Spectre and Meltdown are massive security flaws that affect almost every PC on Earth. Here’s what you need to know
Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Rep:
Spectre and Meltdown are massive security flaws that affect almost every PC on Earth. Here’s what you need to know
Lots of information about this is becoming available, but here's an overview from The Washington Post:
Quote:
Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data — including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe.
The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which cannot be fully resolved as of yet. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses.
Researchers at Google’s Project Zero, academic institutions and private companies published their findings on the vulnerabilities on Wednesday.
The more pervasive flaw of the two, dubbed Spectre, leaves the world's supply of microprocessors potentially vulnerable to attack, the researchers said. Although hackers will find it harder to take advantage of Spectre, it is also more challenging for computer manufacturers to ward off, the researchers said. “As it is not easy to fix, it will haunt us for quite some time,” the researchers said, explaining why they chose to call the flaw Spectre.
There's no complete software patch for Spectre right now, said Michael Daly, chief technology officer of cybersecurity and special missions at Raytheon, a defense company. The long-term solution may rely on a hardware redesign, he said, with software patches acting to monitor and stop malicious behavior. In the meantime, criminal actors and nation states could further develop the Spectre vulnerability, making attacks easier to execute.
“Right now it's kind of tricky to take advantage of it,” Daly said. “But it's not going to stop there. They will improve on it.”
The other flaw, called Meltdown, affects most Intel processors made after 1995. And although security patches exist for devices running Linux, Windows, and OS X, the researchers said, the fix may slow down their performance by as much as 30 percent, according to some estimates.
This is an extremely widespread issue with almost unprecedented impact. See https://meltdownattack.com/ for more.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.