The Unseen Flaw in Computers with Intel Processors

Most of the time when you think of having your information leaked from your personal computer, you think of hackers abusing oversights in a program or human error. However, this is not the case with the exploit known as “Meltdown” and this exploit has been possible since Intel processors since 1995.

Besides a patch released by Microsoft and Apple that were quickly released as soon as the news of “Meltdown” was announced, not much can be down about this exploit and how to protect your private information on your computer. “Meltdown” is a Kernel leak that allows applications on a computer to access memory from other programs, meaning that any outside user attacking your computer can use this to obtain any information on your computer or do anything on your computer. This is due to an oversight in what is called branch prediction, which your processor loads data in preparation for a conditional statement so it determine what to within that block of code. Before reaching this conditional, it loads the data on the CPU’s cache and will executes both of these at the same time. While data in cache isn’t accessible by any program, it can be exposed, hence leading to this information leak. Functionally, this can act similarly to a backdoor, but on a hardware level, meaning detection of any information leak is extremely difficult as it does not leave any traces behind in traditional log files.

-Steven Galarza





Many Cyber Security Startups are Failing

2017 was the year that had a lot of hacking headlines. The Equifax outbreak was one of the most critical ones. These cyber-attacks deterred many security startups. The timing of the situation is strange as the amount of cyber attacks should pave the way for many cyber security startups (Cyber security start-ups fall on hard times). Some of the reasons are that they are struggling against advanced hackers along with bigger companies developing same technology (Cybersecurity Startups Struggle). In the crowded market, a lot of them are failing to live up on their promises on how good the security is. The situation was very uncommon that David Cowman, a partner at Bessemer Venture Partners, mentioned that he has never seen such a fast-growing market with so many companies on the losing side. The cyber security industry is driven on the belief that there is no end in sight to cyber attacks or companies’ need to protect themselves (Baker).

Even then, only a handful of startups succeeded. The failed startups have become “corporate zombies” due to their inability of fetching a good price in an initial public offering or becoming acquisition targets according to some experts. These startups failed also because their inability to adapt to the evolving technology behind cyber attacks. Some companies tackle this problem by consolidating their security work, using just a few large players rather than spreading business around (Baker). This also saves money and a lot of trouble.

-Anil Adharapurapu


Security Breaches and the Supreme Court

Nearly everyone, if not everyone, will be a victim of a breached company as a result of a cyber attack. As of now, the company will contact you, you’ll receive a new credit card, be offered credit monitoring, and the company will fix the problem that allowed the breach to occur. This is very common practice for corporations, and we see this happening far too often. What hasn’t been decided yet is if an individual or a group can sue a company as a result of a data breach.With this question comes many more, such as:

  • Should the courts consider possible future harm?
  • Should the courts consider the fear and emotion that an individual goes through?
  • What should a consumer be doing to prevent damage from these breaches?
  • How imminent is the future harm?
  • What is the economic value of privacy?

Courts have been struggling with these problems, and the rulings haven’t followed a pattern or set a strong precedent. The most practical way to decide on answers for these questions is for the Supreme Court to hear cases and make a decision. Going forward, a ruling in favor of suing could lead to larger economic consequences for companies that are breached. A ruling in favor of corporations would put the responsibility on the consumer to monitor their credit, use  complex and unique passwords, and be wary of who they give their personal information to.



-Matthew Smith

A Flaw in the World of Mobile Computing

The prospect of needing credentials to access a developer account in an app or to a website that provides an API is not a new concept. And the proliferated stereotype of the lazy developer is nothing to write home about. But some app developers have taken to new levels of carelessness. Appthority calls a new vulnerability they have found, “The Eavesdropper Vulnerability”. This is when the developer hard codes in their credentials to access the features of the device, specifically for the Twilo API. Those who exploit this vulnerability are able to access text messages, Twilo metadata, call metadata, and voice recordings.

This vulnerability does not rely on anything but the hard coded credentials themselves. No jailbreak, hacking, or effort is required. All that is needed to acquire these developer’s credentials is to find and app that uses the Twilo API, skim through it to find them in plain text, then use your favorite method to exfiltrate the data using the credentials.

What’s the solution here? More security conscious developers. There is no other option here than to have developers remove their credentials from the app’s code. That and to not do it again. This vulnerability was entirely preventable, those responsible for it simply did not.

Alan Richman.


Boeing 757 planes susceptible to security breaches

Recently a group of experts worked with homeland security to see if they could hack into a Boeing 757 jetliner. The team was succesful in the hack. The exact details were not disclosed for obvious reasons but they did say they got to the planes system through the radio frequency communications. Robert Hickey from Homeland Security presented at CyberSat Summit and most other experts said we have known that for years it’s no big deal, but when Hickey went to tell pilots of what they found they had no idea their planes were at risk to cyber attacks. Now Boeing 757’s have not been made since 2004 so it seems like it shouldn’t be an issue anymore, except many airlines like United and Delta still use these planes. president Trumps personal plane he uses to fly most places is also a 757. This issue is also difficult to patch they say it would $1 million to change one line of code on a planes system and would take a year to implement, making a patch near impossible. Boeing has said it isn’t something to worry about because it is an older model and system and the new planes like the 787 can’t be affected and were designed with security in mind. Which is good to hear a vulnerability in a plane could cause catastrophic problems.

-Levi Walker