A few weeks ago, Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) reported a vulnerability in Intel Core-based CPUs, very similar to the recent Meltdown exploits. For those not familiar, the CPU is the piece of hardware that handles the processing for an entire computer system. Thus, a vulnerability in that component puts the … [Read more...]
aLTEr Attack – Daily Security Byte
Wow, it's been a long time. If you've followed the Daily Security Bytes over the years, you've probably wondered where the videos have been. As mentioned in a previous video, I was traveling for a month for WatchGuard, and wasn't sure if I would be able to do regular videos during that time. In fact, that trip's aggressive schedule made it hard to do any videos at all. When … [Read more...]
EFail, “No One is Safe Using Email”
“Email is a plaintext communication medium whose communication paths are partly protected by TLS. For people in hostile environments (journalists, political activists, whistleblowers, ...) who depend on the confidentiality of digital communication, this may not be enough.” This is according to a researcher on the EFail website, who goes on to describe how this vulnerability … [Read more...]
AMD Responds to CTS – Daily Security Byte
In an earlier video, I told you how a research organization called CTS disclosed thirteen vulnerabilities in AMD processors. However, there were a lot of strange factors around this disclosure. Though one other 3rd party security researcher did verify the flaws existed, CTS only gave AMD 24 hours before going to the press, they didn't share any technical details, they claimed … [Read more...]
Meltdown and Spectre CPU Vulnerabilities
On 3 January 2018, security researchers at Google, Graz University of Technology, and several other education institutions disclosed multiple vulnerabilities found in most modern Intel, AMD and ARM processors. The more severe vulnerability, Meltdown (CVE-2017-5754), appears isolated to Intel processors developed in the last 10 years. Spectre (CVE-2017-5715 and CVE-2017-5753) on … [Read more...]
