Sábado, 20 Octubre, 2018

Intel responds to claims of chips having security flaw

Intel CEO Brian Krzanich Intel CEO Brian Krzanich Ap Images
Orlondo Matamoros | Enero 14, 2018, 14:14

Spectre is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term, he said. In the meantime, Intel put out software and firmware updates to deter further threats.

Intel shares opened lower Thursday as the revelation its products are among the chips with potential security-related flaws, has tech giants ensuring the right fixes are available. First up, there's no way of knowing whether or not one has been breached ahead of implementing the necessary patch for their system; the Meltdown and Spectre "exploitation does not leave any traces in traditional log files". This requires the CPU to 'look ahead' and while the processor is then able to reconcile discrepancies in order to execute the program properly, these 'memory lookups' can influence the cache.

An Intel logo is seen at the company's offices in Petah Tikva, near Tel Aviv, Israel, October 24, 2011. Owners of Intel-based CPUs in Oregon, California and Indiana have sued Intel over the security flaws that have been highlighted in its chipset. The former only seems to affect Intel CPUs, with reports that the latter is on all three.

According to researchers, the two main potential bugs are called 'Spectre' which can affect chips made by Intel, AMD and ARM Holdings.

The kernel is a high and mighty authority in the architecture of an OS, and it features the highest privileges to read/write instructions and files.

Intel and other companies were scrambling to fix the problem before word got out, the New York Times reports, but news of the vulnerability was reported by The Register on Tuesday, so the companies and researchers rushed to release information about it on Wednesday. However, Intel is saying that this will not be the case.

Additionally, Intel said that "many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services". That's currently uncertain, but we've contacted Intel for comment and will update this story should we receive a response. It said that it had already protected nearly all instances of AWS and that customers must update their own software running atop the service as well.

While it's urging to see that Xbox is unaffected, different sorts of devices from PC to telephones, and web servers, still aren't completely checked.