back to article Intel puts security on the todo list, Tavis topples torrent tool, and more

The security world is still feeling the aftereffects of last week's CPU design flaw disclosures, which continued to dominate the news this week, even amid the noisy CES jamboree in Las Vegas. The Meltdown-slash-Spectre saga, broken by The Register last week, is still causing major headaches, not least for Intel. On Friday, …

  1. Anonymous Coward
    Anonymous Coward

    Did Intel say something?

    Sorry, I gave up listening to their BS

    Time for them to shut up shop and sell their IP to companies that don't let their marketing droids determine product specification.

    Shame really they used to be very good and they have some of the best engineers but now their name is Mudd

    1. druck Silver badge

      Re: Did Intel say something?

      I notice some of their testing shows patched machines actually got faster. Please pass the salt.

      1. Lorribot

        Re: Did Intel say something?

        What about older chipset and more importantly real workloads like VMware, SQL DB, SAP and IIS workloads? You know something actually useful. On all chipsets like Sandy Bridge, Ivy Bridge, Haswell and Broadwell. Sandy Bridge Xeon processors only went end of life in 2015 and were being sold in Gen 8 HP kit in 2013/2014 so are still relevant.

  2. Anonymous Coward
    Anonymous Coward

    How do I get infected with OSX/MaMi

    Q: How do I get infected? ref

    A: At this time, this is unknown. However, it's likely the attacker are using (rather lame) methods such as malicious email, web-based fake security alerts/popups, or social-engineering type attacks to target mac users ..

  3. Anonymous Coward
    Linux

    DNS rebinding attack

    Doesn't work here ref

    $host 7f000001.c7f11de3.rbndr.us

    7f000001.c7f11de3.rbndr.us has address 199.241.29.227

    $host 7f000001.c7f11de3.rbndr.us

    7f000001.c7f11de3.rbndr.us has address 199.241.29.227

    $host 7f000001.c7f11de3.rbndr.us

    7f000001.c7f11de3.rbndr.us has address 199.241.29.227

  4. illiad

    Th REAL question...

    When is Intel going to produce HARDWARE with the 'problem' fixed?? :D

    1. grumpy-old-person

      Re: Th REAL question...

      It is surely way past time that processor architecture be revisited?

      All the research decades ago that would have avoided buffer overflows, null and dangling pointers, unauthorised access, . . . but which could not be implemented at the time as the hardware was too slow and expensive seems to be ignored today.

      Building faster and faster hardware with minimal safety and "living" with the consequences thereof seems like putting a V10 engine in a Morris Minor and being surprised that handling was appalling but continuing to drive it anyway!

      1. Charles 9

        Re: Th REAL question...

        No, because it would take too long, cost too much, and people would STILL rather pay to beat the deadlines. Unless there's a mass exodus or an unaffected tech wins a huge contract, the opportunity cost isn't big enough yet.

  5. Anonymous Coward
    Anonymous Coward

    Topples Torrent Tool

    Anyone else read that as "topless torrent tool"?

    No? Just me? OK, I'll get my top...

    1. Paul Crawford Silver badge

      Re: Topples Torrent Tool

      Lets be honest here, its the main reason I use it...

  6. tiggity Silver badge

    Roulette

    "The Signal hack was even harder. Without having to hack any servers, an attacker could add people to a group chat – but only if they knew the group session's identifying number. This is a randomly generated 128-bit number, so good luck guessing it."

    Good luck targeting a specific chat.

    However, if you generated a decent amount of random 128 bit numbers then a chance of getting into a "random" chat.

    By chance an attacker may find something interesting.

    Just because an attack is "scattergun" does not mean that it can be ignored

    1. Sir Runcible Spoon
      Facepalm

      Re: Roulette

      Even if there were a million simultaneous chats going on at any one time, your chances of 'stumbling* across one with a random number is roughly

      1:340000000000000000000000000000000

      Of course, if the PRNG has flaws that will come down a bit.

    2. mythicalduck

      Re: Roulette

      I assume the chat number doesn't change? So surely, if you can intercept a device, or go phishing, and find the chat number, it wouldn't be that difficult (I'm thinking state actors, rather than joe hacker).

      When you compare that to the WhatsApp which basically notifies everyone when you've joined, my thoughts are that the Signal one is the easier, or at least the more covert.

      Disclaimer: I've never used Signal, so no idea how it works

      1. Sir Runcible Spoon

        Re: Roulette

        If someone already has access to your device (in order to get the chat number) then you're pretty much boned anyway. This seems to be more about jumping on to the system that underpins the chat session and eavesdropping conversations where you don't have access to the end devices.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like