Archiv: Intel (corporation)


13.11.2019 - 18:24 [ Fefe.de ]

Habt ihr euch Intel Cascade Lake Prozessoren gekauft, um nicht mehr von ZombieLoad betroffen zu sein? Dann seid ihr auf Intels Getrickse reingefallen

„Natürlich kann uns Intel nicht sagen, was wir machen sollen. Wir sind eine unabhängige Universität. Aber Intel kollaboriert mit der Uni, finanziert Doktoranden und ermöglicht, dass die Suche nach Sicherheitslücken an der Uni stattfinden kann. Als unabhängige Universität fragen wir uns allerdings schon, warum das Embargo so lange dauern muss.“

14.05.2019 - 21:36 [ Radio Utopie ]

Während die IT-„Experten“ seit 20 Jahren Luftmaus spielen, gebt Ihr Euch jetzt mal sichere Passwörter

(6.5.2018)

Erklärung: wenn Ihr Passwörter direkt in einen Browser, Euer Mailprogramm, Anwenderprogramm, etc, eingebt, der eine sichere Verbindung hat (https), umgeht Ihr unserer Analyse zufolge die auslesbare Memory Eures Computer-Prozessors. Habt Ihr aber Euer Passwort irgendwo gespeichert, ist dieses mitlesbar sobald ihr es über die „Copy“-Funktion in den Speicher / die Memory ladet.

14.05.2019 - 21:30 [ ZombieloadAttack.com ]

ZombieLoad Attack: Watch out! Your processor resurrects your private browsing-history and other sensitive data.

After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.

While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.

The attack does not only work on personal computers but can also be exploited in the cloud.

14.05.2019 - 21:29 [ Techcrunch.com ]

New secret-spilling flaw affects almost every Intel chip since 2011

Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.

02.05.2019 - 12:51 [ IrishExaminer.com ]

Five Eyes intelligence experts meet amid Huawei 5G controversy

(24.04.2019)

Representatives from the UK, US, Canada, Australia and New Zealand will meet at the National Cyber Security Centre (NCSC) annual two-day conference, CYBERUK, in Glasgow on Wednesday.

It comes as the Daily Telegraph reported that Huawei will have limited access to build “non-core” infrastructure like antennas despite warnings of potential national security threats.

02.05.2019 - 12:47 [ scmp.com ]

Geopolitics – Huawei ban: Australia becomes increasingly isolated among Five Eyes partners if UK includes Chinese firm in 5G network

(26.04.2019)

The US has urged other Five Eyes members – the UK, Canada, New Zealand and Australia – to exclude Huawei from the construction of new telecommunications networks, claiming the company could provide covert access for Chinese intelligence collection, making secure data vulnerable.

However, if the reports from the UK prove accurate, Australia would stand alone as the only member of the Five Eyes alliance – aside from the US – with an all-out ban on Chinese telecoms equipment. Australia, for its part, on Thursday reaffirmed the ban.

01.05.2019 - 20:52 [ theSun.co.uk ]

Western ‘five eyes’ spy chiefs plotted to bring down Huawei over fears it is SPYING for Chinese government

(17.12.2018)

The meeting was first reported by The Australian Financial Review after intelligence officials had publicly voiced concerns about Huawei and China’s „cyber espionage capabilities”.

Huawei has denied the accusations, and Western intelligence agencies have not released any evidence to back up the claims.

29.03.2019 - 10:50 [ Metro.co.uk ]

There is mysterious ‘undocumented technology’ hidden on Intel computer chips, researchers say

Computer experts have claimed that the chips which power most of the computers in the world are hiding mysterious and ‘undocumented’ technology.

Analysts from Positive Technologies alleged that Intel chips and processors contain an enigmatic ‘logic signal analyser’ capable of reading ‘almost all data on a computer’.

