Thursday, July 19, 2018

Microsoft offers extended support for Windows, SQL 2008: but with a catch

(credit: Marcus W / Flickr) Windows Server 2008 and 2008 R2, as well as SQL Server 2008 and 2008 R2, are due to move out of extended support over the next few years; SQL Server in July 2019,...

New Spectre-like attack uses speculative execution to overflow buffers

Enlarge (credit: Aurich Lawson / Getty Images) When the Spectre and Meltdown attacks were disclosed earlier this year, the expectation was that these attacks would be the first of many, as researchers took a closer look at the...

Hyperthreading under scrutiny with new TLBleed crypto key leak

Enlarge / A shiny wafer full of Kaby Lake refresh parts. (credit: Intel) Last week, developers on OpenBSD—the open-source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper...

A host of new security enhancements is coming to iOS and macOS

(credit: Nathan Mattise) Apple on Monday previewed a variety of security and privacy features it plans to add to macOS and iOS operating systems, including encrypted Facetime group calls, password-management tools, and camera and microphone protections. The company...

New speculative-execution vulnerability strikes AMD, ARM, and Intel

Intel Skylake die shot. (credit: Intel) A new attack that uses processors' speculative-execution capabilities to leak data, named Speculative Store Bypass (SSB), has been published after being independently discovered by Microsoft's Security Response Center and Google Project Zero....

As the Web moves toward HTTPS by default, Chrome will remove “secure” indicator

Enlarge (credit: Indigo girl / Flickr) Back in February, Google announced its plans to label all sites accessed over regular unencrypted HTTP as "not secure," starting in July. Today, the company described the next change it will make...

Microsoft claims to make Chrome safer with new extension

Enlarge (credit: Chrome's unsafe content warning.) Chrome already provides effective protection against malicious sites: go somewhere with a poor reputation and you'll get a big, scary red screen telling you that you're about to do something unwise. But...

Intel, Microsoft to use GPU to scan memory for malware

Intel Skylake die shot. (credit: Intel) Since the news of the Meltdown and Spectre attacks earlier this year, Intel has been working to reassure the computer industry that it takes security issues very seriously and that, in spite...

AMD systems gain Spectre protection with latest Windows fixes

Enlarge / An AMD Ryzen. (credit: Fritzchens Fritz) The latest Windows 10 fixes, released as part of yesterday's Patch Tuesday, enable protection against the Spectre variant 2 attacks on systems with AMD processors. Earlier this year, attacks that exploit...

Practical passwordless authentication comes a step closer with WebAuthn

Enlarge (credit: Pablo Viojo / Flickr) The World Wide Web Consortium (W3C) and FIDO Alliance today announced that a new spec, WebAuthn ("Web Authentication") had been promoted to the Candidate Recommendation stage, the penultimate stage in the Web...

Intel drops plans to develop Spectre microcode for ancient chips

Enlarge / A Sandy Bridge wafer. Sandy Bridge is the oldest chip family that's guaranteed to get Spectre variant 2 fixes. (credit: Intel) Intel has scaled back its plans to produce microcode updates for some of its older...

Google bans cryptomining Chrome extensions because they refuse to play by the rules

Enlarge / Mining: no longer welcome in Chrome. (credit: Jeremy Buckingham / Flickr) After a policy that previously permitted them, Google has decided to remove any and all Chrome extensions that mine for cryptocurrencies after finding that too...

As predicted, more branch prediction processor attacks are discovered

Enlarge (credit: Ed Dunens) Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak...

AMD promises firmware fixes for security processor bugs

Enlarge / AMD's Ryzen die. Threadripper has two of these in a multi-chip module. Epyc has four of them. (credit: AMD) AMD has responded to the reports last week of a range of security flaws affecting its Platform...

Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz) Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown...

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.