A new Intel chip vulnerability described as unfixable could compromise the authentication process of most of the motherboards made in the last five years, giving an attacker full access to the system including encryption keys. The attack is currently theoretical in nature, however, and would require multiple complex steps to pull off including physical access to the device.

The new Intel chip vulnerability impacts CPUs that use the Intel Converged Security and Management Engine (CSME). Specifically, the flaw is found in chips that use CSME version 11. This CSME version was first used in the sixth generation of chips, which were first released in 2015. It is still in use and is not expected to be replaced until the 10th generation of Intel chips (Comet Lake) sees a retail launch sometime this year.

The flaw is found in the 6th to 9th generations of Intel CPUs, as well as the Server Platform Services and Trusted Execution Engine firmware. CSME firmware versions prior to 11.8.65, 11.11.65, 11.22.65 and 12.0.35 are vulnerable.

Intel has a firmware patch available for its own motherboards, but cannot patch the firmware of other motherboard manufacturers. That would be the vast majority of them, as Intel exited the motherboard business in 2013. It would appear that Intels firmware patch cannot actually fix the vulnerability, however; it simply attempts to block off potential exploit paths.

Before you continue reading, how about a follow on LinkedIn?

A devices firmware version can be checked by accessing the BIOS during bootup. This vulnerability appears to be specific to Intel chips; AMD hardware is not affected. It is unclear if Apples T2 security chip is able to mitigate some or all of the Intel chip vulnerability.

Intels CSME is the first step in the initial authentication of any system that uses one of its chips, verifying and booting all other firmware. Its also necessary for certain other software-based security measures to function, such as Microsoft System Guard.

This means that an attacker essentially has access at as root of a level as one can get. Among other things, that means access to system encryption keys. If handled correctly, the breach would also be impossible for a system administrator to detect. An attacker could not just decrypt and exfiltrate information, but also have other computers pose as the compromised device by spoofing hardware IDs. It would also be possible to create malware and spyware that runs at the hardware level, rendering it invisible to antivirus software.

However, this Intel chip vulnerability is not one that can be exploited remotely or with any sort of ease. An attacker would need at least local access to the target computer, and even then World Privacy Forum founder Pam Dixon described the process as requiring extraordinary time and skill. What information is available indicates that a local attacker would either need to physically access the motherboard with some sort of special tools, or would need to compromise other elements of the firmware first to launch a direct memory access attack against CSME. Intel has indicated that their firmware patch will block at least some local attacks; however, security researchers believe that it will not stop someone who has physical access to the motherboard.

At the moment, the public does not have access to much in the way of detailed information about the operation of the security flaw. Positive Technologies, the security firm that uncovered the vulnerability, has promised to release a white paper in the near future that provides technical details.

Intel has struggled through a chain of processor vulnerabilities in recent years. The trouble started in 2018 with the discovery of Meltdown and Spectre, two chip vulnerabilities tied to timing measurements meant to improve processor performance. Intel was able to correct these with software patches, but the incident was serious enough to force the company to revamp its design process to address these issues. Like the new Intel chip vulnerability, these exploits could give attackers far-reaching access to compromised systems and in the case of Meltdown would be virtually undetectable.

The timing of all of this has been unfortunate for the company from a market perspective, as chief rival AMD has made great strides during this same period and now features performance and stability that rivals Intel products at a lower price point.

New #Intel chip vulnerability allow #hackers to run #malware and spyware at hardware level which will not be detected by antivirus software. #respectdata Click to Tweet

The current Intel chip vulnerability is manageable only if system manufacturers opt to create firmware updates for it, but at best it appears this will only curtail local access. Organizations will need to prevent physical access to computers to truly be certain that the exploit cannot be leveraged. Given this, it appears the only 100% safe fix is to replace a vulnerable CPU. That either means a switch to AMD, or a wait of possibly some months for the 10th generation of Intel processors to become more widely available.

See more here:
Unfixable Intel Chip Vulnerability Could Undermine Encryption on Five Years Worth of Computers, But Is a Difficult Attack to Pull Off - CPO Magazine

Bipartisan Senate Judiciary Committee introduces bill that censors online content and attacks encryption By Kevin Reed 17 March 2020

Leading members of the Senate Judiciary Committee formally introduced a bipartisan bill on March 5 that escalates US government censorship of online content and directly attacks encryption of electronic communications under the cover of fighting online child sexual abuse material (CSAM).

