Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 4 MINUTES AGO.
You are here: Home / Viruses & Malware / Intel Fights Meltdown and Spectre
Fighting Meltdown and Spectre, Intel Designs New Chips
Fighting Meltdown and Spectre, Intel Designs New Chips
By Seung Lee Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
19
2018
Intel said it has made progress in fighting against the Meltdown and Spectre vulnerabilities through software patches and an upcoming generation of microprocessors with newly designed hardware.

In a public blog post shared on Thursday, Intel CEO Brian Krzanich [pictured above] outlined a two-pronged plan to mitigate future damage by the two vulnerabilities, which were made public in January, rattling the cybersecurity community. In addition to software patches distributed to all Intel products launched in the past five years, Intel's next-generation Xeon processors, code-named Cascade Lake, will have hardware redesigns to prevent both vulnerabilities.

Meltdown and Spectre were discovered last year by researchers led by Google Project Zero. The vulnerabilities can allow hackers to steal sensitive personal data stored in the computer's memory via apps running in the computer, such as password managers, browsers and emails.

Meltdown steals data by bypassing the hardware barrier between running applications and the computer's memory; Spectre tricks applications into handing over secret information from the computer's memory. Due to the flaws dating back to the 1990s and in nearly all Intel chips, nearly all computers, laptops, mobile phones and cloud servers in the world were vulnerable to these bugs.

Intel has been working to protect computers from these two vulnerabilities in the past three months by issuing software patches. Krzanich said Intel has released updates for 100 percent of Intel products launched in the past five years that require protection against Meltdown's side-channel hacking method.

The software updates do have limits, as they will prevent against one of two variants in which Spectre can be used by hackers to collect data from the computer's memory.

"With these updates now available, I encourage everyone to make sure they are always keeping their systems up-to-date," said Krzanich. "It's one of the easiest ways to stay protected."

Intel's new microprocessors will prevent the other variant of Spectre and the one existing Meltdown variant. Cascade Lake microprocessors have additional layers of "partitioning" in the processor so the memory is harder to exploit. The microprocessors are expected to launch in the second half of 2018.

"Think of this partitioning as additional 'protective walls' between applications and user privilege levels to create an obstacle for bad actors," said Krzanich.

After facing a major public relations crisis following the public revelation of Meltdown and Spectre, which included a Congressional inquiry and more than 30 class-action lawsuits, Intel has been doubling down on preventing similar situations in the future. A week after the vulnerabilities were revealed, Krzanich issued the "Security First Pledge" that Intel will shore up its defenses against them.

In February, Intel opened a bug bounty program to find similar vulnerabilities to Spectre. It will last until the end of this year and pay up to $250,000.

"Our work is not done," said Krzanich in the blog post. "This is not a singular event; it is a long-term commitment. One that we take very seriously. Customer-first urgency, transparent and timely communications, and ongoing security assurance. This is our pledge and it's what you can count on from me, and from all of Intel."

© 2018 San Jose Mercury News under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: Walden Kirsch/Intel Corporation.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN VIRUSES & MALWARE
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.