The claims are likely to alarm conspiracy theorists …

12.03.2019 - 09:59 [ CNN ]

US warns Germany that using Huawei tech will come at a cost

The letter, which was first reported by the Wall Street Journal, echoes a steady drumbeat of warnings by top US officials, including Vice President Mike Pence, who flagged Huawei’s alleged connections to Chinese intelligence and its ability to compromise national security by selling equipment with „backdoors“ that could allow for unauthorized surveillance.

13.02.2019 - 18:19 [ Financial Times ]

Huawei accuses US of ‘political’ campaign against telecoms group

Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
https://www.ft.com/content/4cf0a902-2f6b-11e9-ba00-0251022932c8

“Some say that because these countries are using Huawei equipment, it makes it harder for US agencies to obtain these countries’ data,” he added.

Mr Xu also revealed that Huawei would spend more than $2bn to restructure the code used in its telecoms services worldwide after a series of “confrontational” meetings with Britain’s cyber security agency over the issue.

13.02.2019 - 18:01 [ sdxcentral.com ]

Huawei Works With Arm, Not Intel, on New CPU

(7.1.2019) William Xu, director of the board and chief strategy marketing officer of Huawei, noted that Huawei had worked extensively with Intel. But he said a diversity of applications and data is driving varied computing requirements. “Huawei has long partnered with Intel to make great achievements,” said Xu in a statement. “Together we have contributed to the development of the ICT industry. Huawei and Intel will continue our long-term strategic partnerships and continue to innovate together.”

13.02.2019 - 17:56 [ theVerge.com ]

Don’t use Huawei phones, say heads of FBI, CIA, and NSA

During his testimony, FBI Director Chris Wray said the government was “deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.” He added that this would provide “the capacity to maliciously modify or steal information. And it provides the capacity to conduct undetected espionage.”

13.02.2019 - 13:02 [ Radio Utopie ]

Während die IT-„Experten“ seit 20 Jahren Luftmaus spielen, gebt Ihr Euch jetzt mal sichere Passwörter

(6.5.2018) Erklärung: wenn Ihr Passwörter direkt in einen Browser, Euer Mailprogramm, Anwenderprogramm, etc, eingebt, der eine sichere Verbindung hat (https), umgeht Ihr unserer Analyse zufolge die auslesbare Memory Eures Computer-Prozessors. Habt Ihr aber Euer Passwort irgendwo gespeichert, ist dieses mitlesbar sobald ihr es über die „Copy“-Funktion in den Speicher / die Memory ladet.

13.02.2019 - 12:23 [ Wikipedia ]

Out-of-order execution

The high logical complexity of the out-of-order technique is the reason that it did not reach mainstream machines until the mid-1990s. Many low-end processors meant for cost-sensitive markets still do not use this paradigm due to the large silicon area required for its implementation. Low power usage is another design goal that is harder to achieve with an out-of-order execution (OoOE) design.

A vulnerability in some microprocessor manufacturers‘ implementations of the out-of-order execution mechanism was reported to the manufacturers on June 1, 2017, but which was not publicized until January 2018, …

13.02.2019 - 12:21 [ Heise.de ]

Die Riesenlücken: Sicherheitslücken in den meisten modernen Prozessoren

(März 2018) Meltdown und Spectre missbrauchen Funktionen, die in Milliarden von Prozessoren stecken: Out-of-Order-Execution (OoOE), Speculative Execution und Branch Prediction. Intel hat OoOE vor rund zwanzig Jahren mit dem Pentium Pro eingeführt: Falls der Prozessor mit der Ausführung eines Befehls warten muss, etwa auf Daten aus dem RAM, verarbeitet er schon einmal einen anderen Befehl, der eigentlich erst später an der Reihe wäre. Er arbeitet Code also nicht in der Reihenfolge ab, wie sie im Programm steht (In Order), sondern in einer anderen, optimierten: Out of Order.

13.02.2019 - 12:20 [ Spiegel.de ]

Chip-Hersteller Intel wird 50: „Nur die Paranoiden überleben“

(18.7.2018) Doch trotz der Erfolgsgeschichte wird ein Umstand die Geburtstagslaune trüben: Im Kern der Intel-Prozessoren klaffen gefährliche Lücken. Und sie könnten nur die Spitze eines Eisbergs sein, vermuten Fachleute.

