It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
originally posted by: AMPTAH
If your PC is not connected to the internet, then there's no security issue here.
If your PC is connected to the internet, there' no perfect security possible anyway.
So, continue as you were.
originally posted by: greyhat
originally posted by: intrptr
Undetected for over a decade? Who believes that?
Basically the MMU simply does not operate as specified/implimented
in previous generations of x86 hardware. It is not just buggy, but
Intel has gone further and defined "new ways to handle page tables"
(see page 58).
- Some of these bugs are along the lines of "buffer overflow"; where
a write-protect or non-execute bit for a page table entry is ignored.
Others are floating point instruction non-coherencies, or memory
corruptions -- outside of the range of permitted writing for the
process -- running common instruction sequences.
This is definitely the nastier of the two exploits and affects all modern processors (Intel, AMD, ARM, etc.) and operating systems that we know of. Spectre in effect tricks "error-free" applications that follow "best practices" to provide access to arbitrary locations in their memory. Spectre, like Meltdown, breaks down the barriers between applications, but researchers indicate that "the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre."
Note: Customers who only install the January 2018 security updates from Microsoft will not be fully protected against the vulnerabilities. You will also need to install firmware updates from your device manufacturer. Antivirus software updates should be installed first. Operating system and firmware updates can be installed in either order.
originally posted by: AMPTAH
originally posted by: SR1TX
What if this is how the DNC was hacked from the inside? By one of our own?
What if they just found out that it was the Russians who recently discovered the bug, and used it to hack the DNC and RNC, and so now they have to admit there's a bug, and patch the thing before the Russians get more intel this way?
originally posted by: Arbitrageur
a reply to: Cauliflower
As I already said on page 2, the link eisegesis posted on page 2 describes a far worse problem with the Intel processors, the computer inside your computer with its own webserver, that you have no control over. The Google engineer who found the problem said if you aren't scared, then maybe he didn't explain the problem well enough, because he's scared.
AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor.
The security bug is a buffer overflow that allows code execution inside the AMD SPS TPM, the component that stores critical system data such as passwords, certificates, and encryption keys, in a secure environment and outside of the more easily accessible AMD cores. Intel fixed a similar flaw last year in the Intel ME.
Six months after Intel was informed about unprecedented vulnerabilities in its chips that could enable hackers to access user data, and which has since emerged as the most "staggering" bug to affect the global semiconductor industry, company CEO Brian Krzanich was quietly selling shares and exercising stock options worth a total of $39 million, netting him nearly $25 million, according to regulatory filings.
The trade, which took place on Nov. 29, has been called "a highly unusual move" that risked attracting regulatory scrutiny, according to lawyers and analysts who spoke to the WSJ. The timing of Krzanich’s sale “is really odd,” said Dan O’Connor, a Ropes & Gray attorney specializing in securities law. "The timing, the size, the unusual nature compared to prior sales—that’s going to get this a lot of scrutiny."
While the trade took place under an SEC rule that allows officers and directors to prearrange sales of specific numbers of shares at particular times, the experts note that the rule prohibits insiders from setting up such transactions while possessing undisclosed information that might affect the stock price.[/url]