There has been plenty of (digital) ink spilled in recent days about widespread processor flaws known as “Meltdown” and “Spectre.” We round up five articles that will help you understand these security vulnerabilities, how they were discovered and their likely impact.
Two years after it was cited for security and privacy violations in its connected toys, VTech Electronics Ltd. has been fined by the U.S. government for violations of a federal law protecting children’s online privacy.
Google has come forward to claim responsibility for discovering a pair of serious security holes in Intel processors that run almost 9 in 10 computers in the world. And worse: the company has echoed a statement by Intel yesterday that the flaws are not specific to that company’s chips. Contrary to published reports, a blog post on the Google Security Blog by Matt Linton, a Senior Security Engineer at Google and Pat Parseghian, a Technical Program Manager said that flaws dubbed “Specter” (PDF) and “Meltdown” (PDF) are not limited to chips by Intel, but exist in central processing unit (CPU) chips by a wide range of vendors including Intel, AMD and ARM. Google discovered the flaws The flaws were discovered by Jann Horn, a researcher for Google’s Project Zero security team, discovered the flaw and showed how malicious actors could game a common CPU feature known as “speculative execution” to […]
Security researchers warned of a serious vulnerability in a GPS service by the China-based firm ThinkRace exposes sensitive data in scores of GPS services, more than two years after the hole was discovered and reported to the firm. (Update: added comment from John van den Oever, the CEO of one2track B.V – PFR 1/3/2018)
Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this, our final episode of 2017, we look back at our most popular segments from the past year – many of which touched on issues that (surprise, surprise) crossed the boundary between information security and politics. Among the most popular segments were discussions of hacking the U.S. election systems, a primer on the cyber capabilities of North Korea with Crowd Strike, a conversation of the case against the Russian firm Kaspersky Lab and an interview with the guy who helps make the hacking scenes in the USA Network’s Mr. Robot look so real.