Der Grundstein für den modernen Mikroprozessor

In die Erfolgsspur brachten den heutigen Weltkonzern vor genau 50 Jahren seine Gründer, der Physiker Bob Noyce und sein Kollege Gordon Moore.

13.02.2019 - 12:03 [ zdnet.com ]

New Spectre attack variant can pry secrets from Intel’s SGX protected enclaves

(2.3.2018) The so-called SgxPectre side-channel attack affects programs with sensitive components protected by Intel’s SGX or Software Guard Extensions enclaves.

SGX is available in newer Intel Core chips and allows developers to selectively isolate sensitive application code and data to run in their own execution environment.

13.02.2019 - 11:59 [ Jennifer Fernick ‏/ Twitter ]

From “FORESHADOW: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution”: Leaky chip, side channel leakage, and hostile OS = decrypting ~100% of the data, ~100% of the time. #realworldcrypto

(10.1.2019)

13.02.2019 - 11:55 [ Arxiv.org ]

Practical Enclave Malware with Intel SGX

(8.2.2019) Modern CPU architectures offer strong isolation guarantees towards user applications in the form of enclaves. For instance, Intel’s threat model for SGX assumes fully trusted enclaves, yet there is an ongoing debate on whether this threat model is realistic. In particular, it is unclear to what extent enclave malware could harm a system. In this work, we practically demonstrate the first enclave malware which fully and stealthily impersonates its host application. Together with poorly-deployed application isolation on personal computers, such malware can not only steal or encrypt documents for extortion, but also act on the user’s behalf, e.g., sending phishing emails or mounting denial-of-service attacks.

13.02.2019 - 11:52 [ Heise.de ]

Prozessor-Sicherheit: Intels sichere Software-Enklave SGX wurde geknackt

(12.2.2019) Mitglieder des Forscherteams, das Anfang letzten Jahres die Hardware-Sicherheitslücken Meltdown und Spectre ans Licht gebracht hat, haben nun Schwachstellen in Intels Software Guard Extensions (SGX) enthüllt.

22.10.2018 - 10:51 [ Tom's Hardware ]

Intel ME’s Undocumented Manufacturing Mode Suggests CPU Hacking Risks

(3.10.2018) Positive Technologies (PT), a Russian security company that has discovered multiple bugs in Intel’s Management Engine (ME) over the last couple of years, this week revealed more details about Intel’s “Manufacturing Mode” for ME, saying it can expose users to remote hacking. This is the second undocumented mode in Intel ME that PT has found in recent years.

22.10.2018 - 10:45 [ Apple Insider ]

Apple left Intel processor management and testing tools unlocked for years

(5.10.2018) The Intel Management Engine (ME) is a subsystem used to handle tasks during the booting process and in the background, and has been in use since 2008. The Register reports the investigation by security firm Positive Technologies looked into how the subsystem could be abused, as a „side-channel threat“ to the processor.

Researchers Maxim Goryachy and Mark Ermolov, who previously were involved in the finding of a related Intel ME firmware flaw one year ago, posted on Tuesday about their latest discovery.

03.05.2018 - 11:09 [ Heise.de ]

Super-GAU für Intel: Weitere Spectre-Lücken im Anflug

Insgesamt zeigen die Spectre-NG-Lücken, dass Spectre und Meltdown keine einmaligen Ausrutscher waren. Es handelt sich eben nicht um ein simples Loch, das man mit ein paar Flicken nachhaltig stopfen könnte. Es verdichtet sich vielmehr das Bild einer Art Schweizer Käse: Für jedes abgedichtete Loch, tauchen zwei andere auf. Das ist die Folge davon, dass bei der Prozessorentwicklung der letzten zwanzig Jahre Sicherheitserwägungen immer nur die zweite Geige gespielt haben.