Feedbox
ГлавнаяBlog
НовыеЛучшиеОбсуждаемыеКомментарииУчастники сайта
Рубрики
cookingКулинарияfamilyДети и семьяshowШоу-бизнесpoliticsПолитикаhealthЗдоровье
Моя лента
ЧАТЫЧАТЫОпросыОпросыБлогерыБлогерыГлас народаГлас народаПопулярноеПопулярноеОбсуждаемоеОбсуждаемое
Мессенджер МТО компанииО компанииО редакции ГлагоLО редакции ГлагоLНовостиНовостиПартнерамПартнерамРекламодателямРекламодателямОбратная связьОбратная связьПожаловаться на спамПожаловаться на спамСоглашениеСоглашениеРекомендательные технологииРекомендательные технологии

На информационном ресурсе применяются рекомендательные технологии (информационные технологии предоставления информации на основе сбора, систематизации и анализа сведений, относящихся к предпочтениям пользователей сети "Интернет", находящихся на территории Российской Федерации)

Feedbox

12 подписчиков

How to Protect Your PC From the Intel Foreshadow Flaws

Author: Chris Hoffman / Source: howtogeek.com

Foreshadow, also known as L1 Terminal Fault, is another problem with speculative execution in Intel’s processors. It lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn’t crack.

What is Foreshadow?

Specifically, Foreshadow attacks Intel’s Software Guard Extensions (SGX) feature.

This is built into Intel chips to let programs create secure “enclaves” that can’t be accessed, even by other programs on the computer. Even if malware were on the computer, it couldn’t access the secure enclave—in theory. When Spectre and Meltdown were announced, security researchers found that SGX-protected memory was mostly immune to Spectre and Meltdown attacks.

There are also two related attacks, which the security researchers are calling “Foreshadow – Next Generation,” or Foreshadow-NG. These allow access to information in System Management Mode (SMM), the operating system kernel, or a virtual machine hypervisor. In theory, code running in one virtual machine on a system could read information stored in another virtual machine on the system, even though those virtual machines are supposed to be completely isolated.

Foreshadow and Foreshadow-NG, like Spectre and Meltdown, use flaws in speculative execution. Modern processors guess the code they think might run next and preemptively execute it to save time. If a program tries to run the code, great—it’s already been done, and the processor knows the results. If not, the processor can throw the results away.

However, this speculative execution leaves some information behind. For example, based on how long a speculative execution process takes to perform certain types of requests, programs can infer what data is in an area of memory—even if they can’t access that area of memory. Because malicious programs can use these techniques to read protected memory, they could even access data stored in the L1 cache. This is the low-level memory on the CPU where secure cryptographic keys are stored. That’s why these attacks are also known as “L1 Terminal Fault” or L1TF.

To take advantage of Foreshadow, the attacker just needs to be able to run code on your computer. The code doesn’t require special permissions—it could be a standard user program with no low-level system access, or even software running inside a…

Click here to read more

The post How to Protect Your PC From the Intel Foreshadow Flaws appeared first on FeedBox.

Ссылка на первоисточник
Foreshadow
How To
Intel
наверх