Homepage / Technology / Own a Mac, PC or smartphone? A major security flaw means you need to do this now
Menyelami Dunia Slot Thailand: Keseruan dan Peluang Kemenangan Besar Menyelami Dunia Slot Thailand: Pengalaman Bermain yang Tak Terlupakan Najlepsze kasyna bez depozytu 2025 Promozioni effettive di 22Bet in Italia Отзывы о казино Stake от реальных игроков 2025 о выплатах и игре Cassinos legais no Brasil: novas regras e melhores sites 1xbet 보너스 받는법 및 출금 롤링조건 등 사용법 총정리 온라인카지노 Kr Your Current Reliable Partner Regarding Tent Manufacturing Online Kaszinó Játékok És Élő Kaszinó Játékok Find the right person: tips for effective singles dating over 60 Gamification : la limite entre jeu vidéo et casino en ligne se brouille Ufc 302 Gdzie Oglądać Za Darmo I Na Żywo? 2 06 24 ‎Casino ua online casino club on the App Store 1xbet تسجيل الدخول للجوال قم بتسجيل الدخول إلى حساب 1xbet الخاص بك “원엑스벳1xbet 프로모션 코드 2024: Jbmax Vip! Sweet Bonanza Ücretsiz Demonstration İle Oyun Deneyimi Verde Kaszinó: Új Kaszinó Oldal Rendkívüli Bónuszokkal! Türkiye Casino Sitelerinin Adresi 2024 En Iyi Türk Online Casino En Güncel Ve Güvenilir On Line Casino Ve Bahis Sitelerinin Adresi 2024 Listesi 1xbet 모바일 앱-어플 2024, 버전, 다운로드, 설치, Ios, 안 Diocesan Development Services To The Particular North Karamoja Dds-n Sai Dwaraka In Nessun Caso Tours & Travels Pin-up On Line Casino Türkiye En İyi Canlı Casino Oyunları Ve Slot Makineleri Strategies for making a bisexual woman feel very special and loved Diamond Casino Heist The Big Disadvantage Walkthrough Play 17, 800+ Cost-free Us Online On Line Casino Games No Get” Jouez au casino en ligne numéro un dans le monde 1xbet Login Guide » The Way To Sign Inside To Your 1xbet Account 2024 Better United kingdom Casinos One Undertake Credit card 1вин Бесплатно нет Регистрации Играть и Игровые Автоматы 1win Top Tips For Just How To Beat Slot Machines: Become A New Winner! 원엑스벳 도메인 주소 1xbet 우회접속 가입방법 안내 토크 Deneme Bonusu ile Ücretsiz Oyun Deneyimi Bahis Dünyasında Sıkça Yapılan Hatalar ve Çözümleri 1win Мобильное Приложение На Ios И Android бесплатно Скачать Ücretsiz Slot Oyunları Silvergames’te Çevrimiçi Oynayın ️ Επίσημη Ιστοσελίδα Στην Ελλάδα Casino Bahis Siteleri Ara 2024 Yasal Casinoların Listesi ️” Türkiye’nin En İyi Bahis Şirketi Ve On-line Casino 짱구카지노 공식 평생 도메인 주소 Demo Slot Sweet Bonanza’yı Oynayın: Arkadaşlarınızla Eğlenceli Anlar Yaşayın Meet sexy milfs who’re selecting fun 1вин Игровые Слоты Казино Играть Бесплатно Без Регистрации 1вин Игровые Слоты Казино Играть Бесплатно Без Регистрации لماذا يجذب كازينو 1xbet كبار اللاعبين المصريين؟ 1xbet 독점 프로모션 코드 2024년 1월: Xnumxxcompletesports 1xbet 독점 프로모션 코드 2024년 1월: Xnumxxcompletesports

