Microsoft has been forced into rushing out an emergency security update to help counter security flaws that have been discovered in modern processors.

Discovered by Google’s Project Zero team, these bugs, called Meltdown and Spectre, have the potential to offer up highly sensitive information such as encryption keys, live access to running applications and passwords. As you can imagine, this is a major issue especially as the problems are likely to affect Intel, AMD and ARM processors.  This accounts for nearly all computers, smart phones, servers tablets and laptops on the planet.

Due to the widespread reach of these security flaws, I’m going to give you the lowdown on the situation and how the emergency security update is going to help.

Compromised Processors

To understand what’s happening with these compromised processors we need to take a look at the kernel. Now, you may be wondering what the kernel is, so here’s a quick explanation: the kernel is the beating heart of any operation system and, much like a heart, helps to manage everything happening in the PC. And this is why the kernel memory holds such sensitive information such as login and password details.

Meltdown demo showing a password being read from memory

Unfortunately, a flaw in the aforementioned processors allows other programs – which aren’t part of the kernel – to access the kernel memory. Usually, processors would simply ban any non-kernel applications accessing the kernel memory, but, by an admittedly rather complicated process, it’s possible to exploit this vulnerability and remove any obstacles. The kernel’s memory can then be not only accessed, but also changed by any external application.

Sample code showing the execution of Spectre

Microsoft has issued security patches pretty quickly in response to Google’s findings, but just how effective are they? Well, seeing as the fault lies within a piece of hardware, it’s difficult for a software patch to be an all-in-one solution. Whilst Microsoft’s patches will address the issue it’s not as effective as they would like, with the main drawback being a reduction in performance. The nature of a software patch is that it contains additional instructions for the kernel to carry out and adhere to, so this creates extra work for the operating system.

Whilst the patches for AMD and ARM processors are not affected by this slowdown in performance, Intel processors are going to be significantly affected with estimates of up to a reduction of 5 – 30% in performance. Naturally, any organization that wants to remain competitive needs their technology to be working to its full potential, so the impact of this lag in performance is very troubling in a business sense.

It’s reasonable to assume that older machines, with much less available memory, are likely to be hit hardest by these firmware and software updates. Going forward, new processors by the affected manufacturers are likely to avoid this error during their testing and manufacture thanks to information shared with them by Google, but this isn’t going to help those using PCs suffering the most extreme slowdowns.

However, the performance slowdown for most users is likely to be around 10% and this reduction is unlikely to be noticeable unless your PC has an exceptionally heavy workload. And, most importantly, the slight reduction in processor speed is surely more favorable than having highly sensitive data exposed to malicious parties.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The internet of things (IoT) is getting us connected like never before, but with its increase in popularity, the security challenges are intensifying.

With IoT creating an unprecedented number of connections into our organizations, it’s no surprise that hackers are viewing it as a potential entry point as opposed to traditional routes such as email attachments or USB sticks. And, as IoT is such a new technology, the vast majority of users aren’t as well schooled in the accompanying security challenges.

If you can understand these security challenges, though, you’re maneuvering your organization into a highly advantageous position. You may be wondering what the main security challenges that IoT faces are, so let’s take a look!

  • Updates aren’t always automatic – PC updates never used to be automatic and this used to leave them open to attack. Thankfully, software/hardware manufacturers quickly realized the importance of this and built automatic updates into their products. Although this approach still relies on human compliance to authorize, it’s highly effective. With IoT devices, however, there’s such a rush to bring out new products mean that firmware updates are allocated little priority, so IoT devices can soon become unprotected. 

  • IoT devices are relatively simple – Many IoT devices are limited in their capabilities, be it in terms of storage or memory. Whilst this allows them to remain compact and low cost, it also leads to a lack of room for security. As a result, they become susceptible to security attacks and the chance of adequate encryption being in place is unlikely. Therefore, it’s crucial that extra security steps are put in place such as specific networks with dedicated firewalls to help house these IoT devices. 
  • More devices mean more monitoring – The amount of devices which can make up the IoT is staggering, but it also means that there’s an increased security risk. With all these entry points in your organization’s networks, the amount of data which needs monitoring is going to increase dramatically. And this means that you need to monitor the data coming in and out of your organization much more closely. Leading to increased labour and technology costs, this is one of the most pressing challenges presented by the IoT. 
  • Predicting and preparing for attacks – Advances in technology mean that more and more devices are entering the IoT market which, on one hand, means accessibility for almost anything you can think of is possible but, on the other hand, it’s making threat detection more difficult. Pinpointing exactly how a hacker will abuse an IoT device is difficult – will they use it as a stepping stone into your network? Will they simply misuse the device? Or a bit of both?

These challenges could easily be misinterpreted as a list of reasons why you shouldn’t get involved with the IoT, but this couldn’t be further from the truth. Instead, these are challenges which, if tackled correctly, can help your organization get the best out of the IoT. Sure, there’s going to be a level of investment and new structures to consider, but what price can you put on progress?

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More

1 9 10 11