Intel

now browsing by tag

 
 

Intel asks #customers to #halt #patching for #chip #bug, citing #flaw

Source: National Cyber Security – Produced By Gregory Evans

Intel Corp (INTC.O) said on Monday that patches it released to address two high-profile security vulnerabilities in its chips are faulty, advising customers, computer makers and cloud providers to stop installing them.

Intel Executive Vice President Navin Shenoy disclosed the problem in a statement on the chipmaker’s website, saying that patches released after months of development caused computers to reboot more often than normal and other “unpredictable” behavior. 

“I apologize for any disruption this change in guidance may cause,” Shenoy said. “I assure you we are working around the clock to ensure we are addressing these issues.”

The issue of the faulty patches is separate from complaints by customers for weeks that the patches slow computer performance. Intel has said a typical home and business PC user should not see significant slowdowns.

Intel’s failure to provide a usable patch could cause businesses to postpone purchasing new computers, said IDC analyst Mario Morales.

Intel is ”still trying to get a handle on what’s really happening. They haven’t resolved the matter,” he said.

Intel asked technology providers to start testing a new version of the patches, which it began distributing on Saturday.

The warning came nearly three weeks after Intel confirmed on Jan. 3 that its chips were impacted by vulnerabilities known as Spectre and Meltdown, which make data on affected computers vulnerable to espionage.

Meltdown was specific to chips from Intel, as well as one from SoftBank Group Corp’s (9984.T) ARM Holdings. Spectre affected nearly every modern computing device, including ones with chips from Intel, ARM and Advanced Micro Devices Inc (AMD.O).

Problems with the patches have been growing since Intel on Jan. 11 said they were causing higher reboot rates in its older chips and then last week that the problem was affecting newer processors.

The post Intel asks #customers to #halt #patching for #chip #bug, citing #flaw appeared first on National Cyber Security .

View full post on National Cyber Security

Intel #Chairman: Election #Cybersecurity Fixes ‘Might Not be in #Time to Save the #System’

Homeland Security Secretary Kirstjen Nielsen told senators that most states are being cooperative with the whole-of-government effort to protect voting systems from cyberintrusions, though there are two unnamed states “who aren’t working with us as much as we would like right now.”

Members of the Senate Intelligence Committee grilled Nielsen last week about what is being done to secure the vote in light of Russia’s campaign influence operation in the 2016, and for an inside perspective on that campaign season former DHS Secretary Jeh Johnson joined Nielsen at the witness table.

Chairman Richard Burr (R-N.C.) praised DHS for making “great strides towards better understanding elections, better understanding the states, and providing assistance that makes a difference to the security of our elections.”

“But there’s more to do. There’s a long wait time for DHS premier services. States are still not getting all the information they feel they need to secure their systems,” Burr said. “The department’s ability to collect all the information needed to fully understand the problem is an open question, and attributing cyber attacks quickly and authoritatively is a continuing challenge.”

The chairman stressed that “this issue is urgent — if we start to fix these problems tomorrow, we still might not be in time to save the system for 2016 and 2020.”

Vice-Chairman Mark Warner (D-Va.) noted that in 2016 Russian actors “were able to penetrate Illinois’ voter registration database and access 90,000 voter registration records — they also attempted to target the election systems of at least 20 other states.”

“The intelligence community’s assessment last January concluded that Russia secured and maintained access to multiple elements of U.S. state and local election boards,” he said. “And the truth is clear that 2016 will not be the last of their attempts.”

Nielsen described the DHS arm of the election security mission as providing “assistance and support to those officials in the form of advice, intelligence, technical support, incident response planning, with the ultimate goal of building a more resilient, redundant, and secure election enterprise.”

“Our services are voluntary and not all election officials accept our offer of support. We continue to offer it; we continue to demonstrate its value. But in many cases state and local officials have their own resources and simply don’t require the assistance that we’re offering,” she said.

So far, the secretary told senators, “more than half” of states have signed up for DHS’ cyber hygiene scanning service, an automated remote scan “that gives state and local officials a report identifying vulnerabilities and offering recommendations to mitigate them.”

Another tool DHS is using is information sharing directly with election officials “through trusted third parties such as the Multi-State Information Sharing and Analysis Center, or MS-ISAC, and we look forward to the creation of the Election ISAC.”

Nielsen emphasized the need to “rapidly share information about potential compromises with the broader community so that everyone can defend their systems.”

