-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new posts for Intel exploit and FTC warnings
- Loading branch information
1 parent
5201f53
commit d59fd1a
Showing
2 changed files
with
68 additions
and
0 deletions.
There are no files selected for viewing
29 changes: 29 additions & 0 deletions
29
...issues-warnings-to-ASRock-GigaByte-and-Zotac-for-unlawful-warranty-practices.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| --- | ||
| title: >- | ||
| FTC issues warnings to ASRock, GigaByte and Zotac for unlawful warranty | ||
| practices | ||
| date: 2024-07-06 19:26:15 | ||
| tags: | ||
| - FTC | ||
| - ASRock | ||
| - GigaByte | ||
| - Zotac | ||
| - warranty | ||
| - unlawful practices | ||
| --- | ||
|
|
||
| ### Quick Report | ||
|
|
||
| FTC (Federal Trade Commission) has issued warnings to three major computer hardware manufacturers, ASRock, GigaByte and Zotac, for their unlawful warranty practices. The FTC has stated that these companies have been violating the [Magnuson-Moss Warranty Act Law][def3], which prohibits companies from conditioning warranty coverage on the use of specific products or services. The companies have been warned to revise their warranty policies to comply with the law or face legal action. | ||
| <!-- more --> | ||
|
|
||
| FTC has made it clear that they cannot engage in illegal practices that restricts consumers from repairing their own products by adding **warranty void if removed stickers**. The FTC has also warned that these companies cannot deny warranty coverage simply because a consumer has used a third-party product or service. | ||
|
|
||
| ### Source(s) | ||
|
|
||
| - [FTC Press Release][def] | ||
| - [TPU Article][def2] | ||
|
|
||
| [def]: https://www.ftc.gov/news-events/news/press-releases/2024/07/ftc-warns-companies-stop-warranty-practices-harm-consumers-right-repair | ||
| [def2]: https://www.techpowerup.com/324145/ftc-issues-warning-to-asrock-zotac-and-gigabyte-about-warranty-practices | ||
| [def3]: https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act |
39 changes: 39 additions & 0 deletions
39
...-Lake-and-later-models-affected-by-Indirector-Branch-Predictor-Vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| --- | ||
| title: >- | ||
| Intel Alder Lake and later models affected by Indirector Branch Predictor | ||
| Vulnerability | ||
| date: 2024-07-06 19:32:55 | ||
| tags: | ||
| - Intel | ||
| - Alder Lake | ||
| - Raptor Lake | ||
| - Arrow Lake | ||
| - Lunar Lake | ||
| - BTI | ||
| - Branch Predictor Exploit | ||
| - microcode updates | ||
| - security | ||
| --- | ||
|
|
||
| ### Quick Report | ||
|
|
||
| Researchers from University of California, San Diego have discovered a new vulnerability in Intel processors, called the **[Indirector][def]** which exposes weakness in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) allowing attackers to run precise Branch Target Injection (BTI) attacks. This vulnerability affects Intel processors from the Alder Lake generation and later, including Raptor Lake, Arrow Lake, and Lunar Lake. | ||
| <!-- more --> | ||
|
|
||
| The paper provides details into inner workings of Intel\'s hardware defenses, such as IBPB, IBRS, and STIBP, including previously unknown holes in their coverage. The researchers also provide a proof-of-concept exploit that bypasses all of these defenses, allowing an attacker to run arbitrary code on a victim\'s machine. | ||
|
|
||
| The PoC exploit allows attackers to breach security boundaries across diverse scenarios including cross-process and cross-privilege scenarios. It uses BTB and IBP to break Address Space Layout Randomization (ASLR). | ||
|
|
||
| The microcode fixes could have severe performance implications and could lose upto 50% of performance in some cases. Intel has released microcode updates to mitigate the vulnerability and asks vendors to use existing software techniques to mitigate the vulnerability by referring their mitigation guidance [BHI Document][def2] and [IBRS mitigation guide][def3]. | ||
|
|
||
| ### Source(s) | ||
|
|
||
| - [Indirector Vulnerability][def] | ||
| - [TPU Article][def4] | ||
| - [Tom\'s Hardware Report][def5] | ||
|
|
||
| [def]: https://indirector.cpusec.org/ | ||
| [def2]: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html | ||
| [def3]: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/speculative-execution-side-channel-mitigations.html#IBRS | ||
| [def4]: https://www.techpowerup.com/324110/indirector-is-intels-latest-branch-predictor-vulnerability-but-patch-is-already-out | ||
| [def5]: https://www.tomshardware.com/tech-industry/cyber-security/newer-intel-cpus-vulnerable-to-new-indirector-attack-spectre-style-attacks-risk-stealing-sensitive-data-intel-says-no-new-mitigations-required |