When is the cybersecurity hole not a hole?

One of the more difficult issues in cybersecurity is when a security hole is a serious issue that requires immediate fix or workaround, and is trivial enough to be ignored or at least lowered in priority. Is to determine if. The tricky part is that much of this involves terrifying security due to ambiguity. We hope that the vulnerabilities will remain untouched and that no one with knowledge will be able to find them. (Typical example: Leave sensitive web pages unprotected, but prevent false detection of very long and unintuitive URLs.)

And then there is the real problem. In the hands of creative and resource-rich bad guys, most holes can be exploited in non-traditional ways.But there is always However, with cybersecurity — IT and security professionals cannot practically fix every hole anywhere in the environment.

As I said, it’s awkward.

Reminiscent of this is an interesting M1 CPU hole found by developer Hector Martin. I posted a detailed idea about it..

Martin describes it as a “design flaw in the Apple Silicon M1 chip.” [that] Two applications running under the OS can secretly exchange data between them without using memory, sockets, files, or other normal operating system features. It works as different users between processes running at different privilege levels, creating secret channels for secret data exchange. This vulnerability is embedded in the Apple Silicon Chip and cannot be fixed without a new Silicon revision.

Martin added, “The only mitigation available to users is to run the entire OS as a VM. Yes, running the entire OS as a VM will impact performance,” he added. I suggested that the user not do this.

Copyright © 2021 IDG Communications Co., Ltd.

When is the cybersecurity hole not a hole?

Source link When is the cybersecurity hole not a hole?

Back to top button