Along with threats like Meltdown and Spectre, Foreshadow has been in the news recently, described as a worrying threat for PC’s with intel processors.
Meltdown and Spectre, which were first publicly disclosed in January, were a widespread problem and some of the aftermath is still being cleaned up. However, the discovery prompted researchers to do further studies into possible weaknesses and vulnerabilities, and in doing so discovered a weakness similar to Spectre in Intel processors.
Known as SGX, Intel’s Software Guard Extensions let programs create secure enclaves in their processors. They effectively create a space that is shut off to the rest of the system so that any malicious software stands little chance of accessing it or making changes to it. This process makes it an oasis for sensitive data to live - in theory. However, a group of researchers from global academic institutions have discovered that while SGX is effective in combating threats from the likes of Meltdown and Spectre, a similar attack called Foreshadow can get around it’s notable defenses.
Meltdown, Spectre and Foreshadow exploit flaws in a process called speculative execution. This is where your processer works quicker by guessing which tasks it will be asked to perform next, therefore saving valuable resources. However, investigators have discovered that the process leaves behind footprints which could be used to infiltrate systems and access sensitive data that is supposed to be safe inside SGX’s vaults.
We regularly offer advice on how to protect your PC and your business’ network of PC’s against the likes of Foreshadow, Spectre and Meltdown and we have similar advice here again. The best way to safeguard your systems is to have comprehensive internet security systems and procedures in place, and in particular that you stay up to date with the latest patches and updates that are released by manufacturers in response to recently discovered vulnerabilities.
Here at ECL we have extensive experience in protecting businesses against the latest malware, computer hacks, viruses, spam, phishing scams and other threats and can advise you on the best methods of protecting your business. We can also help businesses to update their systems to run the latest and most secure version of Windows available. For more information please, please call us on 01268 575300 or email us on info@ecl.co.uk.
No comments :
Post a Comment