Connect with us


Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?



Security researchers released official documentation — complete with nicknames and logos —  of two major flaws found in nearly all modern central processing units, or CPUs.

It’s not a physical problem with the CPUs themselves, or a plain software bug you might find in an application like Word or Chrome. It’s in between, at the level of the processors’ “architectures,” the way all the millions of transistors and logic units work together to carry out instructions.

In modern architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

Meltdown and Spectre are two techniques researchers have discovered that circumvent those protections, exposing nearly any data the computer processes, such as passwords, proprietary information, or encrypted communications.

Meltdown affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one another’s data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.

Spectre affects Intel, AMD, and ARM processors, broadening its reach to include mobile phones, embedded devices, and pretty much anything with a chip in it. Which, of course, is everything from thermostats to baby monitors now.

It works differently from Meltdown; Spectre essentially tricks applications into accidentally disclosing information that would normally be inaccessible, safe inside their protected memory area. This is a trickier one to pull off, but because it’s based on an established practice in multiple chip architectures, it’s going to be even trickier to fix.

Chips going back to 2011 were tested and found vulnerable, and theoretically it could affect processors as far back as those released in 1995. One would hope there aren’t too many of those in use, but we may be unpleasantly surprised on that count.

Because Meltdown and Spectre are flaws at the architecture level, it doesn’t matter whether a computer or device is running Windows, OS X, Android, or something else — all software platforms are equally vulnerable.

A huge variety of devices, from laptops to smartphones to servers, are therefore theoretically affected. The assumption going forward should be that any untested device should be considered vulnerable.

Not only that, but Meltdown in particular could conceivably be applied to and across cloud platforms, where huge numbers of networked computers routinely share and transfer data among thousands or millions of users and instances.

The good news is that the attack is easiest to perform by code being run by the machine itself — it’s not easy to pull this off remotely. So there’s that, at least.

Many, many devices are “affected” or “vulnerable” to these flaws, but that’s not the same thing as saying they’re totally open to attack. Intel, AMD, ARM and others have had months to create workarounds and “mitigations,” which is a polite way of saying “band-aids.”

Meltdown can be fixed essentially by building a stronger wall around the kernel; the technical term is “kernel page table isolation.” This solves the issue, but there’s a cost. Modern CPU architectures assume certain things about the way the kernel works and is accessed, and changing those things means that they won’t be able to operate at full capacity.

The Meltdown fix may reduce the performance of Intel chips by as little as 5 percent or as much as 30 — but there will be some hit. Whatever it is, it’s better than the alternative.

Spectre, on the other hand, is not likely to be fully fixed any time soon. The fact is that the practice that leads to this attack being possible is so hard-wired into processors that the researchers couldn’t find any way to totally avoid it. They list a few suggestions, but conclude:

What will actually happen is hard to say, but there will likely be a flurry of updates that carry out various software hacks to protect against the most obvious and damaging attacks. Microsoft has already issued one for Windows; ARM has a set of mitigations for its affected chips; Amazon is updating its many servers.

How broadly and quickly will these mitigation patches be applied, though? How many devices are out there, vulnerable, right now? These updates may not be pretty, perhaps requiring changes that will break other software, drivers, and components. And all will likely involve degrading performance.

A more permanent fix will require significant changes across the board — the circuit board, that is. Basic architecture choices that have been baked into our devices for years, even decades, will have to be rethought. It won’t be easy, and it won’t be fun.

In the meantime companies are working at full capacity to minimize the apparent threat: “mitigations” that may or may not prevent some or all of the variant attacks. As usual, these patches will likely reach only a small subset of new, fast-updating users and devices, or those the company can update directly on its own. We will only know the efficacy of these measures by their performance in the real world.

It’s worth noting that there won’t be a “recall.” If this flaw affected a single device, like the battery problems in Samsung’s phones a while back, a recall would make sense. But this is an issue that affects millions, perhaps billions of devices. A recall isn’t an option.

It’s always a bit odd to hear that companies were informed of a major security flaw like this one months ago, as was the case with Meltdown and Spectre. This particular exploit has been under investigation for some time by researchers, and word of it trickled out in the form of small updates to various operating systems addressing a hitherto-undocumented security flaw.

If the researchers just tweeted out the details when they discovered them, it would essentially be giving attackers access to that information at the same time as the companies that can fix the problem. Generally security investigators do what’s called responsible disclosure, contacting affected companies secretly, either as a simple courtesy or in order to collaborate on a solution.

