Spectre ataca novamente, mais 08 vulnerabilidades sendo 04 críticas. Welcome Back!!!

1. Spectre ataca novamente, mais 08 vulnerabilidades sendo 04 críticas. Welcome Back!!!

Eric
Grinder

(usa Slackware)

Enviado em 13/05/2018 - 18:48h

Então, após todo aquele bafafa dos do spectre/metdown. Eles atacaram novamente, nem se quer corrigiram os problemas passados e já vieram novas.

News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities are grouped and named as Spectre-ng. The newly discovered vulnerabilities would make it really easy to exploit a host from a simple VM.

German c't / Heise reports and breaks the news today, as the new vulnerabilities have not been made public just yet. There would be 'no doubt' that these are real vulnerabilities. While technical details are missing, the attack scenarios resemble close to what the Spectre vulnerabilities are.

Currently, most at risk are shared hosting providers, once you have access to your rented server-container, you could exploit the processor to retrieve secure data. All eight vulnerabilities share the same design problem that the "Meltdown and Spectre" vulnerabilities detailed as well - they are, so to speak, Spectre Next Generation ergo Spectre NG. c't mentions they have concrete information about Intel's processors and their patch plans. However, there are some indications that other processors are affected as well, at least some ARM CPUs are also vulnerable to some extent. Further research into whether and to what extent the AMD processor architecture is vulnerable at (if at all), is not yet known.

Intel is reportedly actively and nervously working on Spectre NG patches behind the scenes; other patches are developed in collaboration with the operating system manufacturers (Microsoft / Linux etc). When exactly the first Spectre NG patches and firmware updates will become available is not yet clear. According to information, Intel is planning at least two patch waves: a first one should start in May; a second is currently scheduled for August. For at least one of the Specter NG patches is already a specific date as it was Google's Project Zero that has found one of the vulnerabilities, on May 7 - the day before the Windows Patchday - the 90-day warning period expires. So it's likely that when the first patch would be released for Microsoft Windows. Microsoft is preparing CPU patches: they appear to be in the form of optional Windows updates, and not so much microcode updated (firmware). The PC motherboard and server manufacturers probably need too long for BIOS updates.

Intel classifies four of the Specter NG vulnerabilities as "high-risk"; which in Intel language is translated as: super dangerous. The danger of the other four is rated as medium. According to c't/Heise, Specter-NG risks and attack scenarios are similar to those of Specter - with one exception. C't calls the Intel vulnerabilities and their procs a Swiss Cheese due to the many security holes.


Source: http://www.guru3d.com/news-story/eight-new-spectre-variant-vulnerabilities-for-intel-discovered-four...


  


2. Re: Spectre ataca novamente, mais 08 vulnerabilidades sendo 04 críticas. Welcome Back!!!

Tio do Toldo
Tio_do_Toldo

(usa Debian)

Enviado em 13/05/2018 - 19:40h

Dentre essas novas brechas foi encontrada alguma que afete o usuário doméstico?


3. Re: Spectre ataca novamente, mais 08 vulnerabilidades sendo 04 críticas. Welcome Back!!!

Giovanni  M
Giovanni_Menezes

(usa Devuan)

Enviado em 13/05/2018 - 19:58h

Essas correções jamais deveriam vir por software, mas como não tem outro jeito, ao menos, os desenvolvedores de sistemas deveriam exigir da Intel e demais fabricantes de cpu's uma contra partida, paralisar a produção de cpus até que tenham em mãos ao menos um protótipo funcional de cpu com respectivo novo design.

É o mínimo que deveria ser feito, porque do jeito que esta, com correções e mais correções, jogando tudo na 3unD@ dos desenvolvedores de sistemas, com possivelmente mais queda de desempenho e nenhuma ação realmente enérgica e definitiva, é uma imoralidade, um verdadeiro crime!

--------------------------------------------------------------------------
Somente o Software Livre lhe garante as 4 liberdades.
Open Source =/= Free Software.
https://encurtador.com.br/CGNU5
http://www.anahuac.eu/contrarrevolucao-osi/

***Diga NÃO ao consumo desenfreado de memoria ram das interfaces gráficas***
http://webm.land/media/nzgR.webm






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts