Zenbleed: How the quest for CPU performance could put your passwords at risk
"You need to turn on a special setting to stop the code you wrote to stop the code you wrote to improve performance from reducing performance from reducing security."
Password security helps prevent unauthorized access, while weak or reused credentials can expose accounts, systems, and sensitive data.
Search across headline titles and summaries.
Background for this topic.
Passwords are secret strings used to verify identity and control access to accounts, devices, applications, and services. They remain a common authentication method, but their security depends mainly on secrecy, length, and uniqueness rather than predictable complexity rules. A password reused across services can expose multiple accounts if one service is compromised; short, common, or previously leaked passwords are more susceptible to guessing and automated credential-stuffing attacks.
Practical defenses include using a password manager to generate and store a distinct, long password for each service, blocking known compromised passwords, and enabling multi-factor authentication (MFA) where available. Organizations should protect stored passwords with slow, salted one-way hashing, restrict and monitor authentication attempts, and provide secure recovery processes. Password changes are most useful after suspected compromise or exposure, rather than as routine changes that encourage predictable variations. Security teams should also treat password databases and reset mechanisms as sensitive assets during vulnerability assessment and incident response.
"You need to turn on a special setting to stop the code you wrote to stop the code you wrote to improve performance from reducing performance from reducing security."
Researchers have delivered working exploits for RouterOS, which when combined with default admin passwords can be a recipe for cyber disaster.
A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. [...]
Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system.…