Security Bulletin: Undervoltages in Intel Processors can lead to possible security flaws.

-

"Undervoltages" in Intel Processors can lead to possible security flaws.


A security bulletin released recently by Sophos disclosed a flaw in Intel Processors whereby an attacker could take advantage of the voltage control mechanism of a computer.  By slightly lowering the voltage the computer processor would start to generate small, undetectable errors in mathematical computations.  This would allow the attacker to bypass certain security features built into Intel processors.  The new exploit has been dubbed "Plundervolt" (an exploit is defined as getting a program to do something the author did NOT intend).

Considerable details about the flaw (including technical jargon) are provided [here] at sophos.com.  Videos regarding the exploit are also available [here] at the official "Plundervolt" website.

Intel has released a security advisory regarding the exploit [here].  Their recommendation is to update the BIOS of your computer.  The BIOS, also known as the Basic Input/Output System, is responsible for the most rudimentary communication between devices and peripherals on your computer.

Unfortunately, for older computers, some of these updates are no longer available on the Intel website.  If you check the recommended BIOS update page at the Intel website [here], you will see a notice indicating that Intel has stopped providing updates for their Desktop Boards.  More details about this "End of Life" policy is provided at the Bleeping Computer website [here].  This article offered a solution for some users by providing a link to a "mirror" archive of the older Intel software.  This archive can be accessed [here].

IN SHORT:  Decreasing the voltage of a computer processor to less than the required amount will cause it to generate errors.  Attackers can use this to access sensitive parts of memory or feed incorrect information to built-in security programs.  The recommended fix is to update the BIOS of your computer if you have one of these affected processors.  Users of older computers may have difficulty finding the proper update.  A possible solution for older hardware has been provided at the Bleeping Computer website.

Also, keep The Nerd Cave in mind if you have issues with your computer.

Some basic maintenance checks include:

  • Checking for slow start-up programs.
  • Removing unwanted background programs that could be slowing down your computer.
  • Virus and malware scanning.
  • Making sure effective Anti-Virus software is installed and working.
  • Scanning for a corrupt file system that could lead to damaged or missing files in the future.
  • Checking for possible hardware upgrades that could improve PC performance.

I also offer a number of personalized computer services such as resolving specific software or configuration issues with your computer or other hardware.  Check us out at the link below.

Take Care,
Jeffrey Cobb (Owner/Operator)

Comments

Post a Comment

Popular posts from this blog

Wrapping up my first C# project.

-
Image
I've wanted a desktop database program that I could customize for some time now. Actually there have been a number of programs I've wanted that require a database. But since Microsoft Access is a bit costly and Open Office has yet to release good documentation on programming their "Base" software I've been out of luck. Recently I've been learning C# well enough that I decided to dive into this project to see if I could do it. Turns out that I CAN! I've found C# to be really easy to pick up. As a result of my study efforts, I developed a rudimentary database engine and a contacts program that implements this engine. I found a bogus contacts list CSV file on the internet and wrote a simple import function so I could experiment with my database. So all these contacts are BOGUS (or at least they should be). Once I had the primary database function set up in the engine I could write an "add-on" library that the engine incorporates into itself a
Read more

Security Bulletin: Steam Users beware of new [phishing] scams

-
Image
Nerd Cave Security News for December 5th, 2019 Sophos.com  posted a new security warning regarding a new Steam "phishing" scam. Steam  is a video game digital distribution service (not to be confused with  STEAM Education ) which allows users to purchase their favorite game titles online.  Once a title is purchased, it remains in their library for the life of the their account. "Phishing" is an attempt by hackers to recreate a web service login, such as an online bank or other service that requires login credentials.  When the user enters their information and submits the form, the hackers then have their login credentials (more information  [here] ). Apparently hackers went to considerable trouble to perfectly re-create the Steam login page, right down to the two-factor-authentication (2FA) used by Steam.com.  2FA is a means of extra-verification when you log into certain web services.  It usually consists of answering a special question or (in Ste
Read more