Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - News
User Name
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.


  Search this Thread
Old 01-04-2018, 03:33 PM   #1
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,002

Rep: Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730Reputation: 3730
Spectre and Meltdown are massive security flaws that affect almost every PC on Earth. Here’s what you need to know

Lots of information about this is becoming available, but here's an overview from The Washington Post:

Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data — including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe.

The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which cannot be fully resolved as of yet. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses.

Researchers at Google’s Project Zero, academic institutions and private companies published their findings on the vulnerabilities on Wednesday.

The more pervasive flaw of the two, dubbed Spectre, leaves the world's supply of microprocessors potentially vulnerable to attack, the researchers said. Although hackers will find it harder to take advantage of Spectre, it is also more challenging for computer manufacturers to ward off, the researchers said. “As it is not easy to fix, it will haunt us for quite some time,” the researchers said, explaining why they chose to call the flaw Spectre.

There's no complete software patch for Spectre right now, said Michael Daly, chief technology officer of cybersecurity and special missions at Raytheon, a defense company. The long-term solution may rely on a hardware redesign, he said, with software patches acting to monitor and stop malicious behavior. In the meantime, criminal actors and nation states could further develop the Spectre vulnerability, making attacks easier to execute.

“Right now it's kind of tricky to take advantage of it,” Daly said. “But it's not going to stop there. They will improve on it.”

The other flaw, called Meltdown, affects most Intel processors made after 1995. And although security patches exist for devices running Linux, Windows, and OS X, the researchers said, the fix may slow down their performance by as much as 30 percent, according to some estimates.
This is an extremely widespread issue with almost unprecedented impact. See for more.

Old 01-04-2018, 07:42 PM   #2
Mr. Macintosh
Registered: Sep 2015
Distribution: Debian
Posts: 282

Rep: Reputation: 60
Originally Posted by jeremy View Post
Lots of information about this is becoming available, but here's an overview from The Washington Post:

This is an extremely widespread issue with almost unprecedented impact. See for more.

Possible firmware updates instead?
Old 01-04-2018, 09:58 PM   #3
LQ Newbie
Registered: Aug 2014
Distribution: Antergos
Posts: 29

Rep: Reputation: Disabled
If you're on Arch, get your kernel updated to 4.14.11-1. Here's the Arch Linux security posting:
Old 01-04-2018, 10:35 PM   #4
Registered: Dec 2017
Location: _Austro_Bavaria_
Distribution: gentoo / linux mint
Posts: 433

Rep: Reputation: 29
admins, can you please merge those 5-10 topics, including mine in security section named intel cpu bug please.
Old 01-04-2018, 11:14 PM   #5
Registered: Oct 2004
Location: Sydney, Australia
Distribution: Mageia 7
Posts: 375
Blog Entries: 4

Rep: Reputation: 65
If it hasn't been used how can it be a problem?

Or is just FUD?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vulnerabilities such as Meltdown and Spectre caseyl Linux - Security 7 01-22-2018 09:14 PM
LXer: Canonical Will Soon Patch all Supported Ubuntu Releases Against Meltdown/Spectre LXer Syndicated Linux News 0 01-04-2018 03:10 PM
OpenBSD devs worked on Meltdown/Spectre fixes eleven years ago YesItsMe *BSD 2 01-04-2018 09:56 AM
LXer: Meltdown And Spectre CPU Flaws Put Computers, Laptops, Phones At Risk LXer Syndicated Linux News 0 01-04-2018 09:34 AM > Forums > Linux Forums > Linux - News

All times are GMT -5. The time now is 05:20 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration