Blog

A function of Intel's processors dealing with speculative execution has another vulnerability that affects all Intel-based computers including Apple's Mac, researchers have revealed, with "Spoiler" potentially allowing an attacker the ability to view the layout of memory, and in turn potentially access sensitive data stored in those locations. 




The speculative execution function of Intel's processors, used to increase the performance of a CPU by predicting paths an instruction will go through before the branch is completed, is a useful function but one that has caused Intel issues in the past. A new report from security researchers from Worcester Polytechnic Institute and the University of Lubeck published on March 1 indicates there's another issue that needs to be fixed. 

Dubbed "Spoiler," the technique is able to determine how virtual and physical memory is related to each other, by measuring the timing of speculative load and store operations performed by the processor, reports The Register. By spotting discrepancies in the timing, it is possible for an attacker to determine the memory layout, and in turn know areas to attack. 

"The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available," researcher Daniel Moghimi advised to the report. "Physical address bits are security sensitive information and if they are available to user space, it elevates the user to perform other micro architectural attacks." 

Speculative execution typically works by using a memory order buffer to track its operations, by copying data from a CPU register to main memory in the order it appears in code. Data can then be copied from the main memory to a register out of order, which potentially speeds up the overall speed of the operation if the speculative elements are right. 

If they are wrong, the speculative elements are discarded and a normal non-speculative load of data is performed, allowing the instruction to be carried out, but without the performance boost. 

The paper advises the main issue with Spoiler is Intel's performance of memory disambiguation, which tries to prevent computation on data loaded by an incorrect speculation attempt, with its timing behavior being the actual vulnerability. 

By filling the store buffer with addresses using similar offsets but different virtual pages, then issuing a memory load with the same offset on a different memory page, the team measures the time of the load. After performing multiple loads across numerous virtual pages, the timing differences provide clues about the memory locations. 

It is believed by the researchers the technique could make existing cache and "Rowhammer" attacks easier to perform, while at the same time enabling attacks using JavaScript to take seconds to complete, rather than weeks. 

"There is no software mitigation that can completely erase this problem," according to the researchers. While the chip architecture could be fixed, it would considerably cut into the chip's performance. 

Intel was advised about the vulnerability on December 1, 2018, and was disclosed to the public after a typical 90-day grace period. So far, Intel has not issued a CVE number for the problem, with Moghimi speculating the issue is not easily patchable with microcode in an efficient enough manner, and that a patch for the attack vector may take years to produce. 

As it is an issue that affects all Intel Core processors from the first generation onwards to the most recent releases, regardless of operating system, it is almost certain that all Macs are susceptible to attacks that take advantage of the vulnerability. It is unclear if Apple has specifically responded to the issue due to it potentially affecting its macOS-running products. 

The researchers note that ARM and AMD processor cores do not exhibit the same behavior, which means iPhones and iPads are safe from such attacks. 

The speculative execution function was core to the Spectre vulnerabilities found in January 2018, which affected Intel processors as well as ARM-based versions, including both macOS and iOS devices, something which Apple quickly released mitigations to defend against. While similar in this regard, Spoiler functions quite differently from Spectre, and is a completely separate vulnerability. 

"We expect that software can be protected against such issues by employing side channel safe development practices," said Intel regarding Rowhammer-style attacks. "Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

ALL CREDITS GOES TO THE WRITER Malcolm Owen FROM AppleInsider.com

Rainbow Six Siege

About two weeks after the release of Burnt Horizon's Rainbow Six Siege content, Ubisoft shared the official release date for the first additional content dedicated to the fourth year, which provides two new customers and a first Australian map.
 
The comicbook report reviewed the observations and changes that the game has undergone in the past few days based on the opinions of players who have had the opportunity to experience expansion through test servers. The Ambulance System has been modified and minor changes have been made to some characters such as Capitao and Dokkaebi. While jogging.
 
The Burnt Horizon process is officially released on March 6 for PS4, Xbox One and PC devices .

The Division 2

rder to avoid problems and errors in the first part of The Division regarding post-game content, Massive Entertainment decided to review the game The Division 2 after the end of the events with a detailed outline of all upcoming content, including the first Raid mission.
 
The official game account via Twitter posted an image showing the access information to the end of the game, beginning with the Black Tusk, which first appeared in the closed beta and is expected to be the strongest and most lethal faction of the players. Also referred to the invasion or invasion tasks and new stronghold and 5 different layers of Customizations In addition to the first Raid mission called Operation Dark Hours, which takes place at Washington International Airport and has already reviewed the previous game offers.

When is the Rainbow Six Siege Burnt Horizon release date? Ubisoft has settled into a very reliable release cycle for new seasons of content, with the teasers, reveals, test phase, and final release date proving fairly reliable over the past year or two of operations.

A new season of Rainbow Six Siege usually means two new operators – one defender and one attacker – a new map, a significant operator rework, and a haul of balance and quality of life changes. That’s a lot of new Rainbow 6 content for hardcore players to get their hands on every three months, so there’s good reason every new season is highly anticipated. Operation Burnt Horizon will include two operators from the Australian SASR and take players to a new map set across a service station in the Aussie outback.

With the initial teaser for the Australian season and the very first look at both new Rainbow Six Siege operators already out of the way, we’re fairly certain we know the Burnt Horizon release date. Of course if you’ve followed previous Rainbow Six Siege operation launches you’ll know there isn’t a single date for every R6 player, so we’ll also walk you through the expected launch dates for all platforms, as well as the all-important TTS start date.

RAINBOW SIX SIEGE BURNT HORIZON RELEASE DATE

As of Year 4 Season 2, Ubisoft is changing their their usual launch cycle for their operations so that there will be a whopping three week TTS run, however, it’s business as usual for Burnt Horizon. That means a two week run on test servers that will eventually result in a Rainbow Six Siege Burnt Horizon release date of March 5, 2019.

Each new Rainbow Six Siege operation is usually set around the schedule for the Pro League Finals, with the reveal for the season taking place just before the Grand Final on Sunday, 17 February, 2019. The Technical Test Server with the next season of content usually goes live the following Monday or Tuesday, so expect to be able to download Rainbow Six Siege Burnt Horizon if you’re a PC player on 19 February, 2019.

Related: Here are all the details about Rainbow Six Siege Year 4

The testing phase usually lasts for two weeks, at which point the update goes live on PC, before being rolled out to consoles in the subsequent hours. So you’ll be playing Operation Burnt Horizon on PC, PS4, and Xbox One by March 5, 2019.

RAINBOW SIX SIEGE BURNT HORIZON TRAILER

The Burnt Horizon trailer above seems to confirm the leaks we’ve long known about were pretty bang on: the two new ops are Mozzie and Gridlock. The footage also offers a glimpse at Mozzie and Gridlock’s gadgets. Once we get the full reveal at the Six Invitational on February 17, we’ll know if the rest of the Burnt Horizon leaks are just as accurate.

ALL CREDITS GOES TO PCGamesn.com

Rainbow Six Siege

The Six Invitational event was held in Montreal, where it hosted the finals of the Spring Six Siege and a review of the future of the game and the upcoming additions throughout 2019. Although there are many changes in almost all elements, the addition of the Batel Royale phase is not part of the development team's interests.
 
The Gamereactor website interviewed Alexandre Remy, who explained that the Batel Royale will not be available at Rainbow Six Siege because it does not fit the tactical nature of the game. The title is based on the use of rules and methods that are not compatible with the Battle Royale games.
 
The director explained that Siege is influenced by cooperative play with the rest of the team, continuous communication and the importance of destruction and the character of the characters that have been stabilized, which makes it a game of correction unique and different from any other address and developers do not want to risk all these successes in order to follow the current fashion and address the rivalries .

Ads

NoticeNotices