In this case Google contacted Intel several months ago, and no doubt others knew to some degree as well, since Microsoft issued patches to insiders well ahead of the public announcement, and Linux distributions were likewise addressing the issue even though the papers describing the flaw were not out yet.

The plan would normally be that the affected company or companies would come up with a solution, quietly apply it, then announce both the flaw and the solution at the same time. And in fact that seems to be what was planned in this case.

But smart reporting by The Register, which among others put together the disparate pieces, seems to have forced the hands of several billion-dollar companies. The companies scrambled to finalize their statements, addressing “inaccurate” media reports and hastily issuing patches and explanations that likely weren’t due until next week.

While some may suggest that El Reg should have let things take their course, there’s a great deal to be said for not allowing the billion-dollar companies in question to completely control the narrative around a major issue like this. If the only version of the story we ever heard was one approved by their joint committee, things would likely have been painted in a different light.

As the researchers put it at the end of the the Spectre paper:

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Why Should Your Apps Upgrade To Ios11?



Apple has been the king of technology that is been providing its iOS using user kingdom the first grab at the latest technology. Whether it is multi-touch, fingerprint sensors, 3D touch etc, Apple has been behind all of it. Apple understands their users and their thirst for using the latest technology and they have been proving the latest technology since Apple was founded. Such latest technological advancement that was introduced by the Apple came to market last year and its name is “iOS 11”.

The new iOS 11 has the latest SDK and API packages for better app functioning. iOS 11 also introduced new architecture updates along with new visual changes. iOS is compatible with the iPhone 5 and the later model of iPhones, iPad mini 2 and the later model of iPads. If you are an iOS app development company then it is time for your apps to update according to the new iOS 11 features.

iOS app development companies around the world are updating their apps according to the new iOS 11 features and architecture. Whether you are building a new app or you have an existing iOS app here are some factors that should consider updating your app to the new iOS 11 system.

Apple app store update

With over 2 million apps on the app store, Apple decided to give their app store a makeover. The app store has changed the way the app store showcases its apps that help the customers discover new apps. App store also offers single app preview which is a video clip that user can watch before downloading the app so the user doesn’t regret the download. If you haven’t added the app preview of your app, this is the time to add it and attract more users.

Apple pay

Apple pay was introduced as a new feature in the iOS 11. It is just like Samsung pay that allows its user to transfer money to other Samsung pay users. Integrating new payment features into your app can ease the process of payment for the user. If you have an e-commerce app on iOS including Apple pay in your app can increase the sales. With the help of Apple pay, the user can send money from debit or credit card. Along with that Apple pay also supports Siri voice commands to pay someone.

Business chat for better engagement with users

Business chat is a powerful tool for engaging with your customers directly on messages. With the help of business chat, you can solve issues and answer questions related to your business, and also complete transactions on their iPad, iPhone, and other Apple devices. The business chat will solve the accessibility issue of businesses and developers. You can integrate this feature into your app for better engagement with the users. The features that Business chat offers can compete with other services because it is integrated across different platform.

Drag & drop features

The new iOS 11 has added a drag and drop feature within UIKit in the complete system across latest iPad and iPhone devices. It gives users an easy and quick way to manage images, videos, audio, etc from one app to another. Apple has introduced view controllers for local and remote file browsing. It is also compatible with third-party apps like Google Drive and Dropbox that makes accessing files from various platforms easy. You can use this features if necessary in your app for enhanced app performance.

Latest Core machine learning

Core machine learning had been included in the previous version of iOS. It enhances the performance with easy integration of new features in your application with just a few lines of codes. A good feature integrated with the help of Core ML can give your app the advantage of recognizing a complex pattern, make intelligent decisions, etc. Apple has also started to focus on having Core ML specifically on their apps such as Siri, camera, and quick type. The new iOS 11 Core ML model can read barcode, face, text, object detection, and landmark detection.

Latest ARKit for iOS 11

The AR has been found in many apps before it was popularized in the market. But Apple has perfected the AR in its new iOS 11. It works much better than its previous version. ARKit is one of the two largest frameworks introduced in iOS 11. ARKit allows developers to include high-end graphics into real-time images. In simple words, ARKit blends digital objects and information with the surrounding environment. Many e-commerce apps have included ARKit features into their apps to enhance the shopping experience of the user.

