Users browsing this forum: No registered users and 7 guests
Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by aairfccha » Thu Jan 04, 2018 2:56 pm | |
aairfccha
Posts: 206
|
https://meltdownattack.com
https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ Apparently there are two rather fundamental hardware bugs concerning speculative/out-of-order execution which break the memory separation between processes and between a process and the operating system respectively. Meltdown seems the more exploitable, the more severe but restricted to Intel (and a few ARM? currently anyway) and can be addressed by patches in the OS - those are already in the pipeline for the big three. The drawback of the workaround is a reduction in performance depending on the program. Spectre is apparently more difficult to exploit but more prevalent (Intel, AMD and ARM!) and more difficult to protect against. |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by cthia » Thu Jan 04, 2018 4:11 pm | |
cthia
Posts: 14951
|
Some ARM processors certainly are vulnerable as well. There was a concern over out-of-order execution being a security risk back in the 90's. That is one reason it was so slow to be adopted. The fear has become a reality. Linux aficionados have patched and recompiled already. I think some companies were delaying release of gadgets, smartphones and tablets, until the arrival of patches. Son, your mother says I have to hang you. Personally I don't think this is a capital offense. But if I don't hang you, she's gonna hang me and frankly, I'm not the one in trouble. —cthia's father. Incident in ? Axiom of Common Sense |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by Joat42 » Fri Jan 05, 2018 10:47 pm | |
Joat42
Posts: 2149
|
Expect any task that is context-switch heavy to take a big performance hit. All those virtual servers in the cloud just became a bit more expensive to run which will eat into margins for some providers and the cost will be unloaded on the customers.
Following CPU's from Intel is affected by SPECTRE & MELTDOWN:
--- Jack of all trades and destructive tinkerer. Anyone who have simple solutions for complex problems is a fool. |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by cthia » Sun Jan 07, 2018 8:44 am | |
cthia
Posts: 14951
|
A Monitor Darkly
I attended a conference several years ago. It featured the marvelous coming age of computer interconnectivity and what that would mean for the average end user. Smart Homes were the focus -- where everything interconnects. I voiced my concern about security. This was several years ago. I was told that security would not be an issue, or "very low vulnerability." Very low I asked? At any rate, my concerns have come to pass, again, with A Monitor Darkly. That is two for two. 1. Kaspersky. 2. Smart devices. Son, your mother says I have to hang you. Personally I don't think this is a capital offense. But if I don't hang you, she's gonna hang me and frankly, I'm not the one in trouble. —cthia's father. Incident in ? Axiom of Common Sense |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by Imaginos1892 » Sun Jan 07, 2018 6:27 pm | |
Imaginos1892
Posts: 1332
|
Oh, yeah, that was such a great idea — make it so anybody can break into your computer, turn your lights and appliances on and off, monkey with your thermostat…nothing wrong there, just drink the kool-aid and be happy…
——————————— Nobody expects the Spanish Inquisition!! |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by Lord Skimper » Mon Jan 22, 2018 9:11 am | |
Lord Skimper
Posts: 1736
|
It is easy to keep a computer from being hacked. Real easy. It works for businesses, home computers, smart houses etc... Don't connect it to the Internet. Problem solved.
________________________________________
Just don't ask what is in the protein bars. |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by The E » Mon Jan 22, 2018 3:30 pm | |
The E
Posts: 2683
|
That's like saying that not having anything worth stealing is a great way to deter thieves. |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by Fireflair » Tue Jan 23, 2018 12:58 am | |
Fireflair
Posts: 588
|
Well it is a rather obvious statement, it's something to keep in mind. People rely very heavily on computers for a variety of functions that they didn't ten or twenty years ago.
I don't do my banking on my desktop, I don't save anything important on my desktop. My desktop is for gaming, online research and school work. If some one hacks my desk top the worst they can do is see some school work and gaming. For online banking and other things I want kept secure, I have a laptop which I use. It's only online when I'm using it to access accounts, which doesn't happen very often, maybe a few times a month. I don't generally shop online and I don't share my credit card information all over the place. I'm not so lazy that I can't get up to adjust the thermostat or turn on/off the lights. I don't use a smart TV or have an online media account. So there is something to be said for not being connected all the time. |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by cthia » Tue Jan 23, 2018 5:22 am | |
cthia
Posts: 14951
|
Damn right there is. The operative word in Lord Skimper's post is hacked. Which is a vector of the internet. I think E is pointing out the danger of being complacent. Which is real. I have a Cray and it is never online. Nor does it ever share any less than completely vetted external drive sources. Son, your mother says I have to hang you. Personally I don't think this is a capital offense. But if I don't hang you, she's gonna hang me and frankly, I'm not the one in trouble. —cthia's father. Incident in ? Axiom of Common Sense |
Top |
Re: Meltdown/Spectre - Double whammy of CPU bugs | |
---|---|
by aairfccha » Tue Jan 23, 2018 2:01 pm | |
aairfccha
Posts: 206
|
Aaand apparently Intel just managed to set off Linus Torvalds by implementing their fixes against Spectre in a way that the OS has to activate them, in other words keeping the default state unsafe.
|
Top |