Intel and several other processors affected by Memory leak bug

As per researchers there is a memory leak bug affecting several generations of Intel Processors. While the bug is disclosed this week, number of exploits using the memory leak bug are unknown at this time. Microsoft & Several Linux vendors have rushed to release a windows update to mitigate memory leak.

Performance Impact

Part of the patch will cause 5-30% performance degradation of systems and can be noticeable in Server environment. Intel has confirmed this while suggesting this will eventually not be case.

AMD processors are also affected

Initial reports pointed finger on Intel as the only culprit, but Intel came with a press release suggesting the Kernel Memory leak bug affects several devices and processors and not unique to Intel.

You can read Intel’s full press release here –https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Intel Press Release

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.

Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.

Internet running out of IPV4 addresses

The four administrative groups like ICANN, NRO, IAB, and Internet Security declared that the IPv4 has drained out and the last two blocks has been allocated to RIR,  and other last five blocks containing 16 million addresses might exhaust by September 2011. The switch over of IP addresses from version 4 to version 6 which has billions of addresses comparitively trillion times larger than 4.3 billion adrresses which IPv4 would support might have some security problems, as IPv6 has infinite number of namespace for addresses rounding approximately to 350 undecillion possible addresses.

The IPv6 is of eight sets of four digit numbers which are represented as 2^128/ 3.4 * 10^38 possible unique addresses. This is not yet widely adopted a World IPv6 Day is being planned so as the government and companies can test the technology, and for this switch over upgradation of equipments are needed like modems, hubs, etc., need to check their firewall to check how the new version can be handled since IPv6 come with optional extension headers which simplify the overall structure for improving the performance, also dual stack systems can be opted for managing both IPv4 and IPv6.

Acrobat PDF prone to hacking

Old Concept of attack,spread virus with the help of exe files or even some files with different extension.Same methodology is used but instead of using exe files pdf files are used to spread the virus.Main drawback is user need not even click on anything its enough if you open the pdf file.This is more or less similar to a worm but the only difference is worm will spread on its own but to spread this kind of virus user have open the pdf file

Earlier, virus was spreading with the help of Acrobat Software,software used to create PDF documents.Most important thing is its also possible to hack your computers with the help of this acrobat reader.If a pdf file is going to be a virus then its possible to install some bad software on your system and after which the system information and all the other details can easily be hacked from your personal computer or laptop

McAfee has also released some patches to identify this virus and also to destroy it but not to the full extent