Author |
Message |
Corrine
|
Posted: Tue Mar 27, 2018 7:15 pm |
|
|
welcoming committee |
|
Joined: Sun Mar 04, 2018 5:26 pm Posts: 54 Location: Upstate NY
|
Here we go again. Intel CPUs Vulnerable to New 'BranchScope' Attack | SecurityWeek.ComQuote: Researchers have discovered a new side-channel attack method that can be launched against devices with Intel processors, and the patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks.
The new attack, dubbed BranchScope, has been identified and demonstrated by a team of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University.
Similar to Meltdown and Spectre, BranchScope can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code. More at the source.
_________________ Take a walk through the "Security Garden" -- Where Everything is Coming up Roses! Remember - A day without laughter is a day wasted. May the wind sing to you and the sun rise in your heart.
|
|
|
|
|
Peter2150
|
Posted: Wed Mar 28, 2018 9:47 am |
|
|
welcoming committee |
Joined: Sun Apr 15, 2012 5:52 pm Posts: 970
|
Yawn!!. Did you read the article. For most individual users this is a big so what. For the exploit to be run you have to have access to the actual computer, AND you have to run special code. Think about it!
|
|
|
|
|
JoanA
|
Posted: Wed Mar 28, 2018 12:28 pm |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
The quote Corrine posted did say it needed access to the actual machine and that you needed to be able to run code, so I'd assume she did read the article, I've not known her to post anything that she thought unimportant.
|
|
|
|
|
jaylach
|
Posted: Thu Mar 29, 2018 3:58 am |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9438 Location: The state of confusion; I just use Wyoming for mail.
|
I say this tongue in cheep but I DO tend to like AMP processors. Not only are they cheaper for the buck but are a lesser target for these types of attacks. Thank you for the info Corrine.
|
|
|
|
|
JoanA
|
Posted: Thu Mar 29, 2018 8:59 am |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
jaylach wrote: I say this tongue in cheep but I DO tend to like AMP processors. Not only are they cheaper for the buck but are a lesser target for these types of attacks. Thank you for the info Corrine. After most of the machines I've had have been Intel this new HP I've got is AMD, not sure what the latest version is but mine is AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G 3GHz.
|
|
|
|
|
Peter2150
|
Posted: Thu Mar 29, 2018 11:46 pm |
|
|
welcoming committee |
Joined: Sun Apr 15, 2012 5:52 pm Posts: 970
|
Well the funny (or not so funny ) part about all this is there have been quiet a few patches put for all this stuff, and in some cases the patches have caused more problems.
Unless you are totally reckless with your computers and what you open you really don't need to worry about it.
It's kind of like the horrible exploits you read about. One good example is Powershell. Microsoft has blessed us all with the gem. I've studied this beast and what it comes down to is if someone can get a power shell script on your system and run it they own you, and no security software will help. BUT...to get it on your system you have to do something very foolish with your email or open a speadsheet and allow a macro, you are totally safe.
|
|
|
|
|
|