Senate Judiciary Committee Chairman Lindsey Graham (Republican of South Carolina), US Senators Richard Blumenthal (Democrat of Connecticut), Josh Hawley (Republican of Missouri) and Ranking Member Dianne Feinstein (Democrat of California) jointly introduced the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) that purports to encourage the tech industry to take online child sexual exploitation seriously.

The concept behind the law is that tech companies have to earn their protected immunity from prosecution for any illegal content published by users on their platforms by scanning and decrypting every message, image or post. Until now, online service providers were not responsibleunder what are known as the Section 230 provisions of the Communications Decency Act of 1996for anything users publish on websites, social media accounts or cloud servers.

In introducing the bill, Senator Graham said, This bill is a major first step. For the first time, you will have to earn blanket liability protection when it comes to protecting minors. Senator Blumenthal added, Companies that fail to comport with basic standards that protect children from exploitation have betrayed the public trust granted them by this special exemption.

While claiming to fight online CSAM and enlisting the support of 70 organizations involved in stopping child sexual exploitation, the bills actual content shows that its ultimate purpose is an attack on fundamental democratic rights.

The law calls for the creation of a 19-member commission controlled by the attorney general and US law enforcement agencies. The EARN IT commission will establish best practices that must be followed by the technology companies or they will face criminal prosecution if content on their services is found to be illegal.

According to the Electronic Frontier Foundation (EFF), among the best practices of the EARN IT Act is a proposal by John Shehan, vice president at the National Center for Missing and Exploited Children (NCMEC), that says, online services should be made to screen their messages for material that NCMEC considers abusive; use screening technology approved by NCMEC and law enforcement; report what they find in the messages to NCMEC; and be held legally responsible for the content of messages sent by others.

Therefore, the EARN IT law will place the tech companies and their users in a Catch-22. The law mandates that tech providers either agree to monitor the content and violate the privacy and free speech rights of their users by screening everything they publish, post or store on the service or they agree to be prosecuted by the state for any illegal content that appears on their site.

EFF further explains that the 19-member commission will be completely dominated by law enforcement and allied groups like NCMEC, and the bill gives Attorney General Barr the power to veto or approve the list of best practices. Even if other commission members do disagree with law enforcement, Barrs veto power will put him in a position to strongarm them.

It is well known that William Barr and the US Justice Department have been advocates of online censorship and for abolishing end-to-end encryption in consumer electronic devices. There is nothing stopping the EARN IT Act from introducing as one of its best practices a provision for law enforcements back-door access to encrypted communications and data files. Those firms which refuse to comply would then have their Section 230 protections eliminated.

It is a measure of the dishonesty of the American political system that leading Democrats and Republicans can so transparently use the fears and emotions of the public against child exploitation as a means of attacking fundamental rights protected by the Constitution.

On May 11, the Senate Judiciary Committee held a public hearing on the EARN IT Act and took testimony from witnesses on the proposed legislation. Among the speakers were representatives from the NCMEC, Jared Sine of the online dating company Match Group, a child exploitation legal expert, and Elizabeth Banker of the Internet Association. Of these speakers, only the last spoke against the EARN IT Act.

In her presentation, Banker explained that many of the major tech firms todayincluding Amazon, Ebay, Facebook, Google, Microsoft, Twitter and Uberare members of the Internet Association. She went on to review the multi-faceted measures that tech companies have been engaged in to combat CSAM, going back to the passage of the Communications Decency Act of 1996, from their platforms.

Banker then explained how the EARN IT Act would create numerous problems and hinder the efforts to combat CSAM by violating online users First and Fourth Amendment rights because the providers will be acting as agents of the government. She stated, Under Fourth Amendment jurisprudence, a search performed by an agent of the government is subject to the same requirements as if the government performed the search directly.

Banker also spoke about the implications for freedom of speech in the Senate Judiciary Committee bill, The EARN IT Act would delegate important decisions concerning security, privacy, and free speech on the internetweighty and complex matters that directly impact hundreds of millions of consumersto an administrative body that would be composed of members who are not elected representatives and that would operate with little transparency.

Finally, Banker said that although the bill does not specifically mention encryption, Requiring companies to engineer vulnerabilities into their services would make us all less secure. Encryption technology stands between billions of internet users around the globe and innumerable threatsfrom attacks on sensitive infrastructure, including our highly automated financial systems, to attempts by repressive governments to censor dissent and violate human rights.

