unprecedented-leaks-underscore-deep-discontent-inside-china

Beijing usually takes pride in its tight grip of the information that flows inside and outside of China. However, several recent incidents seem to reveal that Beijing’s iron fist may be losing its grip. Only a week ago, The New York Times reported on the Xinjiang Papers, a 403-page collection of reportedly classified Chinese documents—including speeches by Chinese leader…

35
true-to-its-name,-intel-cpu-flaw-zombieload-comes-shuffling-back-with-new-variant

Intel is once again moving to patch its CPU microcode following the revelation of yet another data-leaking side-channel vulnerability. The same group of university boffins who helped uncover the infamous Spectre and Meltdown flaws say that a third issue, reported back in May under the name ZombieLoad, extends even further into Chipzilla’s processor line than…

36
running-on-intel?-if-you-want-security,-disable-hyper-threading,-says-linux-kernel-maintainer

Linux kernel dev Greg Kroah-Hartman reckons Intel Simultaneous Multithreading (SMT) – also known as hyper-threading – should be disabled for security due to MDS (Microarchitectural Data Sampling) bugs. Kroah-Hartman, who was speaking at the Open Source summit in Lyons, has opened up on the subject before. “I gave a talk last year about Spectre and…

37
all-us-intel-agencies-confirm-no-evidence-of-meddling-in-election,-urge-everyone-to-panic-nonetheless

Let the fearmongering begin… In a joint statement from the alphabet soup of US intel agencies (DOJ, DOD, DHS, DNI, FBI, NSA, and GSA) on ensuring the security of the 2020 elections, officials would like you to know that while there is no current evidence of any threats, “foreign malicious actors” are out there hating…

36
running-on-intel?-if-you-want-security,-disable-hyper-threading,-says-linux-kernel-maintainer

Linux kernel dev Greg Kroah-Hartman reckons Intel Simultaneous Multithreading (SMT) – also known as hyper-threading – should be disabled for security due to MDS (Microarchitectural Data Sampling) bugs. Kroah-Hartman, who was speaking at the Open Source summit in Lyons, has opened up on the subject before. “I gave a talk last year about Spectre and…

36
intel-panel-republicans-press-vindman-to-identify-whistleblower

 | October 29, 2019 02:00 PM Congressional Republicans who questioned Army Lt. Col. Alexander Vindman during private testimony in the House Intelligence Committee repeatedly tried to push the White House official to reveal the name of the whistleblower whose complaint sparked impeachment proceedings into President Trump, but Vindman insisted he did not know. “What the…

36
intel-community-quietly-scrapped-requirement-for-“first-hand-knowledge”-before-cia-‘rumorblower’-relied-on-hearsay

In the months leading up to a CIA whistleblower’s hearsay complaint about President Trump’s July 25 phone call with Ukrainian President Volodymyr Zelensky, the US intelligence community quietly eliminated a requirement that whistleblowers must provide first-hand knowledge of alleged wrongdoings, according to The Federalist’s Sean Davis.  Then, on September 24 – days before the anti-Trump was declassified and released to the public – a…

36
the-netcat-is-out-of-the-bag:-intel-chipset-exploited-to-sniff-ssh-passwords-as-they’re-typed-over-the-network

Video It is possible to discern someone’s SSH password as they type it into a terminal over the network by exploiting an interesting side-channel vulnerability in Intel’s networking technology, say infosec gurus. In short, a well-positioned eavesdropper can connect to a server powered by one of Intel’s vulnerable chipsets, and potentially observe the timing of…

41
shhh!-microsoft,-intel,-google-and-more-sign-up-to-the-confidential-computing-consortium

You can make your own joke about foxes and hen houses… The Linux Foundation has signed up the likes of Microsoft and Google for its Confidential Computing Consortium, a group with the laudable goal of securing sensitive data. The group – which also includes Alibaba, Arm, Baidu, IBM, Intel, Red Hat, Swisscom and Tencent –…

38
intel:-listen-up,-you-nuc-leheads!-mini-pcs-and-compute-sticks-just-got-a-major-security-fix

Chipzilla patches firmware, drivers, SDKs Hot on the heels of Patch Tuesday fixes from Microsoft, Apple, Adobe, and SAP, Intel has dropped its monthly security bundle to address a series of seven CVE-listed vulnerabilities in its firmware and software. The most serious of the seven is the patch for CVE-2019-11162, a vulnerability in the Intel…

38