• Welcome to the Internet Infidels Discussion Board.

It's time fore everyone to panic (Meltdown&Spectre CPU "bug")

 
 
 
barbos

barbos

Contributor
Joined
Nov 11, 2005
Messages
21,545
Location
Mlky Way galaxy
Basic Beliefs
atheist
Nobody seems to want to create the thread about potentially biggest security vulnerability ever.
Just google "Meltdown Spectre" and feel scared.
 
I'm not scared, but it's going to create a lot of work for me in the coming weeks.

That so many computers are now going to be hamstrung is going to cause problems.
 
I thought this was another "Is Donald Trump mentally ill?" thread.
 
I'm not certain what to expect from this. I can imagine that Intel and AMD aren't exactly certain either. All I know if that the CIA and NSA are pissed that this was discovered.
 
Jimmy Higgins said:
I'm not certain what to expect from this. I can imagine that Intel and AMD aren't exactly certain either. All I know if that the CIA and NSA are pissed that this was discovered.
Click to expand...

It does not look like NSA/CIA knew. What Is surprising and hard to believe is that Intel appears did not know. Cache as a sideband channel has been a topic for a while and all they needed is to look carefully into docs on intel CPU operation how it can be used. Intel engineers are incredibly narrow focused not to see how their optimizations could be a problem. The fact that AMD does not appear to have meltdown problem could mean their folks saw the problem. But it's too early to be sure of that.
 
Last edited:
Since Spectre is a common character in James Bond is it time we called for 007?
They have been planning this for decades
blofeld.jpg
 
One of these security flaws can't be fixed until a new generation of CPUs come out, which I expect will take years.

As one of my friends pointed out on Facebook, there will probably be charlatans offering "clean" CPUs long before the actual non-fucked CPUs come out, so be on your toes. When the actual fixed CPUs start coming out, there will probably be a lot of retailers trying to create confusion about which CPU is what in an attempt to off-load their old fucked CPUs.

Anyway, when they do come out, it will be time to replace all of your computers.

For people who watch the markets, computer sales are about to plummet until the new chips come out, when sales will skyrocket. It's going to be a bumpy ride for tech stocks.
 
Underseer said:
Nobody posted explanations of what they are. Just in case you've been living under a rock[ent]hellip[/ent]



https://www.scientificamerican.com/...-expose-the-dark-side-of-superfast-computers/
Click to expand...

I got the impression such a thing could be detected. Not prevented but detected. Complete prevention may close the door to risk, but because detection is possible, the concern, though important, doesn't come across as an immenent crisis spelling doom.

A concern, a big deal, sure, but panic creating, not so much.
 
These boil down to privilege escalation attacks, so in systems where the hardware is owned and operated by the same entity that is running the software, the risks are small.

The real problem comes where processors are shared between unrelated entities - ie 'The Cloud'. If you are running software 'in the cloud', then you are vulnerable to attacks from any other user whose code is executed on the same hardware as yours - and you have no way of knowing who that might be.

A black-hat could open a normal cloud storage account with the same provider that hosts your business software, and use these vulnerabilities to pull credentials for your system (or other sensitive data) out of the host processor.
 
Underseer said:
One of these security flaws can't be fixed until a new generation of CPUs come out, which I expect will take years.
Click to expand...
Hardware fix is fairly trivial. So I expect fixed CPUs within a year. Problem with existing CPUs, because they can't be fixed with microcode update software would have to be written with these bugs in mind for decades now.
 
bilby said:
These boil down to privilege escalation attacks, so in systems where the hardware is owned and operated by the same entity that is running the software, the risks are small.

The real problem comes where processors are shared between unrelated entities - ie 'The Cloud'. If you are running software 'in the cloud', then you are vulnerable to attacks from any other user whose code is executed on the same hardware as yours - and you have no way of knowing who that might be.

A black-hat could open a normal cloud storage account with the same provider that hosts your business software, and use these vulnerabilities to pull credentials for your system (or other sensitive data) out of the host processor.
Click to expand...

True, clouds are the biggest problem. But browsers with javascript are vulnerable too. So home users should be worried as well.
 
DBT said:
What about Linux? Does it offer better protection than Microsoft or Mac?
Click to expand...

Nope. It's a processor level exploit - the chip firmware needs to be altered to patch it (and this just switches off some stuff that helps the processor run faster, so turning it off will slow the chip down. The only permanent and non-disruptive fix is a new - redesigned - chip).

All operating systems on affected hardware are affected.
 
DBT said:
Not good. Perhaps sticking to known safe sites, not opening dodgy links, etc, may help?
Click to expand...
Having AMD cpu helps too. They are potentially affected but they don't have working exploit yet.
As for dodgy links, Spectre is very hard to use outside of controlled lab environment, website level hackers are probably better off using already known ways to hack you. And they already released patches for that which make spectre exploits very slow at least.
 
  • Like
Reactions: DBT
Apple released patches for iPhone, 50% loss in speed :)
7r7j6a4z.jpg
 
You must log in or register to reply here.
Back
Top Bottom