Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

Excellent and Accessible Write-Up on Spectre & Meltdown Vulnerabilities

By itss | 08/01/2018
0 Comment

https://ds9a.nl/articles/posts/spectre-meltdown/

Category: Technology
Post navigation
← Intel CPU Vulnerability MacOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Most Earth-Like Planet Yet May Have Been Found Just 40 Light Years Away
    by EditorDavid on 14/09/2025 at 2:34 pm

    One of the worlds in the TRAPPIST-1 system, a mere 40 light-years away, just might be clad in a life-supporting atmosphere," reports ScienceAlert. "In exciting new JWST observations, the Earth-sized exoplanet TRAPPIST-1e shows hints of a gaseous envelope similar to our own, one that could facilitate liquid water on the surface." Although the detection is ambiguous and needs extensive follow-up to find out what the deal is, it's the closest astronomers have come yet in their quest to find a second Earth... [T]he first step is finding exoplanets that are the right distance from their host star, occupying a zone where water neither freezes under extreme cold nor evaporates under extreme heat. Announced in 2016, the discovery of the TRAPPIST-1 system was immediately exciting for this reason. The red dwarf star hosts seven exoplanets that have a rocky composition (as opposed to gas or ice giants), several of which are bang in the star's habitable, liquid water zone... Red dwarf stars are also much more active than Sun-like stars, rampant with flare activity that, scientists have speculated, may have stripped any planetary atmospheres in the vicinity. Closer inspections of TRAPPIST-1d, one of the other worlds in the star's habitable zone, have turned up no trace of an atmosphere. But TRAPPIST-1e is a little more comfortably located, at a slightly greater distance from the star... [T]he spectrum is consistent with an atmosphere rich in molecular nitrogen, with trace amounts of carbon dioxide and methane. This is pretty tantalizing. Earth's atmosphere is roughly 78 percent molecular nitrogen. If the results can be validated, TRAPPIST-1e might just be the most Earth-like exoplanet discovered to date. That is not a small if, though. Luckily, more JWST observations are in the pipeline, and the researchers should be able to validate or rule out an atmosphere very soon. After analyzing four transits of TRAPPIST-1e across TRAPPIST-1, "We are seeing two possible explanations," says astrophysicist Ryan MacDonald of the University of St Andrews in the UK. "The most exciting possibility is that TRAPPIST-1e could have a so-called secondary atmosphere containing heavy gases like nitrogen. "But our initial observations cannot yet rule out a bare rock with no atmosphere..." Astrophysicist Ana Glidden of MIT led the second team interpreting the results, and says "We are really still in the early stages of learning what kind of amazing science we can do with Webb. It's incredible to measure the details of starlight around Earth-sized planets 40 light-years away and learn what it might be like there, if life could be possible there." "We're in a new age of exploration that's very exciting to be a part of." Read more of this story at Slashdot.

  • Facebook Begins Sending Settlement Payments from Cambridge Analytica Scandal Soon
    by EditorDavid on 14/09/2025 at 11:34 am

    "Facebook users who filed a claim in parent company Meta's $725 million settlement related to the Cambridge Analytica scandal may soon get a payment," reports CNN, since "on August 27, the court ordered that settlement benefits be distributed." It's been over two years since Facebook users were able to file claims in Meta's December 2022 settlement. The class-action lawsuit began after the social media giant said in 2018 that as many as 87 million Facebook users' private information was obtained by data analytics firm Cambridge Analytica... Meta was accused of allowing Cambridge Analytica and other third parties, including developers, advertisers and data brokers, to access private information about Facebook users. The social media giant was also accused of insufficiently managing third-party access to and use of user data. Meta did not admit wrongdoing as part of the settlement. Following the Cambridge Analytica incident, Facebook restricted third-party access to user data and "developed more robust tools" to inform users about how data is collected and shared, according to court documents... Any US Facebook user who had an active account between May 24, 2007, and December 22, 2022, was eligible to file a claim, even if they have deleted the account. The deadline to file was August 25, 2023. Almost 29 million claims were filed and about 18 million were validated as of September 2023, according to Meta's response in a 2024 legal document... Payments will either be sent directly to the bank account provided on the claim form, or via PayPal, a virtual prepaid Mastercard, Venmo or Zelle. Unsuccessful or expired payments will receive a "second chance email" to update the payment method. Read more of this story at Slashdot.

