Linux 4.15 Kernel Includes Fixes for Meltdown, Spectre Vulnerabilities

Today’s topics include Linus Torvalds releasing Linux 4.15; an IBM study finding users favor security over convenience; Microsoft updating Intel’s buggy Spectre patch; and Innovid releasing a new video platform for reaching millennials. 

Linus Torvalds released the first new Linux kernel of 2018 on Jan. 28, which ended up being the longest development cycle since Linux 3.1 was released in 2011. The new Linux 4.15 kernel features fixes for the core reason for the kernel's delay, namely the Meltdown and Spectre CPU flaws. 

The Spectre issue is being mitigated in Linux 4.15 with the retpoline code that was originally developed by Google. Reptoline helps to avoid kernel-to-user data leaks, by restricting speculative indirect branches in CPU processes. 

According to Torvalds, other new features in Linux 4.15 include support for expanded security capabilities in Intel and AMD CPUs. On AMD chips, Linux now supports the AMD Secure Encrypted Virtualization capability. On Intel CPUs, Linux now supports User Mode Instruction Prevention, which limits the risk of privilege escalation. 

A global study about authentication usage and attitudes by IBM Security has found that 70 percent of respondents rank security over convenience when it comes to financial applications.

The study, released Jan. 29, surveyed 4,000 adults in the U.S., Europe and Asia-Pacific. 

The study also found that 44 percent of respondents identified fingerprint biometrics as the most secure method of authentication. In contrast, only 27 percent rated passwords as being the most secure form of authentication. 

Nearly half of people under 34 use fingerprints to unlock their personal smartphones, compared to only 22 percent of those over the age of 55. Finally, 11 percent of those under the age of 34 are using facial recognition to unlock their phone, compared to only 2 percent of those 55 and up.  

While millennials are big adopters of biometrics, they tend to fall short when it comes to the use of complex passwords, and also tend to reuse passwords, the study found. 

Microsoft has released a new emergency update for Windows that disables an earlier patch of the Meltdown and Spectre processor vulnerabilities issued by Intel, which could cause "higher than expected reboots and other unpredictable system behavior" on systems with Intel’s Broadwell and Haswell processors. 

Although Intel claims it is making good progress toward developing an effective solution, the company recommends that users, OEMs, software vendors and cloud providers cease applying the problematic patch or "microcode" that alters a processor’s firmware. 

Microsoft issued its own patch that disables Intel's fix, and for those already affected by Intel's buggy patch, Microsoft published two support documents for advanced users and IT professionals who are comfortable working with the Windows registry. 

Innovid, a new-gen video marketing platform provider, on Jan. 29 introduced a new solution along with partnerships to help brands reach, measure and engage the elusive “mobile first” millennial audiences, who are now the largest segment in the U.S. at an estimated 80 million. 

Innovid, along with leading SDK providers Fyber, InMobi, and MoPub, is offering increased transparency and performance across Video Ad Serving Template, or VAST, inventory for in-app mobile, enabling marketers to measure and engage in-app audiences on a much larger scale than previously possible. 

Innovid is now launching VAST tags that are compatible with the leading viewability providers in the market, as well as with the Open SDK initiative, expected to be released in this year.