Archives for May 15, 2019

Four new exploits work against most of Intel’s chips made since 2011.

In January 2018, a pair of security exploits dubbed Spectre and Meltdown showed how attackers could take advantage of commonly-implemented CPU technology to access data they shouldn’t have been able to. They were followed by a similar bug, Foreshadow, late last year, and now researchers have uncovered four different techniques that exploit Intel’s speculative execution technology in a similar way.

The website CPU.fail has collected information about each vulnerability — they’re collectively referred to as Microarchitectural Data Sampling (MDS) — including Zombieload, RIDL & Fallout, and Store-to-Leak Forwarding. Example code shows how the attacks could be launched using malicious JavaScript, for example, and researchers state that it would be difficult for antivirus software to detect it, however they have not found evidence of anyone using the tech in attacks so far.

If you have a computer using an Intel CPU released since 2011 then congratulations — you’ve likely won a vulnerability, since only “select” 8th and 9th gen Core CPUs as well as 2nd generation Xeon Scalable CPUs have hardware protection against the attacks.

Patching the holes will require a combination of firmware updates and software updates. macOS, Windows, ChromeOS and Linux already have software updates to address MDS attacks, while Intel has also released microcode updates for some of its hardware (PDF) that you should get through motherboard and system vendors. Just like Spectre and Meltdown, the fixes are expected to impact performance — you can get more information on how much right here.

The competition is on.

After a poster on NASASpaceflight.com uploaded pictures of another Starship vehicle (f.k.a. BFR) under construction in Florida — to go along with prototypes being built in Texas — Elon Musk explained what’s going on. The CEO tweeted that “SpaceX is doing simultaneous competing builds of Starship in Boca Chica Texas & Cape Canaveral Florida.” He said the plan is to find out which location is the most effective even if the answer “might be both.”

Still, if the plan is to get these on the moon ASAP — with other billionaires making plans for lunar travel as we speak — doubling up on production seems like a good idea. For now, SpaceX’s next launch is scheduled for tomorrow to launch 60 of its Starlink internet satellites on a Falcon 9 rocket.

This even includes Windows XP.

Microsoft is trying to head off another WannaCry-style malware outbreak before it starts. The software giant has released fixes for a Remote Desktop Services (aka Terminal Services) vulnerability that could allow “wormable” malware that spreads from computer to computer without requiring any user input. The exploit affects Windows 7, Windows Server 2008 R2 and older releases. Not surprisingly, Microsoft isn’t taking any chances. While it’s no longer officially supporting Windows XP and Windows Server 2003, it’s patching both platforms to prevent ancient PCs (like those used in some business and government scenarios) from falling prey to attacks.

The company stressed that it had seen “no exploitation” ahead of the patch, but though it was “highly likely” that malware writers would use the security hole. Some systems that have Network Level Authentication have a partial defense, since they require credentials before the flaw is usable.

There’s no doubt as to why Microsoft is doing this. WannaCry had a devastating impact on PCs worldwide, including the UK’s health care system, and Microsoft doesn’t want to risk contributing to the issue by leaving systems unpatched. There’s no guarantee that this will avert a crisis, though. Malware like WannaCry tends to spread precisely because companies and institutions are reluctant to update their systems and risk breaking important software — it’ll only be effective if Microsoft can convince customers that the fixes are too important to ignore.

And helps you get your claim to your insurer.

Being in a car accident is stressful — even the smallest bump can send your nerves sky high, and in times of extreme tension it’s easy to forget the usual protocols. But Volvo is here to make the whole unfortunate experience a little easier to manage. The company has just released a mobile service, Car Accident Advisor, that will guide you through what to do in the event of a crash.

After confirming to Volvo customer care that you’re not hurt or in need of emergency assistance, you’ll get a text to your phone linking you to the service. The app will then guide you step-by-step through the necessary actions you need to take, such as taking photos of the damage, writing down notes about the accident and getting information about any other vehicles that were involved.

All that data is then wrapped up in a neat package and sent directly to your insurer, helping you get on your insurance claim straight away. The service also helps you locate Volvo-approved car repair centers, and can even help you arrange a tow to those facilities. Volvo says Car Accident Advisor will work with all of its vehicles after the “2015.5” model year, although if yours is older you can use the service by calling Volvo’s customer care line. It’s completely free.