Taya365 Casino Login⁚ A Comprehensive Guide

Isle Gambling Establishment Hotel Black Hawk Now Under Horseshoe Brand, Changes Label” Top True Money Casino Apps For 2025: Twelve Best Online Casinos Resmi Sitesi Çevrimiçi Oyna, Para İle Oyna 6 Ways To Start An Online Casino تنزيل تطبيق 1xbet قم بتثبيت تطبيق 1xbet للهاتف المحمول Get ready for the ultimate craigslist sex experience Stake Casino Russia официальный Сайт Для Онлайн Игр И Бонусов “bukmacherskie Zakłady Sportowe Najlepsze Oferty W Ggbet Sports Welcome on ultimate dating platform for ssbbw lesbians 1вин Казино ᐉ Вход а Регистрация На 1win Официальный Сайт 1win Encouraged Bonuses As Well As How To Work With Them In Bangladesh 1win Encouraged Bonuses As Well As How To Work With Them In Bangladesh 1win: Spor Bahisleri Ve Internet Casino Bonus 500% Glory Casino On-line ️ Play With The Authorized Web Site In Bangladesh Тотал В Ставках На Спорт%3A не Такое И только Рассчитать Ставка Tv Mostbet Türkiye: En Iyi Oranlar Ve Spor Bahisleri Καζίνο Και Στοιχηματική Σε Έναν Ιστότοπο “1xbet App 1xbet Cellular ᐊ تنزيل 1xbet Apk Android و Iphone ᐊ 1xbet Com Get started on mature sex dating sites now “horseshoe Casino Baltimore Wikipedia Judi Online, Kenali Bahaya, Ciri-Ciri Kecanduan, dan Penanganannya Cassino Apresentando Bônus De Boas-vindas: Veja As Opções Disponíveis Casino Mostbet ᐈ Oficiální Stránky Online Kasin V České Republice Casino E Apostas Desportivas No Brasil Bônus 5000 Brl No Depósito Entrar Beginner’s Explained Casino Wagering: Tips & Strategies Beginner’s Explained Casino Wagering: Tips & Strategies Лучшие Букмекерские Конторы Онлайн Рейтинг Бк 2024 “Slot Machine Nedir? Türkiye’deki Çevrimiçi Slot Rehberi Keep Everything You Win At Usa No First Deposit Casinos “roleta Online Jogos De Roleta Virtual » Betfair Casino Лучшие Онлайн Казино Рейтинг Топ 10 Для Игры На 2024 день” 1xbet 보너스 사용법 알아보기 메인 계정과 보너스 계정의 차이 코리아벳 برنامج المراهنات الرياضية تحميل التطبيق العميل Eg 1xbet Com Коэффициенты Букмекеров%3A Что Такое же Как Рассчитать в Ставках На Спорт Лучшие Букмекерские Конторы Рейтинг Букмекеров Топ Бк 2024 Онлайн Ставки на Спорт Лучшие Букмекерские Конторы Рейтинг Букмекеров Топ Бк 2024 Онлайн Ставки на Спорт Mostbet Türkiye Çevrimiçi Kumarhane Mostbet Casino “топ Приложений Для Ставок На Спорт 2024%3A Букмекеры На Android И Ios “How To Play Roulette: Rules & Betting Как 1win Обзор Удовлетворяет Разнообразные Потребности Пользователей Os 15 Melhores Sites De Apostas Esportivas Gates of Olympus’ýn Slot Oyunlarýnda En Büyük ve Çarpýcý Ödüller Gates of Olympus ile En Ýyi, Karlý ve Avantajlý Kazanç Fýrsatlarý Gates of Olympus’ýn En Popüler ve Ödüllü Makineleri Největší Image Hazardu V Evropě: Proslulé Kasino Versus Monte Carlu Láká Na Neobyčejnou Atmosféru” Jak znaleźć legalne kasyno online? Mostbet Tr Resmî Net Sitesinde Giriş Empieza Kayıt Olm Our Cms Play 17, 800+ Totally Free Us Online Online Casino Games No Download” The Benefits of Learning a Second Language “australia’s #1 Online Gambling Establishment Guide 2024 Kde Sony Ericsson Natáčel Film On Line Casino Roya Leon Casino Έως 1 500 Ανά Κατάθεση! 6 Best Gay Online Dating Sites (2023) – Join 100% Totally Free LGBTQ+ Programs! 1win: Casino Ve Bahisçi Resmi Web Sitesi 2024, Online Spor Bahisleri, 1win Giriş” 4 Ways To Beat The Slots Лучшие Игровые Автоматы Онлайн%3A Играйте желающим В Казино Start your hookup journey with sugar mummies now

Technology

Own a Mac, PC or smartphone? A major security flaw means you need to do this now

SAN FRANCISCO — Apple says all of its Macs, iPhones and iPads contain a security flaw that requires an update. It’s not alone. Any owner of a PC, tablet or smart phone should make sure that automatic software updates for their operating systems are enabled after security researchers this week revealed a broad flaw in Intel and other chips that could allow hackers to access data previously thought to be secure.

What you should do about it?

More from USA Today:
Apple to issue fix against chip flaw risk
5G: What is it? What does it mean for your smartphone?
Smartphones don’t work well in the bitter cold, but there’s an easy fix

Every major software company has been pushing out updates to fix the problem. Make sure you allow your computers and phones to automatically install software updates and patches as they are released. These will likely be modified as companies craft the best work-arounds, so it’s not likely to be a one-time deal — update early and often!

Those on Microsoft products will needs to first determine which version of the Windows operating system they are running, then run a query on the Microsoft support siteasking “update Windows” along with the version they’re running.

Apple products will automatically update themselves, or at least prompt users to update them.

Google Chromebooks self update. Many, but not all, phones running the Android operating system also do, or will ask if the user wants their operating system updated. You can also go to the settings app on the phone, tap About Device and then tap System Updates to see if an update is available.

