Foreshadow, the new Intel security threat

After Spectre and Meltdown, and the wishful patching of Intel’s security holes, now there is “Foreshadow”

Intel has been notified by various researchers that yet another security gap has been found in their processors.  The vulnerability affects its chip security technology called Software Guard Extensions (SGX).  This technology has been used in Intel processors since  2015 (2nd generation i3,i5,i7,xeon 3400+, X99 and X299 and later/above.  1st gen i* and Core2Duo or earlier are safe.  Continue reading

WTF is wrong with Intel garbage patches?

This is Linus Trovalds about Intel patches for meltdown:

….. BULLSHIT. Have you _looked_ at the patches you are talking about? You should have – several of them bear your name.
…. It’s not that it’s a nasty hack. It’s much worse than that.
…… As it is, the patches are COMPLETE AND UTTER GARBAGE. Continue reading

Meltdown and Spectre, the new security threats

Those two recent discoveries of a system vulnerability is due to hardware design and kernel development.  One of the two has been partially addressed and fixed if you have updated your linux kernel to a patched one.  The remaining seem pretty hard to be dealt with.  In summary there is a way for memory handling to be leaked to the network revealing any sensitive information that may be temporarily retained as RAM or graphical memory.   It is best not to read on rumors and interpretations but read the originals and monitor the status of fixing.  At least temporarily you may change some habits and constantly wipe your memory to minimize the risk.  Below find a set of links that official information originates and judge for yourself. Continue reading