IT disaster recovery, cloud computing and information security news

Researchers from Binghamton University - State University of New York and the University of California, Riverside have found a weakness in the Haswell central processing unit (CPU) components that makes common computer operating systems vulnerable to malicious attacks.

Computer hackers could take control of individual, company and government computers if a weak point in address space layout randomization (ASLR) software is exploited by manipulating a CPU's branch predictor, a piece of hardware designed to improve program performance.

Researchers suggested several methods to mitigate the attacks they identified in the paper ‘Jump over ASLR: Attacking the Branch Predictor to Bypass ASLR,’ and companies have already started to work on the issues raised.

Researchers demonstrated the weakness in commonly-used Linux operating systems using Intel processors. However, the team led by Binghamton PhD candidate Dmitry Evtyushkin, Ponomarev and former Binghamton Computer Science Professor Nael Abu-Ghazaleh think the vulnerability could also apply to other operating systems such as Windows and Android. According to the work, the attack may also be practical on virtualization systems such as Kernel-based Virtual Machines (KVM), which are used in cloud computing systems.

The results were presented at the 49th Annual IEEE/ACM International Symposium on Microarchitecture (Micro-49) on October 18th in Taipei, Taiwan.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.