“This collective defense approach makes all election systems more secure,” she said. “We’re also working with state election officials to share classified information on specific threats, including sponsoring up to three officials per state with security clearances and providing one-day read-ins as needed when needed, as we did in mid-February for the secretaries of state and election directors. We are also working with the intelligence community to rapidly declassify information to share with our stakeholders.”

Unlike DHS’ posture in 2016, Nielsen said the department now knows which person to contact in every state to share threat information.

“DHS is leading federal efforts to support and enhance the security of election systems across the country. Yet we do face a technology deficit that exists not just in election infrastructure but across state and local government systems,” she said. “It will require a significant investment over time and will require a whole-of-government solution to ensure continued confidence in our elections.”

Johnson talked about the Obama administration’s reticence to make a wrong move on Russia’s campaign interference and give the appearance that the White House was stepping into the election.

“The reality is that, given our electoral college and our current politics, national elections are decided in this country in a few precincts in a few key swing states. The outcome, therefore, may dance on the head of a pin. The writers of the TV show House of Cards have figured that out. So can others,” Johnson told lawmakers, adding he’s “pleased by reports that state election officials to various degrees are now taking serious steps to fortify cybersecurity of their election infrastructure and that the Department of Homeland Security is currently taking serious steps to work with them in that effort.”

Nielsen said DHS is trying to get security clearances for those three election contact persons in each state, but only “about 20” of those 150 officials have received the full clearance. “We’re granting interim secret clearances as quickly as we can,” she said, adding later that they’re “widely using day read-ins now, so we’re not going to let security clearances hold us up.”

The secretary said “a lot of work” has been accomplished at DHS over the past year on “related processes,” including working with the intelligence community to declassify information as “some of the information does not originate within DHS, so we need to work with our partners to be able to share it.”

“The second one is on victim notification. We have a role there, but so does FBI and so does MS-ISAC, which in this case the Multi-State Information Sharing and Analysis Center was in some cases the first organization to identify some of the targeting,” Nielsen said. “So we have to work with whomever originates the information. We all have different roles. So we’ve worked to pull it all together so that we can quickly notify victims of what has occurred.”

Pressed on the current level of cyber threat from malicious actors heading into midterm elections, Nielsen replied that “the threat remains high.”

“We think vigilance is important, and we think there is a lot that we all need to do at all levels of government before we have the midterm elections,” she said. “I will say our decentralized nature both makes it difficult to have a nationwide effect, but also makes it perhaps of greater threat at a local level. And, of course, if it’s a swing state or swing area that can, in turn, have a national effect.”

“So what we’re looking at is everything from registration and validation of voters — so those are the databases, through to the casting and the tabulation of votes, through to the transmission — the election night reporting, and then, of course, the — the certification and the auditing on the back end. All of those are potential vulnerabilities. All of those require different tools and different attention by state and locals,” Nielsen continued, adding that the federal government continues to work with state and local jurisdictions “to also help them look at physical security.”

“They need to make sure that the locations where the voting machines are kept, as well as the tabulation areas, they need access control and very traditional security like we would in other critical infrastructure areas,” she said.

Johnson told senators that “with the benefit of two years’ hindsight it does seem plain… that the Russian effort has not been contained; it has not been deterred.”

“In my experience, superpowers respond to sufficient deterrence and will not engage in behavior that is cost prohibitive. Plainly, that has not occurred and more needs to be done,” the former DHS chief said. “With the benefit of hindsight, the sanctions we issued in late December [2016] have not worked as an effective deterrent and it’s now on the current administration to add to those and follow through on those.”

advertisement:

The post Intel #Chairman: Election #Cybersecurity Fixes ‘Might Not be in #Time to Save the #System’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Intel didn’t #tell US #cyber security officials about the #Meltdown and #Spectre flaws until after it #leaked in news #reports

Source: National Cyber Security News

Intel did not inform U.S. cyber security officials of the so-called Meltdown and Spectre chip security flaws until they leaked to the public, six months after Alphabet Inc notified the chipmaker of the problems, according to letters sent by tech companies to lawmakers on Thursday.

Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers had not exploited the vulnerabilities.

Intel did not tell the United States Computer Emergency Readiness Team, better known as US-CERT, about Meltdown and Spectre until Jan. 3, after reports on them in online technology site The Register had begun to circulate.

