Spectre and Meltdown are massive security flaws that affect almost every PC on Earth. Here’s what you need to know

jeremy · 01-04-2018, 03:33 PM

Lots of information about this is becoming available, but here's an overview from The Washington Post:

Quote:

Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data — including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe.

The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which cannot be fully resolved as of yet. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses.

Researchers at Google’s Project Zero, academic institutions and private companies published their findings on the vulnerabilities on Wednesday.

The more pervasive flaw of the two, dubbed Spectre, leaves the world's supply of microprocessors potentially vulnerable to attack, the researchers said. Although hackers will find it harder to take advantage of Spectre, it is also more challenging for computer manufacturers to ward off, the researchers said. “As it is not easy to fix, it will haunt us for quite some time,” the researchers said, explaining why they chose to call the flaw Spectre.

There's no complete software patch for Spectre right now, said Michael Daly, chief technology officer of cybersecurity and special missions at Raytheon, a defense company. The long-term solution may rely on a hardware redesign, he said, with software patches acting to monitor and stop malicious behavior. In the meantime, criminal actors and nation states could further develop the Spectre vulnerability, making attacks easier to execute.

“Right now it's kind of tricky to take advantage of it,” Daly said. “But it's not going to stop there. They will improve on it.”

The other flaw, called Meltdown, affects most Intel processors made after 1995. And although security patches exist for devices running Linux, Windows, and OS X, the researchers said, the fix may slow down their performance by as much as 30 percent, according to some estimates.

This is an extremely widespread issue with almost unprecedented impact. See https://meltdownattack.com/ for more.

--jeremy

Mr. Macintosh · 01-04-2018, 07:42 PM

Quote:

Originally Posted by jeremy

Lots of information about this is becoming available, but here's an overview from The Washington Post:

This is an extremely widespread issue with almost unprecedented impact. See https://meltdownattack.com/ for more.

--jeremy

Possible firmware updates instead?

http://www.zdnet.com/article/intel-s...28094294578069

Ru1138 · 01-04-2018, 09:58 PM

If you're on Arch, get your kernel updated to 4.14.11-1. Here's the Arch Linux security posting: https://security.archlinux.org/AVG-552

_roman_ · 01-04-2018, 10:35 PM

admins, can you please merge those 5-10 topics, including mine in security section named intel cpu bug please.

nigelc · 01-04-2018, 11:14 PM

If it hasn't been used how can it be a problem?

Or is just FUD?

cynwulf · 01-08-2018, 08:33 AM

5x recent threads on the same subject which you may like to read:

https://www.linuxquestions.org/quest...ug-4175620852/
https://www.linuxquestions.org/quest...el-4175620923/
https://www.linuxquestions.org/quest...ge-4175621000/
https://www.linuxquestions.org/quest...le-4175621032/
https://www.linuxquestions.org/quest...em-4175620932/