Pink Iguana

Home » Uncategorized » Check in with Spectre and Meltdown

Check in with Spectre and Meltdown


Ryan Whitwam, 30 Jan 2018, ExtremeTech, Emergency Windows Update Removes Intel’s Buggy Spectre Patch, here. Torvalds is not a fan, here.

The fallout from the Spectre and Meltdown CPU vulnerabilities continue to send ripples through the technology industry, and Intel is suffering more than most. Its chips were vulnerable to all three variants of these attacks, and its fixes have been heavily criticized for introducing new bugs and doing a poor job of protecting users. Now, Microsoft has issued a rare out-of-cycle patch for Windows systems that removes Intel’s Spectre patch. That has to be embarrassing for Intel.

When we talk about the attack “variants” we’re referring to specific vulnerabilities. Variant 3 is Meltdown, and Variant 1 and Variant 2 are Spectre. Of these three, Variant 2 (CVE-2017-5715) is proving to be quite difficult to pin down for Intel. This Spectre variant is what’s known as a branch target injection, which could allow an attacker to execute arbitrary code on a system. Needless to say, that’s a very bad thing.

Lucian Armasu, 14 Feb. 2018, tom’s HARDWARE, Intel Expands Bug Bounty Program to Include Side-Channel Attacks, here.

New updates to the Intel Bug Bounty program include:

  • Shifting from an invitation-only program to a program that is open to all security researchers, significantly expanding the pool of eligible researchers.
  • Offering a new program focused specifically on side channel vulnerabilities through Dec. 31, 2018. The award for disclosures under this program is up to $250,000.
  • Raising bounty awards across the board, with awards of up to $100,000 for other areas.

More details about the program can be found at Intel’s security site or its HackerOne page. Intel also promised to further evolve the program to more effectively fulfill its security-first pledge.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: