Jan 03 2018

“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws

Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it's been clear that Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it. But nobody knew quite what the problem was, leading to lots of speculation and experimentation based on pre-releases of the patches.

Now we know what the flaw is. And it's not great news, because there are in fact two related families of flaws with similar impact, and only one of them has any easy fix.

The flaws have been named Meltdown and Spectre. Meltdown was independently discovered by three groups—researchers from the Technical University of Graz in Austria, German security firm Cerberus Security, and Google's Project Zero. Spectre was discovered independently by Project Zero and independent researcher Paul Kocher.

Read 14 remaining paragraphs | Comments

Jun 15 2016

New Flash zero-day exploited in targeted attacks

Symantec customers protected against critical vulnerability (CVE-2016-4171) due to be patched tomorrow.

続きを読む
Apr 28 2016

BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records

So another data breach, and no surprise here, but another dating site. This time the BeautifulPeople.com Leak has exposed 1.1 million customer records, including 15 million private messages sent between users. Not so private now is it. And no surprise either the entry point for this leak, was the not-so excellent NoSQL database MongoDB which...

Read the full post at darknet.org.uk
Apr 06 2016

New Flash zero-day exploited by attackers in the wild

Patch due to be published this week for critical new Adobe Flash vulnerability CVE-2016-1019.

続きを読む