Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 10 MINUTES AGO.
You are here: Home / Data Security / Cyber Hardware Flaws Studied
Spectre and Meltdown: Cyber Hardware Flaws Studied
Spectre and Meltdown: Cyber Hardware Flaws Studied
By Bill Gertz Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
16
2018
The most frequent cause of malicious cyberattacks is when computer users click on links that result in malware being downloaded onto computer networks.

But another emerging hardware-based cyberthreat is being studied by the Cyber Command and U.S. intelligence community, according to the nominee to head the command and the National Security Agency.

Army Lt. Gen. Paul Nakasone, Cybercom and NSA director nominee, told the Senate Select Committee on Intelligence in written answers that massive hardware vulnerabilities called Spectre and Meltdown are major worries.

"U.S. Cybercom is engaged with the intelligence community, interagency and industry to better understand Spectre and Meltdown vulnerabilities and employ mitigations," Gen. Nakasone stated.

Spectre and Meltdown are vulnerabilities affecting nearly every computer chip made in the past 20 years. They were discovered by security researchers in late 2017 and can be used by hackers to steal data from computers through flaws contained in microprocessors -- the integrated circuits that contain all the functions of a central processing unit of a computer system.

Malicious programs can be used on the two vulnerabilities to extract secrets stored in the memory of running computers that until recently were thought to be safe from such theft. Potential lost data could include passwords stored in password managers or browsers, personal information such as photos, emails and instant messages, and documents.

A Meltdown attack uses a malware program to "melt" security features that protect information designed into all but two Intel processors released since 1995. Patches are available through operating system updates.

Two variants of Spectre affect all Intel, ARM and AMD processors and require hackers to conduct more complex attacks based on a process called "speculative execution," a process used to speed up computer functions. It allows a hacker to trick programs into revealing their secrets and is more difficult to patch than Meltdown.

Gen. Nakasone said Pentagon directives under what is known as the Information Assurance Vulnerability Management program also have begun to address the two vulnerabilities, with Cyber Command helping identify which systems with flaws should be fixed first with solutions provided by vendors and chipmakers.

The Defense Department "will need to continue to follow these developments closely and adjust its approach as the situation warrants," Gen. Nakasone said.

© 2018 Washington Times under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: iStock/Artist's concept.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.