Privacy

UK Backs Off From Banning Reidentification Research (theguardian.com) 10

An anonymous reader writes: The United Kingdom has recently debated banning reidentification in its new data privacy law. This proposal has quickly been identified as dangerous and criticized, as it was argued this is not only ineffective but would also put at risk legitimate security and privacy researchers. Following public outcry, the UK government amended the bill to include safe-guards allowing researchers to study anonymization weaknesses. Researchers will also gain a new channel of disclosure via the Information Commissioner Office (ICO). According to The Guardian, "Researchers will have to notify the ICO within three days of successfully deanonymizing data, and demonstrate that they had acted in the public interest and without intention to cause damage or distress in re-identifying data."
Microsoft

Microsoft Details Performance Impact of Spectre and Meltdown Mitigations on Windows Systems (microsoft.com) 236

Microsoft's Windows chief Terry Myerson on Tuesday outlined how Spectre and Meltdown firmware updates may affect PC performance. From a blog post: With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don't expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance. With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.

Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

Wireless Networking

With WPA3, Wi-Fi Security is About To Get a Lot Tougher (zdnet.com) 121

One of the biggest potential security vulnerabilities -- public Wi-Fi -- may soon get its fix. From a report: The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things.

One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices. WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven't been manipulated.
Further reading: WPA3 WiFi Standard Announced After Researchers KRACKed WPA2 Three Months Ago
Encryption

FBI Chief Calls Unbreakable Encryption 'Urgent Public Safety Issue' (reuters.com) 440

The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue," FBI Director Christopher Wray said on Tuesday in remarks that sought to renew a contentious debate over privacy and security. From a report: The FBI was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency's work, Wray said during a speech at a cyber security conference in New York. "This is an urgent public safety issue," Wray added, while saying that a solution is "not so clear cut."
Microsoft

Microsoft Pauses Rollout of Spectre and Meltdown Patches To AMD Systems (betanews.com) 100

Microsoft is suspending patches to guard against Meltdown and Spectre security threats for computers running AMD chipsets after complaints by AMD customers that the software updates froze their machines. From a report: The company is blaming AMD's failure to comply with "the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown." There's no word on when the patches will be fixed, but Microsoft says that it is working with AMD to address the problem.
Windows

Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key (bleepingcomputer.com) 135

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has added a new and very important detail on the support page describing incompatibilities between antivirus (AV) products and the recent Windows Meltdown and Spectre patches. According to an update added this week, Microsoft says that Windows users will not receive the January 2018 Patch Tuesday security updates, or any subsequent Patch Tuesday security updates, unless the antivirus program they are using becomes compatible with the Windows Meltdown and Spectre patches. The way antivirus programs become compatible is by updating their product and then adding a special registry key to the Windows Registry. The presence of this registry key tells the Windows OS the AV product is compatible and will trigger the Windows Update that installs the Meltdown and Spectre patches that address critical flaws in the design of modern CPUs.

Slashdot Top Deals