Warning!! Meltdown and Spectre!! Seriously bad

in #computer7 years ago

Ok, wow, in my 30+ years of being a computer geek and software engineer, I've never read anything as bad as these new vulnerabilities: "Meltdown" and "Spectre".

Meltdown:

This violates the separation between user apps and the kernel. Potentially allowing an app to just..view raw memory..secrets..data..everything. This effects...every Intel processor made ..in the last 20 years! Yikes! Any operating system, that doesn't matter!

The good news is that it can probably be patched with software, though it may slow down your machine as much as 30%! (You'll be losing some of the speed benefits of out-of-order instruction processing.) For Linux users (which you should all be), this will be patched with Kernel 4.14.11 (when it's available, not quite yet), which will include a KPTI patch.

Spectre

Spectre might actually be worse then Meltdown, if that's possible. It's harder to exploit...but also harder to defend against. It is similar in nature, allowing different, well written apps to view each other's memory, breaking down the barriers that hardware would normally enforce.

This flaw affects even different types of processors, not just Intel, but ARM and AMD as well. There may be fixes coming to harden software against these vulnerabilties, probably many needed.

What to do:

For Meltdown, try to get that patch as soon as you can ( and it becomes available). For Linux, this would be Kernal 4.14.11 which hopefully comes in a few days. For Spectre, keep your eyes peeled for any patches and fixes for this.

For all you crypto-currency users out there, which is all my readers I'm sure, stay on top of this. Super important.

https://meltdownattack.com/


(the famous Scream picture)

Neoxian-FINAL-FRAME2.gif

Sort:  

It's all over the news and it seems that there is no escape for almost every device that has a chip in it. Looking out for a patch and fix but nothing so far... Yikes...

I did not think you were a geek engineer and computer software, it was great.

Always though someone got scammed on the Scream picture as well LOL!

Let's just build the vulnerability right into the hardware, right?

I like that kind of clarity.

giphy.gif

Hahaa funy 😅

Good information.thanks for share.

thanks @neoxian, i just found out about Meltdown and Specters ..
apparently this was missed by us who always use the computer.
thank you for discussing it @neoxian

Thanks for the tips!
I really love the painting The scream
it was a perfect fit for your post
cheers @neoxian

This is a nightmare scenario the tech world dreads. My Linux systems will get updated, but when will my Android phone get fixed? Our connected devices are vulnerable and some may not get patched. Very worrying