Many security companies are suggesting users also make sure their security software is up to date. As soon as hackers create code to use this new flaw, security software will help flag and possibly stop them.

Potentially everything that’s got a central processing unit or CPU, which means PCs, Macs, laptops, smart phones and tablets. But patches are coming fast and furious.

Microsoft has already pushed out a patch for Windows 10 and other Windows versions will be updated on Tuesday, January 9. If you have auto updates enabled, you should get this upgrade.

Apple on Thursday said that it has already released patches in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown, and that Apple Watch is not affected by Meltdown. The upgrades come via auto updates.

The company plans to release mitigations in Safari to help defend against Spectre “in the coming days,” it said in a blog. The company also said it will continue to develop and test further patches for future updates of its operating system.

Google has published a list of all its devices and software that might need updates and what users have to do to install them, though many (like Chromebooks) will self install.

Amazon’s AWS cloud computing service expected all its computing systems to be patched by the end of the day Wednesday. Customers were also told to patch their operating systems to be fully secured.

Intel, which makes most of the chips used in PCs, is the most heavily affected. It said Thursday it has already issued updates for the majority of CPUs — the chips that handle the instructions a computer receives from hardware and software, sometimes known as the “brain” of the computer — introduced within the past five years. By the end of next week it expects to have issued updates for more than 90% of processors introduced within the past five years.

Chip-maker Advanced Micro Devices, whose products are mostly used in corporate server computers and personal computers, originally said it didn’t believe its products were at risk for the flaw. It has since updated that to say that one of the potential attacks could be used on some of its chips. It encouraged its customers to use safe computing practices, including “not clicking on unrecognized hyperlinks, following strong password protocols, using secure networks, and accepting regular software updates.”

ARM, whose chips are primarily used in smart phones and electronic devices such as e-readers, televisions, cable boxes and cars, said that only a small subset of its chips were vulnerable and listed them on its website. It has also published a technical paper outlining how the flaws can be mitigated.

There are actually two exploitable flaws, though they’re related. They have been given the James Bond-esque names Meltdown and Spectre. Both use what’s known as a side-channel analysis attack. Basically, malicious code can be written that allows an attacker to see information stored in what was previously believed to be a secure portion of a computer’s central processing unit, or CPU.

It’s something no one had realized was an issue for 20-some years. Back in the early 1990s, in an effort to speed up computer processing, computer chip engineers hit on the idea of letting computers guess at what data would be needed next. It was called “speculative execution.” It’s something like a salesperson who sees a man pick out a pair of slacks in a store and so grabs a belt and a jacket that match because they might be what he looks for next.

In the computer, it could be that you go to the banking section of your password management program. The speculative execution function then pulls all your banking passwords into the protected memory portion of the CPU because it’s making a good guess you’ll ask for that next.

Meltdown allows full access to the protected memory space, so it’s potentially more dangerous. It appears to only affect Intel chips manufactured since 1995.

Spectre allows malicious code to trick access random portions of the protected memory. It is believed to affect processors made by Intel, Advanced Micro Devices and ARM.

The real issue is that the flaws allow cyber criminals a new set of tools to steal passwords and other critical data.

“The scope impacts a large set of the computing devices that we rely on, from PC to phones and back-end services consumers rely upon, such as servers and the cloud,” said McAfee chief technology officer Steve Grobman.

The exploit could allow an attacker to open a window that let’s them look at what’s being rolled into and out of that protected memory space, says Atiq Raza, chairman and CEO of Virsec Systems, Inc and the former president of AMD. Depending how long the hackers can keep the window open “they could see a very significant amount of data scroll by. Even if it’s just for a few seconds, a humongous amount of information could go through,” he said.

An excellent question, which hasn’t been answered yet.

The flaws were discovered over the last several months independently by several teams, including Google’s Project Zero security team, researchers at Graz University of Technology in Austria, the University of Adelaide in Australia and the universities of Pennsylvania and Maryland, along with researchers at security firms Cyberus Technology, Rambus and Data61.

The researchers alerted chip and software companies, which began writing patches and fixes. Everything was supposed to be announced on January 9th.

As companies started to make changes to their software to allow them to implement the patches, security researchers noticed something was going on. This created buzz in the broader computer security community. When the security news site The Register published a story on January 2, it became impossible to wait and Intel and Google went public with the information.

Not that we know of. It’s a very complex and rarified attack and one that until a few months ago no one even realized was possible. That said, exploiting this bug wouldn’t leave traces so it’s difficult to know if it’s being used “in the wild,” as security researchers say.

But the race is now on, says Tony Cole, vice president of global government and critical infrastructure with computer security company FireEye. “I’m sure everybody on the attacker side is busy reading everything that’s out and trying to figure out how to use this. It’s being worked on as we speak.”

Source: Tech CNBC
Own a Mac, PC or smartphone? A major security flaw means you need to do this now

Comments are closed.