Security: Deception, CHERI, and Microsoft Windows TCO
-
32-Bit Linux Won't Get Patched for Latest Intel Vulnerabilities [Ed: The issue is Intel and x86, not Linux]]
The amount of work involved in fixes means that the 32-bit Linux kernel won’t be getting the same treatment as the 64-bit version of the OS.
-
Formal CHERI: rigorous engineering and design-time proof of full-scale architecture security properties | Light Blue Touchpaper
Over the last twelve years, the CHERI project has been working on addressing the first two of these problems by extending conventional hardware Instruction-Set Architectures (ISAs) with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalisation, prototyped first as CHERI-MIPS and CHERI-RISC-V architecture designs and FPGA implementations, with an extensive software stack ported to run above them.
The academic experimental results are very promising, but achieving widespread adoption of CHERI needs an industry-scale evaluation of a high-performance silicon processor implementation and software stack. To that end, Arm have developed Morello, a CHERI-enabled prototype architecture (extending Armv8.2-A), processor (adapting the high-performance Neoverse N1 design), system-on-chip (SoC), and development board, within the UKRI Digital Security by Design (DSbD) Programme (see our earlier blog post on Morello). Morello is now being evaluated in a range of academic and industry projects.
-
Cyber attack targets Finnish news agency STT [iophk: Windows TCO]
STT told Yle it was investigating the possibility of an information leak, with STT CEO Kimmo Laaksonen saying the organisation had been in touch with the authorities since the breach.
-
Pak, Chinese militaries lose key information to [crackers] [iophk: Windows TCO]
According to officials in these countries, these entities that [broke] into the Pakistani military systems downloaded malwares, which after being installed in the targeted computer system, retrieved a large number of documents, presentations, including encrypted files, that were stored in them. The said malware was sent to the target that were embedded in emails that had purportedly come from superior officers. Some of the files that were transferred from the military computer systems were related to satellite communications, military communication and nuclear facilities.