Insecurity experts have found that Intel chips are vulnerable to another side-channel attack similar to Meltdown and Spectre.
Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.
Dubbed “BranchScope” the attack is similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly.
The attacker needs to have access to the targeted system and they must be able to execute arbitrary code. But the researches think that the attack requirements are realistic.
The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures.
According to Ars Technica in the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken. The victim code then runs and makes a branch, which is potentially disturbing the PHT. The attacker then runs more branch instructions of its own to detect that disturbance to the PHT; the attacker knows that some branches should be predicted in a particular direction and tests to see if the victim’s code has changed that prediction.
To be fair to Chipzilla the researchers looked only at Intel processors, using the attacks to leak information protected using Intel’s SGX (Software Guard Extensions), a feature found on certain chips to carve out small sections of encrypted code and data such that even the operating system (or virtualization software) cannot access it. It might be that AMD chips could also suffer. They described ways the attack could be used against address space layout randomization and to infer data in encryption and image libraries.
Intel has commented on the findings saying it had been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits.
“We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.”
Courtesy-Fud
April 6, 2018 by admin
Filed under Around The Net
A US Judge who clearly didn’t understand the full repercussions of what they were doing, has ruled that Google’s use of Java APIs in the original Android code did not constitute fair use, and that reparations are due.
Some analysts believe that Google could be $8bn to $9bn poorer as a result of the ruling, the latest chapter in a long-running dispute.
The story runs thus: Google used the Java code, formally owned by Sun Microsystems to create large swaths of the Android code.
That’s fine because the code is open-source. However, the Java APIs, now owned by Oracle, are not, and Oracle has long since argued that it deserves a piece of the billions made by Google through the Android platform.
Despite a ruling in Google’s favour citing fair use, Oracle persisted and the latest appeal has seen that decision overturned by the Federal Circuit, remanding the matter to California state judges to set damages.
The issue here is, as it always has been, a direct part of the future of open source itself – because if APIs are seen as a chargeable copyrightable asset, separate from the language itself, then back bedroom developers and smaller companies will find it impossible to afford to develop this way.
Additionally, the precedent could result in Oracle being able to pursue thousands of other companies in the same way.
Oracle has claimed that Android ‘destroyed’ the Java mobile market and is willing to fight for that, even if it brings down the entire IT playhouse down.
“The Court pointed out that it was not holding that “a fair use defense could never be sustained in an action involving the copying of computer code”. That may be right, but this Court had no qualms about assessing and reassessing evidence and arguments that were made to the jury. It’s a decision that needs to be carefully and thoughtfully considered in any case involving fair use, particularly in the context of software,” said J Michael Keyes, a partner at Dorsey and Whitney who has been following the case.
He added that the ruling states that API packets are not to be considered ‘transformative’ and that even the slightest bit of proprietary code could be seen as enough to infringe copyright.
“This is a hugely important development in the law of copyright and fair use,” said Keyes.
It’s thought that the matter could now be escalated to the Supreme Court for yet another appeal.
Courtesy-TheInq
Physicist Dr Uriel Levy and his team have emerged from his lightning struck tower in the Hebrew University of Jerusalem having created a proof of concept for a working terahertz microchip.
Until now, two major challenges stood in the way of creating a workable terahertz microchip – scalability and the fact they tended to catch fire.
In a paper published this week in Laser and Photonics Review, which we get for the spot the Proton competition, Levy, and HU emeritus professor Joseph Shappir have shown proof of concept for an optical technology that integrates the speed of optic (light) communications with the reliability and scalability of electronics.
Optic communications encompass all technologies that use light and transmit through optic cables, such as the internet, email, text messages, phone calls, the cloud and data centers, among others. Optic communications are super fast, but in microchips, they become unreliable and difficult to replicate in large quantities.
By using a Metal-Oxide-Nitride-Oxide-Silicon (MONOS) structure, Levy and his team have come up with a new integrated circuit that uses flash memory technology in microchips. If successful, this technology will enable standard 8-16 gigahertz computers to run 100 times faster and will bring all optic devices closer to the holy grail of communications: the terahertz chip.
Levy said: “This discovery could help fill the ‘THz gap’ and create new and more powerful wireless devices that could transmit data at significantly higher speeds than currently possible. In the world of hi-tech advances, this is game-changing technology,”
Meir Grajower, the leading HU PhD student on the project, added, “It will now be possible to manufacture an optical device with the precision and cost-effectiveness of flash technology.”
Courtesy-Fud
Sign up for our Technology Newsletter 
Comments