32 class-action suits filed against Intel over Spectre and Meltdown flaws

Enlarge / This may become the new default imagery for Spectre and Meltdown around Intel. (credit: Brian Turner / Flickr)

In its annual SEC filing, Intel has revealed that it's facing 32 lawsuits over the Spectre and Meltdown attacks on its processors. While the Spectre problem is a near-universal issue faced by modern processors, the Meltdown attack is specific to processors from Intel and Apple, along with certain ARM designs that are coming to market shortly.

Per Intel's filing, 30 of the cases are customer class-action suits from users claiming to be harmed by the flaws. While Meltdown has effective workarounds, they come with some performance cost. Workarounds for Spectre are more difficult and similarly can harm system performance.

The other two cases are securities class actions that claim that Intel made misleading public statements during the six-month period after the company was notified of the problems but before the attacks were made public.

Read 2 remaining paragraphs | Comments

Andrew Auernheimer AKA Weev Gets 41 Months Jail Time For GET Requests

This is a pretty sad case, and one which I’m sure all of us have followed since it first started. Surprisingly it hasn’t gotten a whole lot of media attention, but then this legal precedent sticks it to the man and has some consequences regarding the infosec industry – and who would want to publicize [...] The post Andrew...

Read the full post at darknet.org.uk

Hackers may face 20 years in jail if seen to threaten US national security

Prison barsThe Obama administration has been lobbying congress to increase sentences for those who break into government computer networks, or potentially endanger the country’s national security.

The request includes doubling the maximum prison sentence to 20 years behind bars, according to Reuters.

Talks on changes to the cybersecurity bill have being going on for over a year.

Recent high-profile attacks, including attacks on the CIA, the International Monetary Fund and military contractors serve to underpin the government’s concern that its cyber laws may need updating to combat today’s threat.

What complicates matters is that it’s no easy task to track down skilled hackers, as they are intent on keeping their anonymity. They could be based anywhere on the globe, and using any number of third-party machines, with or without authorisation, to mask their true location and identity.

But there’s another factor which requires consideration. Motive.

Does the US really want to spend huge amounts of resources to locate and identify a cyber prankster who wants his or her 15 minutes in the spotlight? No matter how disruptive it is to DDoS or pwn a site, should they be given the same focus as someone who is intent on threatening national security by stealing highly sensitive information?

It seems to me that there was a big difference between attacks like those perpetrated by hacktivists which brought down the CIA website, and serious organised infiltration of networks to steal confidential information.

The motivation for hacktivists may be to gain some kudos from their peers on the internet, or to show off to rival groups, or simply a case of being bored and committing a cybercrime “because they can”.

But those hacktivists who expose firms’ security weaknesses or embarrass companies for the “lulz” are not likely to be deterred by an increase in the criminal penalties. A better way to prevent them may be to make sure that your own networks and websites are in order where security is concerned.

Consider the current hacking mayhem as a wake up call. Don’t sit back and wait for arrests to happen. If you are unsure as to the quality of your network’s security, it is a pretty good time to review it. After all, it is not just your company info and reputation that is at risk, but potentially your customers, who trusted you to keep their information safe from harm.