  • Thieves Busted After Stealing a Cellphone from a Security Expert's Wife
    by EditorDavid on 14/09/2025 at 7:34 am

    They stole a woman's phone in Barcelona. Unfortunately, her husband was security consultant/penetration tester Martin Vigo, reports Spain's newspaper El Pais. "His weeks-long investigation coincided with a massive two-year police operation between 2022 and 2024 in six countries where 17 people were arrested: Spain, Argentina, Colombia, Chile, Ecuador, and Peru...." In Vigo's case, the phone was locked and the "Find my iPhone" feature was activated... Once stolen, the phones are likely wrapped in aluminum foil to prevent the GPS from tracking their movements. "Then they go to a safe house where they are gathered together and shipped on pallets outside of Spain, to Morocco or China." This international step is vital to prevent the phone from being blocked if the thieves try to use it again. Carriers in several European countries share lists of the IMEIs (unique numbers for each device) of stolen devices so they can't be used. But Morocco, for example, doesn't share these lists. There, the phone can be reconnected... With hundreds or thousands of stored phones, another path begins: "They try to get the PIN," says Vigo. Why the PIN? Because with the PIN, you can change the Apple password and access the device's content. The gang had created a system to send thousands of text messages like the one Vigo received. To know who to target with the bait message, the police say, "the organization performed social profiling of the victims, since, in many cases, in addition to the phone, they also had the victim's personal belongings, such as their ID." This is how they obtained the phone numbers to send the malicious SMS... Each victim received a unique link, and the server knew which victim clicked it... With the first click, the attackers would redirect the user to a website they believed was credible, such as Apple's real iCloud site... [T]he next day you receive another text message, and you click on it, more confidently. However, that link no longer redirects you to the real Apple website, but to a flawless copy created by the criminals: that's where they ask for your PIN, and without thinking, full of hope, you enter it... "The PIN is more powerful than your fingerprint or face. With it, you can delete the victim's biometric information and add your own to access banking apps that are validated this way," says Vigo. Apple Wallet asks you to re-authenticate, and then everything is accessible... In the press release on the case, the police explained that the gang allegedly used a total of 5,300 fake websites and illegally unlocked around 1.3 million high-end devices, about 30,000 of them in Spain. Vigo tells El Pais that if the PIN doesn't unlock the device, the criminal gang then sends it to China to be "dismantled and then sent back to Europe for resale. The devices are increasingly valuable because they have more advanced chips, better cameras, and more expensive materials." To render the phone untraceable in China, "they change certain components and the IMEI. It requires a certain level of sophistication: opening the phone, changing the chip..." Read more of this story at Slashdot.

  • Is Perl the World's 10th Most Popular Programming Language?
    by EditorDavid on 14/09/2025 at 3:34 am

    TIOBE attempts to calculate programming language popularity using the number of skilled engineers, courses, and third-party vendors. And the eight most popular languages in September's rankings haven't changed since last month: 1. Python 2. C++ 3. C 4. Java 5. C# 6. JavaScript 7. Visual Basic 8. Go But by TIOBE's ranking, Perl is still the #10 most-popular programming in September (dropping from #9 in August). "One year ago Perl was at position 27 and now it suddenly pops up at position 10 again," marvels TIOBE CEO Paul Jansen. The technical reason why Perl is rated this high is because of its huge number of books on Amazon. It has 4 times more books listed than for instance PHP, or 7 times more books than Rust. The underlying "real" reason for Perl's increase of popularity is unknown to me. The only possibility I can think of is that Perl 5 is now gradually considered to become the real Perl... Perl 6/Raku is at position 129 of the TIOBE index, thus playing no role at all in the programming world. Perl 5 on the other hand is releasing more often recently, thus gaining attention. An article at the i-Programmer blog thinks Perl's resurgence could be from its text processing capabilities: Even in this era of AI, everything is still governed by text formats; text is still the King. XML, JSON calling APIs, YAML, Markdown, Log files..That means that there's still need to process it, transform it, clean it, extract from it. Perl with its first-class-citizen regular expressions, the wealth of text manipulation libraries up on CPAN and its full Unicode support of all the latest standards, was and is still the best. Simply there's no other that can match Perl's text processing capabilities. They also cite Perl's backing by the open source community, and its "getting a 'proper' OOP model in the last couple of years... People just don't know what Perl is capable of and instead prefer to be victims of FOMO ephemeral trends, chasing behind the new and shiny." I'd be curious what Slashdot's readers say. (Share your experiences in the comments if you're still using Perl -- or Raku...) Perl's drop to #9 means Delphi/Object Pascal rises up one rank, growing from 1.82% in August to 2.26% in September to claim September's #9 spot. "At number 11 and 1.86%, SQL is quite close to entering the top 10 again," notes TechRepublic. (SQL fell to #12 in June, which the site speculated was due to "the increased use of NoSQL databases for AI applications.") But TechRepublic adds that the #1 most popular programming language (according to TIOBE) is still Python: Perl sits at 2.03% in TIOBEâ(TM)s proprietary ranking system in September, up from 0.64% in January. Last year, Perl held the 27th position... Pythonâ(TM)s unstoppable rise dipped slightly from 26.14% in August to 25.98% in September. Python is still well ahead of every other language on the index. Read more of this story at Slashdot.

