We don't have a great many rules on this forum. The ones we do have are mostly common sense but there are a couple which you do need to pay close attention to. You can read the latest version of the rules here: viewtopic.php?t=5958
Intel has revealed another potential security flaw in its products which could expose sensitive data, the third time it has had to disclose a vulnerability in its systems since the start of the year.
Intel said the flaw in its SGX technology, nicknamed Foreshadow, had been discovered by separate groups of researchers, and could be exploited to access data from a chip's memory.
The SGX feature, or Software Guard Extensions, was created to protect sensitive data, creating enclaves on the processor that it was thought could not be accessed if the main computer was compromised.
Intel said it was "not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices".
It urged users of its products to update their systems, although said a limited number of server computers were at risk.
"We are diligent in these efforts because we recognise bad actors continuously pursue increasingly sophisticated attacks, and it will take all of us working together to deliver solutions," it said.
It appears to circumvent the Software Guard eXtensions (SGX) feature that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels. Intel designed SGX to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM)
Yeah I was reading about that on https://www.theregister.co.uk/ and like you Derek I am very surprised this is not getting more media attention. This is BIG! Makes you wonder what other flaws are yet to come to light?
Saul
Site Admin If I have been able to help you in some way you canBuy Me A Coffee Here.
Yes indeed. So many things apparently out there to protect us that do pretty much the opposite. I think it would be safe to say a lot of the tech we rely on and think of as robust and secure either has hidden flaws in it or at some point a hacker will find a way through the protection. It's inevitable really
Saul
Site Admin If I have been able to help you in some way you canBuy Me A Coffee Here.
I wouldn't call them flaws, these are backdoors that were added on purpose to make life easier for the various 3 letter agencies.
Remember the Snowden Documents?
All key US Tech companies collaborate with the 3 letter agencies by providing backdoors in their products, so this is no longer a conspiracy theory but rather a proven fact.
Furthermore basically all Intel cpus of the last 15 years (since the Centrino) have been designed in Israel and the Israelis are well known for putting backdoors for their own security services in their tech products.
I’m not convinced that a speculative execution attack is a deliberate backdoor. what makes you say that? That does sound like conspiracy theory to me.....
Of course I have no proof that this specific flaw is a deliberate back door, but given that we know as a fact thanks to the Snowden documents that back doors have been placed deliberately into US IT products, it's reasonable to assume so, especially when it's a flaw that allows you to circumvent a security feature.
I guess just because you’re paranoid it doesn’t mean to say that they are not out to get you.
I still don’t buy this as a deliberate back door, there are much easier ways to circumvent security and it usually revolves around people’s poor security habits (which I have been guilty of in the past as well). Humans are the weakest link in the security chain.
Derek wrote: ↑Wed Aug 22, 2018 6:27 pm Humans are the weakest link in the security chain.
Nah, you're quite wrong there, Derek. You just can't get a better password than Fr1ght3nedCh1cken666 which I use for all my computers and bank accounts
I think you were on the money in one of your earlier comments, DRM and IP theft protection is far more likely to be the driver (pun intended) behind what appears to be poor design.
Jim
Yamaha EX5, AN1X, TG500, MU100R, A3000, Moog Werkstatt, Korg Wavestation SR, Sigma, Legacy Digital, nanoKontrol v2, Nord Modular G2, G2 Engine, Focusrite PRO 40, MIDISPORT 8x8/s & Uno, Behringer DEQ2496, Arturia Keylab 49 MkII, BeatStep, V Collection, Pigments | Love keyboards but so little time
Derek wrote: ↑Wed Aug 22, 2018 6:27 pmthere are much easier ways to circumvent security and it usually revolves around people’s poor security habits
Well in that case I guess you are calling Snowden a liar and all his papers fabrications...
Of course humans are the weakest link when you don't have knowledge of back doors, but you can hardly argue that back doors aren't even easier by far, especially when you have designed them and therefore know exactly how to make use of them.
By the way don't bother about clearing out Jimas accounts, how do you think I'm financing my idle beach life on Kiribati?