US-CERT, which issues warnings about cyber security problems to the public and private sector, did not respond to a request for comment.

Details of when the chip flaws were disclosed were detailed in letters sent by Intel, Alphabet and Apple Inc on Thursday in response to questions from Representative Greg Walden, an Oregon Republican who chairs the House Energy and Commerce Committee.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Intel #confirms reports of #hacking #vulnerability in its #chips, promises to #fix asap

Source: National Cyber Security – Produced By Gregory Evans

The world’s top chip maker Intel Corp on Wednesday confirmed a report about a potential security flaw in its Chips that is vulnerable to hacking and promised to fix the bug as soon as possible.

Security researchers at Google said they discovered serious security flaws in Intel chips and other chipmakers. The security bug, if used for malicious purposes, has the potential to improperly gather sensitive data from computing devices. “Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” Intel was quoted as saying.

Intel also said that the vulnerability is not unique to their products. It argued that “many types of computing devices – with many different vendors’ processors and operating systems – are susceptible to these exploits.”

However, Intel said it is working with its tech partners such as AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue “promptly and constructively.”

AMD said in a statement that it believes its chips are safe because they use different designs, reported Los Angeles Times.

“Intel has begun providing software and firmware updates to mitigate these exploits,” and average computer user won’t experience significant slowdowns as it’s fixed, noted press statement from Intel.

The post Intel #confirms reports of #hacking #vulnerability in its #chips, promises to #fix asap appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The CIA built a fake software update system to spy on intel partners

Source: National Cyber Security – Produced By Gregory Evans

Anyone relying on the CIA for tech support got a nasty surprise this morning, as documents published by Wikileaks revealed a secret project to siphon out data through its technical liaison service, dating back to 2009. The program, called ExpressLane, is designed to be deployed alongside a biometric collection system…

The post The CIA built a fake software update system to spy on intel partners appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Intel Joins Team8 Cybersecurity Syndicate, Collaborates With Illusive Networks

Source: National Cyber Security – Produced By Gregory Evans

Intel Joins Team8 Cybersecurity Syndicate, Collaborates With Illusive Networks

Intel announced today it has joined the cybersecurity syndicate established by Team8, a unique Tel-Aviv-based startup-creation platform focused on developing new cybersecurity solutions. In addition, Intel announced it will work with one of Team8’s companies, Illusive Networks, to develop a solution to combat Advanced Persistent Threats (APTs) by combining hardware…

The post Intel Joins Team8 Cybersecurity Syndicate, Collaborates With Illusive Networks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacking group uses Intel management system to sneak past Windows firewall

Source: National Cyber Security – Produced By Gregory Evans

Hacking group uses Intel management system to sneak past Windows firewall

When you’re a bad guy breaking into a network, the first problem you need to solve is, of course, getting into the remote system and running your malware on it. But once you’re there, the next challenge is usually to make sure that your activity is as hard to detect…

The post Hacking group uses Intel management system to sneak past Windows firewall appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

US intel chiefs express doubts over Kaspersky security software

Source: National Cyber Security – Produced By Gregory Evans

US intel chiefs express doubts over Kaspersky security software

Top US intelligence chiefs publicly expressed doubts about the global cybersecurity firm Kaspersky Labs because of its roots in Russia. Six leading intelligence officials yesterday told a Senate hearing on external threats to the United States of their concerns over the firm’s broad presence, without specifying the particular threat they see. Asked if he was aware of a security threat …

The post US intel chiefs express doubts over Kaspersky security software appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Intel Analyst

Source: National Cyber Security – Produced By Gregory Evans Location: Linthicum, MD US Job Category: Intelligence Security Clearance: TS/SCI Clearance Status: Must be Current Job Description: POSITION SUMMARY: CACI is in search of a Cyber Intel Analyst with a wide range of knowledge, performs CI Cyber Operations support for … The post Cyber Intel Analyst […]

The post Cyber Intel Analyst appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

Did Intel mishandle McAfee?

0_0_480_1_70_-news-20160913111052_mcafee

Source: National Cyber Security – Produced By Gregory Evans

Did Intel mishandle McAfee?

Security is not a product, it’s a process.
Did Intel do enough to make the most of its investment in McAfee, or did its focus on using security to boost chip sales simply miss the point?
The company entered the

The post Did Intel mishandle McAfee? appeared first on National Cyber Security.

View full post on National Cyber Security