 1995. Patches out today. http://www.zdnet.com/...
-
@alexeheath
Alex Heath
on x
- Intel was made aware of materially impactful chip vulnerability in June 2016 - CEO unloads $24m in stock in November to meet only bare minimum of shares he's required to hold - Intel won't confirm whether CEO knew of vulnerability when he sold How is this not insider trading?
-
@swiftonsecurity
@swiftonsecurity
on x
Azure got the Windows CPU fix first, they're not seeing issues: “We've worked to optimize the CPU and disk I/O path and are not seeing noticeable performance impact after the fix has been applied.” https://azure.microsoft.com/ ...
-
@tomwarren
Tom Warren
on x
If you have an Intel Skylake or newer processor you shouldn't experience slow downs due to the firmware and software updates. If you have an older CPU... cross your fingers. http://www.theverge.com/...
-
@briankrebs
@briankrebs
on x
Right, so this is the upshot of the Intel flaw, as it relates to cloud services that the entire internets relies upon: “We apologize for the disruption. This is only a test. If this had been an actual emergency, you'd be totally fscked.”
-
@pressed250
Bruce Kleinman
on x
And the “disruptions” are being scheduled RSN: - Microsoft's Azure cloud will undergo maintenance and reboots on January 10, presumably to roll out the above fixes - Amazon Web Services also warned customers via email to expect a major security update to land on Friday this week
-
@selenalarson
Selena Larson
on x
So is Intel saying all chips that perform speculative execution are affected? That would be .... a lot http://twitter.com/...
-
@atbwebb
Alex Webb
on x
The silence from Apple on this Intel issue is deafening. Not responding to calls or messages seeking comment.
-
@sharatibken
Shara Tibken
on x
Here's what @Arm says about the chip exploit also impacting @Intel. The flaw could be used in mobile chips based on ARM, but typically not IOT devices using different chip tech. Vast majority of world's phones use ARM-based chips. Including @Apple, @Samsung pic.twitter.com/946p79…
-
@nicoleperlroth
Nicole Perlroth
on x
11. Chipmakers like Intel will have to do a full recall— unclear if there's even manufacturing capacity for this— OR customers will have to wait for secure processors to reach the market, and do their own risk analysis as to whether they need to swap out all affected hardware.
-
@cloud_opinion
Cloud Opinion
on x
Do any self driving cars use Intel chips?
-
@timgostony
Tim Gostony
on x
Impact of the patch for the Intel bug on my AWS EC2 instances running Linux, a t1.micro and m3.medium. #KPTI pic.twitter.com/n3uZsZ38iV
-
@internetofs**t
Internet of S**t
on x
bugs, ranked Heartbleed: whoops, the internet is burning Shellshock: oh no, bash is broken sorry Meltdown/spectre: we had a nuclear reactor accident twenty years ago and just found it uhhhh yeah good luck
-
@eastdakota
Matthew Prince
on x
And if it turns out AMD isn't vulnerable to this bug (and the tech folks around here think think they're likely not) then this press release (on which $AMD fell and $INTC recovered) will come to haunt Intel. #ugly http://newsroom.intel.com/...
-
@nicoleperlroth
Nicole Perlroth
on x
4) Spectre is harder to exploit, but has no easy fix, and is far more pervasive. Researchers say it is highly likely the threat from Spectre will be with us for the decade to come.
-
@dguido
Dan Guido
on x
If you have an Intel CPU with the “PCID” feature, then the security fix for Spectre/Meltdown will have less performance overhead. On macOS, check if you have PCID by opening a terminal and running: ‘sysctl machdep.cpu.features | grep -o PCID’ pic.twitter.com/C6aFBbaU8D
-
@internetofs**t
Internet of S**t
on x
Here's a thread of AWS customers saying their CPU went to s**t when Amazon quietly patched this out this week https://forums.aws.amazon.com/ ...
-
@dinabass
Dina Bass
on x
Intel says it sees no material impact to its business
-
@nicoleperlroth
Nicole Perlroth
on x
3) Meltdown presents an urgent crisis and administrators need to implement the KAISER patch ASAP (even though it will slow performance speeds by as much as 30%), but the Spectre flaw is far more pervasive and will require a complete rearchitecture of virtually all microprocessors
-
@nicoleperlroth
Nicole Perlroth
on x
1) The #IntelChip is only one piece of a much bigger security problem. There are two critical security flaws in microprocessors. The first, called Meltdown, affects virtually all Intel microprocessors.
-
@nicoleperlroth
Nicole Perlroth
on x
2) The second, dubbed Spectre, is a design flaw that affects virtually all modern microprocessors (not just Intel, but AMD and ARM) and has NO PATCH.
-
@gossithedog
Kevin Beaumont
on x
Reason I haven't commented on Intel CPU issue - detail is behind a non-disclosure, few people have signed it (incl me), there's little detail in public, erik's PoC people are highlighting is just a screenshot. Ultimately: it's patchable.
-
@suka_hiroaki
Andreas Proschofsky
on x
Wow. What a highly unprofessional response. Angrily written counter-arguments to arguments nobody made. Also: PR spin galore. And oh: The media is totally evil. Suprised to see put out something like that by such a big company. http://twitter.com/...
-
@never_released
Longhorn
on x
https://newsroom.intel.com/... “Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect.” is wrong, it's at worst a KASLR bypass on other manufacturers, not a kernel memory read like Intel here.
-
@donal888
Don Clark
on x
Intel disputes the notion that there is a bug in its chips—cites research into software issues. But it is issuing fixes. http://newsroom.intel.com/...
-
@swiftonsecurity
@swiftonsecurity
on x
Props to the AMD PR department this last week.
-
@iblametom
Thomas Fox-Brewster
on x
AMD says it's not affected. From researcher re AMD being affected: “Spectre works super reliably on AMD. We wrote that in the paper and on the website.” https://www.forbes.com/...
-
@aionescu
Alex Ionescu
on x
Official AMD response shows that they _are_ susceptible to at least some of these variants, so again, Intel's response was *not* dishonest, just cleverly crafted. This is a design-level issue affecting many, many chip vendors. https://twitter.com/...
-
@internetofs**t
Internet of S**t
on x
Here's AMD claiming it's not affected and Google VERY SPECIFICALLY saying it is. Turns out we're all screwed. pic.twitter.com/0GGktFC5hw