back to article Intel puts security on the todo list, Tavis topples torrent tool, and more

The security world is still feeling the aftereffects of last week's CPU design flaw disclosures, which continued to dominate the news this week, even amid the noisy CES jamboree in Las Vegas. The Meltdown-slash-Spectre saga, broken by The Register last week, is still causing major headaches, not least for Intel. On Friday, …

Anonymous Coward

Did Intel say something?

Sorry, I gave up listening to their BS

Time for them to shut up shop and sell their IP to companies that don't let their marketing droids determine product specification.

Shame really they used to be very good and they have some of the best engineers but now their name is Mudd

3
0
Silver badge

Re: Did Intel say something?

I notice some of their testing shows patched machines actually got faster. Please pass the salt.

1
1

Re: Did Intel say something?

What about older chipset and more importantly real workloads like VMware, SQL DB, SAP and IIS workloads? You know something actually useful. On all chipsets like Sandy Bridge, Ivy Bridge, Haswell and Broadwell. Sandy Bridge Xeon processors only went end of life in 2015 and were being sold in Gen 8 HP kit in 2013/2014 so are still relevant.

1
0
Silver badge

How do I get infected with OSX/MaMi

Q: How do I get infected? ref

A: At this time, this is unknown. However, it's likely the attacker are using (rather lame) methods such as malicious email, web-based fake security alerts/popups, or social-engineering type attacks to target mac users ..

0
0
Silver badge
Linux

DNS rebinding attack

Doesn't work here ref

$host 7f000001.c7f11de3.rbndr.us

7f000001.c7f11de3.rbndr.us has address 199.241.29.227

$host 7f000001.c7f11de3.rbndr.us

7f000001.c7f11de3.rbndr.us has address 199.241.29.227

$host 7f000001.c7f11de3.rbndr.us

7f000001.c7f11de3.rbndr.us has address 199.241.29.227

0
0

Th REAL question...

When is Intel going to produce HARDWARE with the 'problem' fixed?? :D

7
0

Re: Th REAL question...

It is surely way past time that processor architecture be revisited?

All the research decades ago that would have avoided buffer overflows, null and dangling pointers, unauthorised access, . . . but which could not be implemented at the time as the hardware was too slow and expensive seems to be ignored today.

Building faster and faster hardware with minimal safety and "living" with the consequences thereof seems like putting a V10 engine in a Morris Minor and being surprised that handling was appalling but continuing to drive it anyway!

2
0
Silver badge

Re: Th REAL question...

No, because it would take too long, cost too much, and people would STILL rather pay to beat the deadlines. Unless there's a mass exodus or an unaffected tech wins a huge contract, the opportunity cost isn't big enough yet.

0
1
Anonymous Coward

Topples Torrent Tool

Anyone else read that as "topless torrent tool"?

No? Just me? OK, I'll get my top...

10
0
Silver badge

Re: Topples Torrent Tool

Lets be honest here, its the main reason I use it...

6
0
Silver badge

Roulette

"The Signal hack was even harder. Without having to hack any servers, an attacker could add people to a group chat – but only if they knew the group session's identifying number. This is a randomly generated 128-bit number, so good luck guessing it."

Good luck targeting a specific chat.

However, if you generated a decent amount of random 128 bit numbers then a chance of getting into a "random" chat.

By chance an attacker may find something interesting.

Just because an attack is "scattergun" does not mean that it can be ignored

0
0
Silver badge
Facepalm

Re: Roulette

Even if there were a million simultaneous chats going on at any one time, your chances of 'stumbling* across one with a random number is roughly

1:340000000000000000000000000000000

Of course, if the PRNG has flaws that will come down a bit.

0
0

Re: Roulette

I assume the chat number doesn't change? So surely, if you can intercept a device, or go phishing, and find the chat number, it wouldn't be that difficult (I'm thinking state actors, rather than joe hacker).

When you compare that to the WhatsApp which basically notifies everyone when you've joined, my thoughts are that the Signal one is the easier, or at least the more covert.

Disclaimer: I've never used Signal, so no idea how it works

1
0
Silver badge

Re: Roulette

If someone already has access to your device (in order to get the chat number) then you're pretty much boned anyway. This seems to be more about jumping on to the system that underpins the chat session and eavesdropping conversations where you don't have access to the end devices.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018