Google has come forward to claim responsibility for discovering a pair of serious security holes in Intel processors that run almost 9 in 10 computers in the world. And worse: the company has echoed a statement by Intel yesterday that the flaws are not specific to that company’s chips. Contrary to published reports, a blog post on the Google Security Blog by Matt Linton, a Senior Security Engineer at Google and Pat Parseghian, a Technical Program Manager said that flaws dubbed “Specter” (PDF) and “Meltdown” (PDF) are not limited to chips by Intel, but exist in central processing unit (CPU) chips by a wide range of vendors including Intel, AMD and ARM. Google discovered the flaws The flaws were discovered by Jann Horn, a researcher for Google’s Project Zero security team, discovered the flaw and showed how malicious actors could game a common CPU feature known as “speculative execution” to […]
Researchers at the security firm CheckPoint are warning that code to attack a vulnerability in Huawei HG532 home routers has been leaked online and is linked to attacks by the Satori botnet.
The University of Michigan announced that it has received a $3.6 million grant to develop hardware based security features that will make Internet connected systems “unhackable.” The grant will fund a project called MORPHEUS, which is developing a means of fending off hackers by turning computer circuits into the equivalent of “unsolvable puzzles,” according to a statement issued by University of Michigan. The grant was issued as part of a $50-million DARPA program to improve cybersecurity by marrying cybersecurity features with hardware rather than software. “Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” says Linton Salmon, manager of DARPA’s System Security Integrated Through Hardware and Firmware (SSITH) program. Nine grants have been awarded under the SSITH program, including the $3.6 million of funding for the University of Michigan […]
Podcast: Play in new window | DownloadSubscribe: Android | RSSIn our latest podcast: industrial security expert Joe Weiss talks to us about Triton, a new malware family targeting industrial safety systems. Also: Dave Aitel of the firm Immunity Inc. joins us again to talk about new legislation banning government agencies from using anti malware software by Kaspersky Lab. And, Alan Naumann* of the firm Contrast Security talks to us about the major insurance firm that joined the latest round of investment in his company, and why application security is everybody’s problem.
Microsoft is developing a secure processor for The Internet of Things under the banner of Project Sopris, Wired reports.