It could not have been lost on the Democratic and Republican senators or Elizabeth Banker of the Internet Association that the greatest threat of censorship and violation of human rights all over the world, including within the US itself, comes from American imperialism.

2019 has been a year of mass social upheaval. We need you to help the WSWS and ICFI make 2020 the year of international socialist revival. We must expand our work and our influence in the international working class. If you agree, donate today. Thank you.

More:
Bipartisan Senate Judiciary Committee introduces bill that censors online content and attacks encryption - World Socialist Web Site

Innovative Report on Encryption Software Market with Competitive Analysis, New Business Developments, and Top Companies

The report also tracks the latest Encryption Software Market dynamics, such as driving factors, restraining factors, and industry news like mergers, acquisitions, and investments. It provides market size (value and volume), market share, growth rate by types, applications, and combines both qualitative and quantitative methods to make micro and macro forecasts in different regions or countries.

Prominent players profiled in the study: Dell, Eset, Gemalto, IBM, Mcafee, Microsoft, Pkware, Sophos, Symantec, Thales E-Security, Trend Micro, Cryptomathic, Stormshield

Sample Report with Latest Industry Trends @https://www.acquiremarketresearch.com/sample-request/324586/

This Report Provides an overview of the Encryption Software market, containing global revenue, global production, sales, and CAGR. Also describe Encryption Software product scope, market overview, market opportunities, market driving force, and market risks. The forecast and analysis of the Encryption Software market by type, application, and region are also presented. The next part of the report provides a full-scale analysis of Encryption Software competitive situation, sales, revenue and global market share of major players in the Encryption Software industry. The basic information, as well as the profiles, applications, and specifications of products market performance along with Business Overview, are offered.

On-premises, Cloud: On-premises, Cloud

Application: Application A, Application B, Application C

Geographical Regions: North America, Europe, Central & South America, Asia-Pacific, and the Middle East & Africa, etc.

Get Reasonable Discount on this Premium Report @https://www.acquiremarketresearch.com/discount-request/324586/

Scope of the Encryption Software Report:

Worldwide Encryption Software Market 2020, Market Size Value CAGR (XX %) and revenue (USD Million) for the historical years (2016 to 2018) and forecast years (2020 to 2025), with SWOT analysis, Industry Analysis, Demand, Sales, Market Drivers, Restraints, Opportunities and Forecast to 2025 cover in this research report.

This report covers the current scenario and growth prospects of the Encryption Software Market for the period 2020-2025. The study is a professional and in-depth study with around tables and figures which provides key statistics on the state of the industry and is a valuable source of guidance and direction for companies and individuals interested in the domain.

Finally, all aspects of the Global Encryption Software Market are quantitatively as well qualitatively assessed to study the Global as well as regional market comparatively. This market study presents critical information and factual data about the market providing an overall statistical study of this market on the basis of market drivers, limitations and future prospects.

Browse Full [emailprotected] https://www.acquiremarketresearch.com/industry-reports/encryption-software-market/324586/

About us:

Acquire Market Research is a market research-based company empowering companies with data-driven insights. We provide Market Research Reports with accurate and well-informed data, Real-Time with Real Application. A good research methodology proves to be powerful and simplified information that applied right from day-to-day lives to complex decisions helps us navigate through with vision, purpose and well-armed strategies. At Acquire Market Research, we constantly strive for innovation in the techniques and the quality of analysis that goes into our reports.

Contact Us:

Sally Mach555 Madison Avenue,5th Floor, Manhattan,New York, 10022 USAPhone No.: +1 (800) 663-5579Email ID: [emailprotected]

See the original post:
Encryption Software Industry Ongoing Qualitative Analysis with Impacting Factor's 2020 by Dell, Eset, Gemalto and more - 3rd Watch News

Cloud Encryption

Another statistical surveying concentrate titled 2020-2026 Global Cloud Encryption Market Report (Status and Outlook) discharged by The Research Corporation can extend as it kept on assuming an amazing job in building up dynamic impacts on the worldwide market. The report subtleties the far reaching and collective examination of Cloud Encryption Market covering past, present, and estimate period. The report at that point covers focused market situation, territorial nearness, business scope, improvement openings, and future gauge. The market is relied upon to tremendous development manure the anticipated years 2020-2026.

Key Players Such as:- CipherCloud Inc., Hytrust Inc., Gemalto NV, IBM Corporation, Netskope Inc., Secomba GmbH, Skyhigh Networks Inc., Sophos Group Plc., Symantec Corporation, Thales e-Security Inc.

