Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

Excellent and Accessible Write-Up on Spectre & Meltdown Vulnerabilities

By itss | 08/01/2018
0 Comment

https://ds9a.nl/articles/posts/spectre-meltdown/

Category: Technology
Post navigation
← Intel CPU Vulnerability MacOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Reddit Launches High Court Challenge To Australia's Under-16s Social Media Ban
    by BeauHD on 12/12/2025 at 1:00 pm

    An anonymous reader quotes a report from the Guardian: Reddit has filed a challenge against Australia's under-16s social media ban in the high court, lodging its case two days after implementing age restrictions on its website. The company said in a Reddit post on Friday that while it agreed with protecting people under 16, the law "has the unfortunate effect of forcing intrusive and potentially insecure verification processes on adults as well as minors, isolating teens from the ability to engage in age-appropriate community experiences." Reddit said there was an "illogical patchwork" of platforms included in the ban. "As the Australian Human Rights Commission put it, 'There are less restrictive alternatives available that could achieve the aim of protecting children and young people from online harms, but without having such a significant negative impact on other human rights.'" Reddit argued it was a forum primarily for adults without the traditional social media features the government has "taken issue with." Reddit was challenging the law on the grounds it infringed on the implied freedom of political communication. It was also seeking to challenge whether Reddit could be considered an age-restricted social media platform under the legislation. It said it was not seeking to challenge the law to avoid compliance, and had implemented age-assurance measures since Wednesday. The company said the vast majority of Redditors were adults, and advertising wasn't targeted to children under 18. The Apple app store age rating for Reddit is 17+. "Despite the best intentions, this law is missing the mark on actually protecting young people online," Reddit said. "So, while we will comply with this law, we have a responsibility to share our perspective and see that it is reviewed by the courts." Read more of this story at Slashdot.

  • SEC Gives DTCC OK to Tokenize Stocks In Move To Blockchain
    by BeauHD on 12/12/2025 at 10:00 am

    The SEC has granted the Depository Trust & Clearing Corp., or DTCC, a no-action letter allowing it to custody and recognize tokenized stocks, ETFs, and Treasuries on approved blockchains for three years. "Although this program is a pilot subject to various operational limitations, it marks a significant incremental step in moving markets onchain," SEC Commissioner Hester Peirce said in a statement. Bloomberg reports: With the permission, DTCC will also extend their record-keeping to the blockchain, Michael Winnike, global head of strategy and market solutions at DTCC Clearing & Securities Services, said in an interview. "It's the same legal entitlement, the same stock that you would hold in your account from the DTCC in traditional form," Winnike said. [...] The SEC's authorization of tokenization services only applies to a specific set of securities that trade often. The approval includes the Russell 1000 index which represents the 1,000 largest publicly traded US companies, as well as exchange-traded funds that track major indices and US Treasury bills, bonds and notes, Winnike said. "This allows us both to create value for the markets, while staying in a pre-defined pool of highly-liquid securities to start," said Winnike. The firm's ultimate aspiration is to add its entire depository, which represents $100 trillion in securities, to the blockchain, a move that would require further expansion of the no-action relief from the SEC, he said. Winnike said the tokenization service will help bridge the traditional and digital worlds in part because the new technology will have the same legal entitlements and controls as traditional markets, including freezing or forced transfers if assets are stolen. "This enables participants to adopt and integrate, because they know there is a trusted party that can recover their securities as needed" and can address potential errors, he said. The new blockchain service will also allow investors to move assets all the time, not just Monday through Friday when traditional markets are open. "That creates a lot of new utility," Winnike said. "It brings the two ecosystems together." Read more of this story at Slashdot.

