Aantares    Aantares BB  Hop To Forum Categories  Your Hobbies & Interests  Hop To Forums  Computing & Internet    Meltdown and Spectre
Go To
Post
Search BB
Notify Me
TOS/Tools/Smilies
Reply
  
Meltdown and Spectre
 Login/Register
 
Zealot...
posted
quote:
Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?

If you’re confused by the avalanche of early reports, denials, and conflicting statements about the massive security issues announced today, don’t worry — you’re far from the only one. Here’s what you need to know about Meltdown and Spectre, the two huge bugs that affect practically every computer and device out there.

What are these flaws?

Short answer:
Bugs at a fundamental level that allow critical information stored deep inside computer systems to be exposed.

Security researchers released official documentation — complete with nicknames and logos — of two major flaws found in nearly all modern central processing units, or CPUs.

It’s not a physical problem with the CPUs themselves, or a plain software bug you might find in an application like Word or Chrome. It’s in between, at the level of the processors’ “architectures,” the way all the millions of transistors and logic units work together to carry out instructions.

In modern architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

<...snip...>

Who is affected?

Short answer:
Pretty much everybody.

Chips going back to 2011 were tested and found vulnerable, and theoretically it could affect processors as far back as those released in 1995. One would hope there aren’t too many of those in use, but we may be unpleasantly surprised on that count.

Because Meltdown and Spectre are flaws at the architecture level, it doesn’t matter whether a computer or device is running Windows, OS X, Android, or something else — all software platforms are equally vulnerable.

<...snip...>

Can this be fixed?

Short answer:
Only partially, and it’s going to take a while.
 
Posts: 20564 | Location: VA | Mbr Since: 11-08-2005Reply With QuoteReport This Post
Zealot...
posted Hide Post
quote:
How to Protect Yourself From Meltdown and Spectre, the Latest Processor Security Flaws

How to Protect Yourself From Meltdown

The Meltdown flaw, luckily, is already being patched by companies like Microsoft and Google. To ensure you’re up to date, follow the instructions for your operating system.

Microsoft: Microsoft has already released an update for Windows 10 patching the vulnerability, and is releasing patches for Windows 7 and Windows 8 soon. If you’re having trouble installing the automatic security update, Microsoft suggests your anti-virus might be the culprit. If so, turn off your anti-virus program and use Windows Defender or Microsoft Security Essentials (or edit your registry if you’re confident you won’t mess it up). If you’re on Windows 10, chances are you’ve either automatically downloaded the update, or are scheduled to update on a set schedule. Advanced users can check if they’re affected by running Microsoft’s verification test in your command line.

Apple: While Apple has yet to comment on the flaw, Alex Ionescu, Windows security expert, noted a fix was present in a new 10.13.3 update to macOS.

Browsers: Google Chrome, Mozilla’s Firefox, and Microsoft Edge have all updated or scheduled updates to patch the security flaw. You can update Google Chrome to its latest, patched version on January 23, or download Firefox’s latest update.

Android: Android users running the most recent version of the mobile operating system are protected, according to Google.

How to Protect Yourself From Spectre

While you can protect yourself from Meltdown, it’s harder to defend against the more invasive Spectre flaw. According to researchers involved in discovering and reporting on the two exploits, software updates to patch particular flaws in Spectre are possible, though none are available yet, or are able to address the exploit completely without a redesign of the operating system and the microprocessor itself.
 
Posts: 20564 | Location: VA | Mbr Since: 11-08-2005Reply With QuoteReport This Post
Aadmirable
Picture of Dixie Chick
posted Hide Post
I got a message from Apple yesterday that there was a "flaw" in my computer and they would be sending me a link to update soon. I've never had a virus or malware in my MAC nor any message like that before.

I dread the updates because my equipment is so old....at least 5 or 6 years which is old in the Mac world. I have no idea how they will respond.

Dixie Chick


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MAKE AMERICA DECENT AGAIN
 
Posts: 48570 | Location: Frogville, Georgia USA | Mbr Since: 10-07-2003Reply With QuoteReport This Post
AAA+
Picture of True Conservative
posted Hide Post
Fox 13, Tampa reported that there is no evidence that anyone has exploited these flaws.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Standing in the Way of Big Goverment is Not Standing in the Way of Progress

Politicians Aren’t Causing Anti-Muslim Hostility — Jihadists Are (Stacey Dash)

Proud To Be Defending President Trump
 
Posts: 97461 | Location: Sunny Florida | Mbr Since: 10-06-2003Reply With QuoteReport This Post
Zealot...
posted Hide Post
 
deleted duplicate
 
 
Posts: 20564 | Location: VA | Mbr Since: 11-08-2005Reply With QuoteReport This Post
Zealot...
posted Hide Post
 
Dixie,

I'm not familiar with APPLE products. That said, the solution would seem to be an upgrade to the very latest Operating System AND CPU (which are not yet available to all potential victims & devices).

edited to add:
quote:
BTW: listening to stupid SOURCES ("FOX" is a good example) is dangerous.

These potential exploits are REAL. It is not so much that anyone would bother attacking the average/common DEVICE user.

However; the FACT that the attacks would be carried-out at the CPU level (where nothing is ENCRYPTED) would present a good place to attack VERY LARGE ENTITIES SERVERS (Banks, Government Servers, Online Shopping Sites--like Amazon & eBay, Social Media Hosts, Investment/Stock Brokers, etc.). NO ONE can tell me those types of attacks have NOT already been carried out!
 
 
Posts: 20564 | Location: VA | Mbr Since: 11-08-2005Reply With QuoteReport This Post
  Powered by Social Strata  
 

    Aantares    Aantares BB  Hop To Forum Categories  Your Hobbies & Interests  Hop To Forums  Computing & Internet    Meltdown and Spectre

© 2003-2017 Aantares Online LLC. All Rights Reserved.