Cloud Encryption Market is growing at a steady CAGR within the forecast period of 2019-2026.

Get Sample PDF(Including Full TOC, Table)@ https://www.theresearchcorporation.com/request-sample.php?id=14777

Cloud encryption is a service provided by cloud storage providers, where data or text is converted using encryption algorithms and then placed in the storage cloud. Encryption changes everything, so only authorized parties can receive and view communication. Encryption is performed by gibberish encryption of common data using an algorithm called password. Secure data is called password text. Retrieving encrypted data is as simple as entering the correct password.

Significant Regions with leading countries Of Cloud Encryption Market covered in this report: Asia-Pacific (Vietnam, China, Malaysia, Japan, Philippines, Korea, Thailand, India, Indonesia, and Australia), Europe (Turkey, Germany, Russia UK, Italy, France, etc.), North America (United States, Mexico, and Canada.), South America (Brazil etc.), The Middle East and Africa (GCC Countries and Egypt.)

By Deployment Type

By Operation Type

By Software TypeRisk Management Mapping, Seismic Amplitude Analysis, Portfolio Aggregation, Performance Tracking, Navigation System, Resource Valuation, Reservoir Characterization, Reservoir Simulation, Drilling

Grab Your Report at an Impressive Discount @https://www.theresearchcorporation.com/ask-for-discount.php?id=14777

Statistical Cloud Encryption Market of some important social science facts: In several sectors mentioned in The Research Corporation market report is as describe global Cloud Encryption in terms of investment potential and the possibilities described to achieve success in the near future. Key segments of the global market analyze product types, SMBs and large corporations.

Customization of the Report: This report can be customized as per your needs for additional data or countries. Please connect with our sales team (sales@theresearchcorporation.com)

In this study, the years considered to estimate the market size of Cloud Encryption Market are as follows:

History Year: 2015-2019

Base Year: 2019

Estimated Year: 2020

Forecast Year 2020 to 2026

Table of Content:

10.Market Effect Factors Analysis

Enquiry before buying@ https://www.theresearchcorporation.com/enquiry-before-buying.php?id=14777

About Us

The Research Corporation symbolizes current market trends in the global industry. Our mastery in the field of market insights and analysis makes our company an ideal platform for clients seeking pioneering research in the lucrative global market fields.

At The Research Corporation we work diligently on delivering prudent market insights with sound market intelligence; with that we take pride in delivering comprehensive industry insights based on the market, market competitors, products and global customers. Through our erudite market approach, The Research Corporation has become synonymous to delivering best product service.

Contact:

The Research Corporation

William K (Sales Manager)

1632 1st Avenue, New York, NY 10028, USA

+1 929 299 7373

sales@theresearchcorporation.com

Visit link:
Big Boom in Cloud Encryption Market over 2020-2026 with CipherCloud Inc., Hytrust Inc., Gemalto NV, IBM Corporation and more - The Four Point Play

Medical Insurance Market: Opportunities, Demand and Forecasts, 20202025 By Market Study Report

The Latest Research Report on Medical Insurance Market size | Industry Segment by Applications (Large Insurance and Microinsurance), by Type (Insured Liability and Payment Method), Regional Outlook, Market Demand, Latest Trends, Medical Insur...

The Latest Research Report on 3D Modeling CAD Software Market size | Industry Segment by Applications (Small Business, Midsize Enterprise, Large Enterprise and Other), by Type (Cloud-based and On-premises), Regional Outlook, Market Deman...

The Latest Research Report on 4G/5G infrastructure Market size | Industry Segment by Applications (Logistics and Shipping and Security and Surveilance), by Type (Femtocell, Pico Cell, Micro Cell, Macro Cell,,Market segment by Type, the p...

The Latest Research Report on Digital Hospital Market size | Industry Segment by Applications (Medical Care, Personal Health Tracking and Others), by Type (Mobile Health, Healthcare Information Technology, Wearable Devices, Telehealth...

The Latest Research Report on Digital Transformation in Logistics Market size | Industry Segment by Applications (Bio Pharma, Chemical Pharma and Specially Pharma), by Type (Cold Chain Logistics and Non-cold Chain Logistics), Regional Outlo...

Continue reading here:
Data Encryption Software Market: Size, Share, Analysis, Regional Outlook and Fo - News by aeresearch