  • Cadmium Zinc Telluride: The Wonder Material Powering a Medical 'Revolution'
    by BeauHD on 12/12/2025 at 7:00 am

    Cadmium zinc telluride (CZT), a hard-to-manufacture semiconductor produced by only a handful of companies, is enabling a quiet revolution in medical imaging, science, and security by delivering faster scans, lower radiation doses, and far more precise X-ray and gamma-ray detection. "You get beautiful pictures from this scanner," says Dr Kshama Wechalekar, head of nuclear medicine and PET. "It's an amazing feat of engineering and physics." The BBC reports: Kromek is one of just a few firms in the world that can make CZT. You may never have heard of the stuff but, in Dr Wechalekar's words, it is enabling a "revolution" in medical imaging. This wonder material has many other uses, such as in X-ray telescopes, radiation detectors and airport security scanners. And it is increasingly sought-after. Investigations of patients' lungs performed by Dr Wechalekar and her colleagues involve looking for the presence of many tiny blood clots in people with long Covid, or a larger clot known as a pulmonary embolism, for example. The 1-million-pound scanner works by detecting gamma rays emitted by a radioactive substance that is injected into patients' bodies. But the scanner's sensitivity means less of this substance is needed than before: "We can reduce doses about 30%," says Dr Wechalekar. While CZT-based scanners are not new in general, large, whole-body scanners such as this one are a relatively recent innovation. CZT itself has been around for decades but it is notoriously difficult to manufacture. "It has taken a long time for it to develop into an industrial-scale production process," says Arnab Basu, founding chief executive of Kromek. [...] The newly formed CZT, a semiconductor, can detect tiny photon particles in X-rays and gamma rays with incredible precision -- like a highly specialized version of the light-sensing, silicon-based image sensor in your smartphone camera. Whenever a high energy photon strikes the CZT, it mobilizes an electron and this electrical signal can be used to make an image. Earlier scanner technology used a two-step process, which was not as precise. "It's digital," says Dr Basu. "It's a single conversion step. It retains all the important information such as timing, the energy of the X-ray that is hitting the CZT detector -- you can create color, or spectroscopic images." Read more of this story at Slashdot.

  • TerraUSD Creator Do Kwon Sentenced To 15 Years Over $40 Billion Crypto Collapse
    by BeauHD on 12/12/2025 at 3:30 am

    An anonymous reader quotes a report from Reuters: Do Kwon, the South Korean cryptocurrency entrepreneur behind two digital currencies that lost an estimated $40 billion in 2022, was sentenced in New York federal court on Thursday to 15 years in prison for fraud and conspiracy. Kwon, 34, who co-founded Singapore-based Terraform Labs and developed the TerraUSD and Luna currencies, previously pleaded guilty and admitted to misleading investors about a coin that was supposed to maintain a steady price during periods of crypto market volatility. Kwon was one of several cryptocurrency moguls to face federal charges after a slump in digital token prices in 2022 prompted the collapse of a number of companies. [...] Kwon was accused of misleading investors in 2021 about TerraUSD, a so-called stablecoin designed to maintain a value of $1. Prosecutors alleged that when TerraUSD slipped below its $1 peg in May 2021, Kwon told investors a computer algorithm known as "Terra Protocol" had restored the coin's value. Instead, Kwon arranged for a high-frequency trading firm to secretly buy millions of dollars of the token to artificially prop up its price, according to charging documents. "I made false and misleading statements about why it regained its peg by failing to disclose a trading firm's role in restoring that peg," Kwon said in court. "What I did was wrong." He also faces charges in South Korea, and under his plea deal, prosecutors won't oppose his transfer abroad after he serves half of his U.S. sentence. Read more of this story at Slashdot.

  • 97% of Buildings On Earth 3D-Mapped
    by BeauHD on 12/12/2025 at 2:02 am

    Longtime Slashdot reader Gilmoure shares a report from Nature: Scientists have produced the most detailed 3D map of almost all buildings in the world. The map, called GlobalBuildingAtlas, combines satellite imagery and machine learning to generate 3D models for 97% of buildings on Earth. The dataset, published in the open-access journal Earth System Science Data on December 1, covers 2.75 billion buildings, each mapped with footprints and heights at a spatial resolution of 3 meters by 3 meters. The 3D map opens new possibilities for disaster risk assessment, climate modeling and urban planning, according to study co-author Xiaoxiang Zhu, an Earth observation data scientist at the Technical University of Munich in Germany. "Imagine a video game with the world's buildings already mapped in basic spatial dimensions!" writes Gilmoure. Read more of this story at Slashdot.

  • Over 10,000 Docker Hub Images Found Leaking Credentials, Auth Keys
    by BeauHD on 12/12/2025 at 1:25 am

    joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...] Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks. Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress