Comments
Critical Microprocessor Flaws Affect Nearly Every Machine
Newest First  |  Oldest First  |  Threaded View
MelBrandle
50%
50%
MelBrandle,
User Rank: Apprentice
7/18/2018 | 10:13:28 PM
Re: Simple Solution
This is highly worrying but somehow rather expected too. As long as you are connected to the internet, your device remains in a vulnerable state. You can install preventive softwares but they can only do so much. Let's just hope the sensitive data that you have remains safe with the latest upgrades that you need to regularly update to avoid becoming an easy target.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/5/2018 | 8:33:12 AM
Simple Solution
I read this morning that there is a simple solution here and it is so in theory.  REPLACE EVERYTHING.  With what i do not know but JUST REPLACE EVERY COMPUTER EVERYWHERE.  Remember too we are talking servers, data center machines, peripherals --- just replace.  Consider the impact!!!!!!   And if you accept this premise --- replace with, eh ---- WHAT precisely?????  No new technologies that I have heard of discussed so far.  Just PATCH PATCH AND PATCH and be careful out there. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/4/2018 | 2:26:09 PM
Re: Something missing from article
Agree - and many patches are due to be released by damn near everybody so I can see a trend that any software that accesses the processor (define now - everything) can be a source of penetration.  What really disturbs me (my 8088 rants aside) is that it has taken YEARS for somebody to notice this one.  We now have decade or longer vulnerability ranges which is terrifying.  
RalphDaly28
50%
50%
RalphDaly28,
User Rank: Apprentice
1/4/2018 | 1:03:18 PM
Something missing from article
What I havent' seen explictly in the articles I have read about this is the nature of the programs that can execute this attack. For instance, can viewing a web page execute the attack? Or does it require that an actual EXE be executed on the machine? The reports I have seen so far imply that it an attack would require a program to execute on an affected machine. But it is implied only.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/4/2018 | 10:57:12 AM
Re: Something to be said for the 8088
Asking alot of this community, but there was some really fun stuff for that ancient sys.  KINGDOM OF KROZ and variants were wonderful games.  The screen MENU programs were delightful in simplicity and I sitll enjoyed old Word Perfect 4.2 as well.  How many of us cut our teeth on LOTUS 1-2-3.  You could do great stuff on these old platforms. 
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
1/4/2018 | 10:38:31 AM
Something to be said for the 8088
I am sorry to an extent that I no longer own my trusty clone IBM XT system, that 8088 was indeed secure and back in 1985 malware written for DOS 6.22 was indeed rare.  Internet barely exists and I used Compuserve (EasyPlex email) to communicate with the outside world.  Inter-system connect was through PROCOMM (ah, there was a good product).   Times change and not necessarily for the better. 


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16470
PUBLISHED: 2018-11-13
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
CVE-2018-16471
PUBLISHED: 2018-11-13
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to a...
CVE-2018-6980
PUBLISHED: 2018-11-13
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they...
CVE-2018-17614
PUBLISHED: 2018-11-13
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from th...
CVE-2018-8009
PUBLISHED: 2018-11-13
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.