![]() ![]() Affordable accessories that'll pair perfectly with your PCĮvery one of these awesome PC accessories will enhance your everyday experience - and none cost more than $30. That raises concerns that the attacks could be used on potentially millions of machines around the world to access sensitive data before they are patched, if at all. While fixes may be starting to become available, it will take time for them to be applied to PCs and servers affected by the four variants. In a statement to Wired, a Microsoft spokesperson said, "We're aware of this industry-wide issue and have been working closely with affected chip manufacturers to develop and test mitigations to protect our customers." While Intel rates the attacks as "low to medium" in severity, researchers from the institutions that discovered the attacks told Wired that they could "reliably dig through that raw output to find the valuable information they sought."įor its part, Microsoft shipped a fix for Windows PCs today. However, Intel and the researchers disagree on the severity of the flaw. The company also says some processors shipped in last month have fixed the vulnerability. In speaking with Wired, Intel says its own researchers discovered the flaw last year and it now has fixes available at the hardware and software level. 2:23 PM Triple Meltdown: How So Many Researchers Found a 20-Year-Old Chip Flaw at the Same Time The uncanny coincidences among the Meltdown and Spectre discoveries raise. Those who discovered the attacks include researchers from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and Cyberus, BitDefender, Qihoo360 and Oracle, Wired says. If executed quickly in succession, a hacker could gather enough random data to piece together everything from passwords to the keys used to decrypt hard drives. Unlike Meltdown, which used speculative execution to grab sensitive data sitting in memory, MDS attacks focus on the buffers that sit between a chip's components, such as between a processor and its cache, the small portion of memory allotted to the processor to keep frequently accessed data close at hand.Įach variant of the attack can be used as a gateway into viewing raw data that passes through a processor's cache before it is tossed discarded through the speculative execution process. In these new cases, researchers found that they could use speculative execution to trick Intel's processors into grabbing sensitive data that's moving from one component of a chip to another. And while the set of four attacks all operate in a similar manner to Meltdown and Spectre, these new MDS attacks (ZombieLoad, Fallout, and RIDL) appear to be easier to execute. Intel has collectively dubbed the attacks "Microarchitectural Data Sampling" (MDS). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |