It’s Black Hat and DEFCON week and it wouldn’t be a show without the disclosure of a few big bugs. The winner so far seems to be a new exploit found in Intel’s SGX memory encryption technology. Per pre-briefing ahead of a talk happening today, security researchers found a flaw in the Advanced Programmable Interrupt Controller (APIC) that allows them to read uninitialized memory that could contain stale data before it’s cleared by the CPU. Unlike Spectre and Meltdown, this isn’t a side channel attack. It’s a flaw in the CPU architecture. This means that attackers can recover data very quickly. Tests showed a 128-bit AES encryption key could be recovered in less than 2 seconds with 94% accuracy and a 1024-bit RSA key could be nabbed in about a minute and a half with 74% accuracy. Intel is saying the exploit is on their 10th, 11th, and 12th gen processors which includes Ice Lake but no mention of Sapphire Rapids. This and more on this week’s episode of the Rundown.
00:49 | MinIO Miffed at Nutanix
We’re starting off the news today with a good old fashioned tiff between companies. MinIO publicly accused Nutanix of lying about no longer using MinIO code in their platform. Curiously, the info came by way of a blog post from MinIO CFO Garima Kapoor. After Nutanix apologized for the “inadvertent” failure (their words), Kapoor published yet another post taking them to task for not doing a better job of removing the improperly licensed code when they were notified back in December 2019. Per the post, MinIO has revoked the license for Nutanix to use their binaries and must remove them from their Nutanix Objects platform.
Read More: MinIO slams Nutanix use of open source code: round 2
03:38 | Netskope Acquires Infiot
The SASE and SSE market is heating up once more. Netskope announced last week that they have acquired startup Infiot for an undisclosed amount back in May. The deal will bring the technology of Infiot into the new Netskope Borderless WAN offering. Netskope has been focused on the SSE side of the market and also acquired zero trust security company WootCloud back in June.
Read More: Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform
7:18 | Nvidia Misses on Inventory Markdown
It’s not a good week for Nvidia’s books. Their Q2 results were announced last week and they took a pretty big inventory markdown to the tune of $1.32 billion. The revenue for the company was down across the board, especially in the gaming division. The Data Center group was up 1% year-over-year, which was one of the few to make a profit. The inventory markdown was related to the cooling PC sales market as well as the ongoing cryptocurrency decline which has reduced the demand for Nvidia GPUs.
Read More: Nvidia books $1.32b inventory charge as PC market slows
9:36 | Todd Nightingale Departs Meraki for Fastly
The Cisco world was shocked last week when it was announced that Todd Nightingale was leaving his post as head of Enterprise Networking and Cloud at the end of August. News reports later revealed that the former Meraki head was moving to become the CEO of Fastly. Nightingale has been successful at steering the two disparate ships of Meraki and Cisco Networking for a number of years and has been a high profile member of the executive team. The units he ran will be folded into the Mass Scale Infrastructure organization headed by Jonathan Davidson.
Read More: Cisco shakeup: Networking chief Todd Nightingale to helm Fastly
14:56 | Intel has an AEpic Security Problem
It’s Black Hat and DEFCON week and it wouldn’t be a show without the disclosure of a few big bugs. The winner so far seems to be a new exploit found in Intel’s SGX memory encryption technology. Per pre-briefing ahead of a talk happening today, security researchers found a flaw in the Advanced Programmable Interrupt Controller (APIC) that allows them to read uninitialized memory that could contain stale data before it’s cleared by the CPU. Unlike Spectre and Meltdown, this isn’t a side channel attack. It’s a flaw in the CPU architecture. This means that attackers can recover data very quickly. Tests showed a 128-bit AES encryption key could be recovered in less than 2 seconds with 94% accuracy and a 1024-bit RSA key could be nabbed in about a minute and a half with 74% accuracy. Intel is saying the exploit is on their 10th, 11th, and 12th gen processors which includes Ice Lake but no mention of Sapphire Rapids.
Read More: SGX, Intel’s supposedly impregnable data fortress, has been breached yet again
26:07 | The Weeks Ahead
Tech Field Day Extra at VMware Explore US 2022 – August 29-31, 2022
Networking Field Day 29 – September 7-9, 2022
The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on Facebook every Wednesday at 12:30pm ET. To watch along, “Like” our Facebook page. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.
