Spectre/Meltdown Update Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake — arstechnica.com/… Intel’s latest set of Spectre microcode fixes is coming to a Windows update — arstechnica.com/… In an SEC filing in the US, Intel have revealed there are now 32 lawsuits against it over Spectre & Meltdown — arstechnica.com/…
Continue readingMore TagAuthor: Bart Busschots
Security Bits – Google’s Ad Filter, iBoot Leak, iOS Teluga Text Bug
Security Medium 1 — Google’s Ad Filter On February 15 Google’s Chrome browser gained a nice new feature for controlling ads. It’s been reported on as an ad blocker, but that coverage misses a very important subtlety. Google itself calls the feature ad filtering, and an ad filter describes this feature very well indeed. Google […]
Continue readingMore TagSecurity Bits – Spectre/Meltdown Update, Strava Heat Maps
Followup — Spectre & Meltdown News Intel asks customers to halt patching for chip bug, citing flaw — www.reuters.com/… New Windows patch disables Intel’s bad Spectre microcode fix — arstechnica.com/… macOS Sierra, OS X El Capitan Updates Patch Meltdown Flaw — www.intego.com/… Apple offers another Meltdown fix for Mac users… — nakedsecurity.sophos.com/… Security Medium — […]
Continue readingMore TagSecurity Bits – Spectre & Meltdown Update (Again), Dark Caracal, chaiOS
Meltdown & Spectre Update Steve Gibson of GRC (author of ShieldsUp & SpinRite) has released InSpectre, a free Windows app which clearly communicates your PC’s current level of protection against Meltdown & Spectre, and what kind of a performance hit you should expect — www.grc.com/… RedHat have withdrawn their microcode patch for Spectre after it […]
Continue readingMore TagSecurity Bits Special – Spectre and Meltdown Update
We felt it was a good idea to bring everyone up to speed on what we know a week later about Spectre and Meltdown instead of waiting for our regularly scheduled Security Bits.
Continue readingMore TagSecurity Bits – Password Trackers, IOHIDeous, Meltdown & Spectre
Security Bits – 5 Jan 2018 Security Medium 1 — Password Managers as Trackers Security researchers have found that less-reputable tracking firms have deployed JavaScript which uses invisible forms to trick password managers into entering information which can then be used as a kind of super-cookie that users cannot delete, and hence, track them around […]
Continue readingMore TagSecurity Bits – HP Keylogger, Mailsploit
Security Medium 1 — HP’s Accidental Keylogger Some HP laptops shipped with a keyboard driver from Synaptics in which a developer debugging feature was accidentally left enabled. The effect of this mistake is that the driver has built-in support for logging all keystrokes via WPP (a debugging tool that’s built into Windows). This sounds bad, […]
Continue readingMore TagSecurity Bits – 08 December 2017 – macOS Root Bug, HomeKit Bug, iOS Backup Encryption
Security Medium 1 — macOS High Sierra Root Bug A nasty bug was found in macOS 10.13 High Sierra — it was possible to cause the root account to become enabled, and to do so with a blank password. To trigger this bug all you had to do was go into the control panel, click […]
Continue readingMore TagSecurity Bits – 26 November 2017 – FaceID Isn’t Broken, USB Bugs in Linux Kernel, Vulnerability in Intel Chips
Security Medium 1 — No, FaceID isn’t Broken, but it Does Have Limits A snazzy demo to the press had headlines all over the press screaming about how FaceID had been broken. But as is so often the case with stories like this, the devil is very much in the detail. What the hackers really […]
Continue readingMore TagSecurity Bits – Canvas Fingerprinting, KRACK Updates, TOR Browser Bug, New Zero-Day WiFi Bug, Brother Printer Exploit
Security Medium 1 — Canvas Fingerprinting Before we look at canvas finger printing, I just want to set the scene with a reminder of one of the most fundamental truths about how the web was designed – each web page load is an independent event. Because that meant websites had no memory of anything that […]
Continue readingMore Tag