  • 'Dragonfly' Mission to Saturn's Moon Titan: Behind Schedule, Overbudget, Says NASA Inspector General
    by EditorDavid on 14/09/2025 at 1:34 am

    After its six-year journey to Saturn's moon Titan, Dragonfly's rotorcraft lander "will fly like a large drone," explains its web page, spending three years sampling multiple landing sites to characterize Titan's habitability and look for "precursors of the origin of life." "However, the project has undergone multiple replans impacting cost and schedule, resulting in a life-cycle cost increase of nearly $1 billion and over 2 years of delays," according to an announcement from NASA's Inspector General. From the Inspector General's report: The cost increase and schedule delay were largely the result of NASA directing [Johns Hopkins University] Applied Physics Laboratory to conduct four replans between June 2019 and July 2023 early in Dragonfly's development. Justifications for these replans included the COVID-19 pandemic, supply chain issues, changes to accommodate a heavy-lift launch vehicle, projected funding challenges, and inflation." But its higher-than-expected life-cycle cost over $3 billion "will continue to absorb an increasing proportion of the Planetary Science Division's total budget," meaning Dragonfly's increased cost (and "additional budget constraints") have "contributed to a gap of at least 12 years in New Frontiers [planetary science] mission launches, and will jeopardize future priorities outlined in the National Academies of Sciences, Engineering, and Medicine's (National Academies) decadal surveys." Yet a NASA press release notes the mission "has cleared several key design, development and testing milestones and remains on track toward launch in July 2028." Its software-defined radio has been completed, and the part of the spectrometer which analyzes Titan's chemical components for "potentially biologically relevant" compounds (as well as structural and thermal testing of the lander's insulation). "The mission is scheduled to launch in July 2028 on a SpaceX Falcon Heavy launch vehicle from NASA's Kennedy Space Center in Florida." Thanks to long-time Slashdot reader schwit1 for spotting this news on the space/science blog "Behind the Black". Read more of this story at Slashdot.

  • More Return-to-Office Crackdowns, with 61.7% of Employees Now in Office Full-Time
    by EditorDavid on 13/09/2025 at 11:18 pm

    Paramount and Comcast's NBCUniversal are joining Microsoft in telling employees "they could face consequences if they don't return to the office more frequently," reports the Washington Post: NBCUniversal sent a memo to its employees telling them to return to the office four days a week starting in January [with the option to work remotely on Fridays]. Last week, Paramount told employees to return five days a week, with the first group starting in January. Both Paramount and NBCUniversal said they would offer severance packages to eligible employees who are unwilling or unable to make the switch... Companies have been cracking down on flexible work for the past several years, with Goldman Sachs being one of the first to implement a five-day office policy. Since then, others have joined in including Amazon, AT&T, JPMorgan Chase and the federal government... Overall, the number of people working full time in office hasn't changed much over the past couple of years. About 61.7 percent of salaried employees worked from an office full time in August, according to data from university researchers Jose Maria Barrero, Nicholas Bloom and Steven J. Davis, who are studying the matter. That is down one percentage point from August 2024, their research shows. During the same period, the amount of people working remotely dropped two percentage points and those working hybrid schedules increased three points. While most of the big office pushes are coming from some of the largest employers in the nation, the majority of companies in the United States aren't requiring full-time office work, said Brian Elliott [publisher of the Flex Index, which tracks flexible policies, and CEO]. And about half of U.S. workers are employed by smaller companies, he added. Some companies are capitalizing on the mandates, using flexible policies as a way to poach talent from their competitors, he said.... Some employers are using office mandates to purposely shed workers. An August report from the Federal Reserve Bank shows that "multiple districts reported reducing headcounts through attrition — encouraged, at times, by return-to-office policies and facilitated, at times, by greater automation, including new AI tools." Still, with fewer job openings in the market, some employees will have to comply with office mandates. Announcing their return-to-office mandates, employers gave the following reasons: "In-person collaboration is absolutely vital to building and strengthening our culture and driving the success of our business. Being together helps us innovate, solve problems, share ideas, create, challenge one another, and build the relationships that will make this company great." -- Paramount CEO David Ellison (in a memo to staff) "It has become increasingly clear that we are better when we are together. As we have all experienced, in-person work and collaboration spark innovation, promote creativity, and build stronger connections." -- Adam Miller, NBCUniversal chief operating officer (in a memo to staff) Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress