Meltdown & Spectre: How they can affect your processor

Meltdown & Spectre: How they can affect your processor

Security flaws have been revealed in the design of Intel’s x86 processors, the design that has been in place for the last 20 years. Their names are Meltdown, Spectre, and a Spectre variant 2. These cache timing attacks allow hackers to gain access and steal passwords or encryption keys on most types of computers, smartphones, and cloud-based servers. Meltdown is for Intel processors while Spectre is used to attack numerous processor types. Almost all of our computers are run by Intel, Qualcomm and ARM processors, which all fall under the susceptible category.

The exploits are known as Side-Channel-Analysis exploits and work by taking advantage of a feature within the CPU architecture whereby, during idle period, the CPU tries to speculatively pre-fetch (guess) what information is going to be requested next.  That information is then held in a cache (temporary storage area) ready to be used.  Whatever work you are doing will alter how much pre-fetching is going on. Part of the problem is that the CPU cache is accessible and it shouldn’t be. Therefore, if an attacker (via malicious code on a website) can make the CPU think that certain information is likely to be needed soon, the information will get cached and can then be read by the attacker (information such as website passwords and usernames).

These issues have been assigned the following CVE entries:

  • Meltdown: An attacker can access kernel memory from user space rogue data cache load (CVE-2017-5754)
  • Spectre: An attacker can read memory contents from other users’ running programs
  • Branch target injection (CVE-2017-5715)
  • Bounds check bypass (CVE-2017-5753)

Google Project Zero published a blog providing technical details regarding these vulnerabilities. An example attack scenario would be an attacker stealing credentials from the memory space of another process. Two criteria must be met in order for these vulnerabilities to be exploited.

  • The device being targeted must utilize an affected Intel, AMD, Qualcomm, or ARM processor (most processors from the last 10+ years fall into the category of “vulnerable”).
  • An attacker must be able to execute their own code (this includes Javascript) on the device. Depending on the vulnerability, the code may be executed as unprivileged code, or in others, as privileged (“root” or “SYSTEM”) code.

Solution

  • As with all vulnerabilities, applying published patches is a crucial step to preventing an attacker from successfully exploiting these vulnerabilities
  • Update your operating systems
  • Patches for different affected products can be found here: https://meltdownattack.com/#faq-advisory

Workaround

  • Only run software from trusted sources
  • It is also recommended to limit the access to critical infrastructure networking equipment to only trusted administrators from trusted administrative ccna course in Pune or hosts
  • Do not allow websites to run untrusted code
  • Web Security Appliance (WSA) can be used to block access to known malicious sites
  • FirePower NGFW can be used to block network based attacks leveraging these vulnerabilities

12 Tips For Writing A Query Letter

12 Tips For Writing A Query Letter

12 Tips For Writing A Query Letter

  1. Use a letterhead or put your name and address in the top right-hand corner. I don’t advise queries be sent by e-mail.
  2. Address the query to a specific agent or editor.
  3. Start with a “hook” or snappy language or something to grab the reader’s attention immediately.
  4. In present tense, state precisely and succinctly what the book is about. (Think in terms of how a TV show is explained in TV Guide.) For example: Out-of-work lingerie-buyer Stephanie Plum blackmails her cousin into hiring her into the unlikely position of bounty hunter.
  5. In a sentence or two, writing luck describe why you are “the one” to write this book. For example, you worked as a homicide detective for fifteen years in Los Angeles or you are a forensic medical specialist.
  6. Keep the query short–one page.
  7. Mention the proposed length of the book.
  8. End by asking the agent or editor if he would be interested in seeing the full manuscript.
  9. Make sure the letter is grammatically correct. (Remember: Don’t count on spell check alone to catch every error. You must read it over).
  10. Use heavy, twenty-pound bond, which is easier to handle than lightweight paper.
  11. Use at least a twelve-point font.
  12. Include a blank self-addressed, stamped postcard.

How to Pass Civil Service Exam in One Take

How to Pass Civil Service Exam in One Take

Since you don’t have all the time in the world to dedicate to a month-long intensive civil service exam review, you have to be wise in choosing how to review and what to study in the first place.

As they always say, study smarter–not harder.

If you remember this by heart, I guarantee that you can pass the civil service exam in one take and become one step closer towards landing your dream government position.

In this definitive no-nonsense guide, I will let you take a glimpse of the processes and study hacks that can help you pass the Philippine civil service exam in one try.

But first, let’s start with the basics…

 

What is the passing rate for the civil service exam?

In order to get civil service eligibility, examinees must obtain a passing score of 80.00 or above.

 

What is the scope of the civil service exam?

As mentioned in our ultimate civil service exam guide, there are two levels of the exam that you can choose from: sub-professional and professional.

If you take and pass the sub-professional civil service exam, you’ll be qualified for first-level government positions (think clerical jobs).

Meanwhile, if you choose to take the professional civil service exam (as most of us do), you’ll be qualified for both first-level and second-level positions that require a bachelor’s degree.

Apparently, the professional-level exam is relatively more difficult than the sub-professional. The former also has more items and longer time allotment than the latter.

The table below shows the scope of each type of civil service exam:

 

 

As you can see, both exams have questions about Verbal Ability, Numerical Ability, and General Information written in either English or Filipino.

The main difference is that the Sub-professional exam has questions on Clerical Ability (30-40 items) which test the examinee’s knowledge about basic tasks like filing, alphabetizing, etc.

The professional civil service exam, on the other hand, has items that test one’s Analytical Ability. These are questions (30-40 items) about logic, data interpretation, word association, single- or double-word analogy, etc.

In addition to these, both exams also include 20 Personal Information Questions which are usually asked at the beginning.

 

How to pass civil service exam in one take: Practical tips before, during, and after the examination.

Civil service exam can give you the jitters.

And it doesn’t just happen during the exam itself. More often than not, it can get to your nerves even while you’re preparing for it and later as you anxiously wait for the SSC Result Online.

To help you overcome nervousness and build up the confidence you need, I’ve listed down all the essential tips that ensure success before, during, and after the exam.

 

Before the Exam.

a. Take a diagnostic exam.

When reviewing for the civil service exam, you have to spend more time improving on your weakest areas. An accurate way to find the areas where you struggle with the most is through taking a diagnostic exam.

At the start of your review, try to test your stock knowledge by answering simulated exams. There are free questionnaires you can download online. Or, you can buy one of the many civil service exam reviewers sold in bookstores.

Take note which areas where you scored poorly. This way, you can dedicate more study time to these subjects and maximize the limited time you have for review.

 

b. Create a realistic review plan–and stick with it. 

Unlike licensure board exams, you don’t have to spend months and endless hours every day just to review for the civil service exam.

A few hours every day for the whole month prior to the examination date is enough. The key here is time management and creating a study plan based on your body clock and current lifestyle.

Set aside 1 week for each subject area: Week 1 for Numerical Ability, Week 2 for Verbal Ability, and so forth. If you’re currently a student or an employee, schedule your review in the morning or at night whenever your alertness is at its peak.

An hour or two of review daily should be sufficient as long as you focus and don’t let procrastination or distraction get in the way. This is what experts call “spaced repetitions,” as opposed to cramming sessions during which you squeeze as much information as you can to your mind in one day only to forget most of them come examination time.