Apple has introduced iOS 11 in intention to enhance the user experience and it is about time you upgraded your app according to that. Try to integrate one or more feature in your app that is compatible with the new system. Ask your developers that if your app is compatible with the new iOS 11 system. Vrinsoft has the best iPhone developing team that makes sure the app is compatible with the latest features in the market.

Continue Reading


Intel’s 8th-generation chips are almost here



On the 5th of October, Intel will officially launch its 8th-generation processors into retail and OEM. These desktop chips offer more cores than Intel’s 7th-gen processors did, at a slightly higher power cost and with a small price increase.

Since rival chip-makerAMD brought out its own new Ryzen processors earlier this year that offered more cores at a lower cost, and superior performance over Intel’s 7th-generation processors in certain circumstances, this is a welcome move for Intel fans who’d been hoping Intel would respond in kind.

The additional cores of these new processors offer improved performance in intensive parallel workloads, as well as improved gaming performance when compared directly to the previous generation’s processors. They’re also more overclockable than Intel’s previous-gen CPUs were. Intel says they will offer “up to 40%” of a performance improvement over previous-gen chips.

According to Engadget, Intel calls its top-end 8th-gen processor, the i7-8700k, its “best gaming desktop processor ever”. It’s a six-core, 12-thread, 3.7GHz monster that Intel says boosts some games’ frame rates by “up to 25%” over the i7-7700k, and does 4K video editing “up to 32% faster”.

Other improvements include faster video streaming and recording, tweaks to multitasking, smoother streaming of cutting-edge 4K/10-bit/HDR Ultra HD video, a Turbo Boost speed of 4.7GHz and the ability to push that even further without requiring liquid cooling.

Of course, Intel’s complete line-up includes Core i3, Core i5, and Core i7 chips that occupy a wide range of price points, TDPs, and Smart Cache levels. Here’s a quick look at them from Intel’s official product brief:

Something to keep in mind is that these new processors will not run on Intel’s 200-series chipset – upgrading will require the acquisition of a new motherboard featuring the Intel’s new 300-series chipset. So while these processors feature the same pin configuration as their 7th-gen counterparts and thus feature same physical socket, they are incompatible with those older boards. Intel has no plans to issue a firmware patch to change this at a later date, either.

What’s more, the new chipset isn’t dramatically different, either, only sporting things like “improved power delivery for 6-core chips and better support for DDR4-2666 memory”, according to Engadget.

As with every new generation of PC tech, if you upgraded recently, these new products won’t hold much appeal. If, however, you or your business are running older hardware, like 2nd-, 3rd- or 4th-gen processors, these new shiny chips should offer a stunning leap forward in performance and value.

Just don’t forget to grab new motherboards with them, and some DDR4 RAM if you’ve not upgraded beyond 4th-gen.

Continue Reading


Intel’s 8th-gen Core processors won’t be revolutionary



It’s clearer than ever that the days of tick-tock Intel chip upgrades (new process one generation, new architecture the next) are long gone. Intel has revealed that its 8th-generation Core processors, due in the second half of 2017 will once again be built on a 14-nanometer process — yes, for the fourth time in a row. The company is shy on what these new chips will entail, but it’s claiming that it’ll manage another 15 percent performance improvement (in SysMark tests, anyway) like it did with the 7th-generation Core designs you see now.

AnandTech notes that the upcoming refresh might focus more on the low-voltage U- and Y-series chips you see in very thin and light laptops, just as you saw with the initial 7th-gen processors late last year. That has yet to be confirmed, however.

One thing’s for sure: when Intel’s long-delayed 10nm processors finally do arrive, you won’t see a wholesale switch to the new technology. Intel says that future process uses will be “fluid” depending on the segment they’re targeting, and that data centers will get first crack at these upgrades. Don’t be surprised if the Xeon line gets first dibs on 10nm, then, or if only some mainstream chips make the leap at first.

The decision might be necessary given the challenges of shrinking large CPUs down to a 10nm process, but it’s likely to leave Intel feeling nervous. After all, mobile giants like Qualcomm are releasing 10nm processors this year. While mobile tablets probably won’t outperform most laptops any time soon, this could narrow the gap enough that you might be tempted to skip buying a conventional Intel-based PC in the right circumstances.

Continue Reading