WARNING: MELTDOWN and SPECTRE - Don't Use Passwords Until Jan 9!!!!! Who knew? Speculative Execution!!!

in #meltdown7 years ago

WARNING: Do not enter PASSWORDS or sensitive information online this weekend through at least January 9. The computer industry is scrambling to patch a viewport (so to speak) to code running through servers and your own laptop and devices. Info came out on YouTube Crypto Channels a day ago but seems to be unavailable now. Media is silent except for official announcements at Intel and Google and perhaps others (links below). [This is not I.T. advice and I am NOT an I.T. professional - Information Technologist].

What has happened (as I understand): Google Project Zero looks for vulnerabilities, on-going, and found three ways to see machine code translated to human-readable text on most modern processors and supposedly since the very earliest designs. It turns out, your processor gets bored waiting for you to decide what to click, so it runs ahead with "speculative execution" on all your options. It may open your passwords in advance and leave the data sitting in memory whether you choose that path or not. Pretty smart for performance.

However, diagnostic tools can be used to read that data while your operating system has no clue; it's running above that level (as I understand). The tools to access are being called MELTDOWN and SPECTRE, Spectre being based on "Speculative Execution". They are not exactly viruses. Someone has to be able to get in to the server or hack into your computer while you are online. More about the danger of this will come out daily. Tuesdays are normal to roll-out patches and updates and official announcements are scheduled for January 9. For now, all I am saying is: AVOID USING PASSWORDS, doing online banking, or trading crypto, stocks or sharing social security numbers, etc.

There are two scenarios as I see it.

#1. Google found the side door, but how many hackers have known for years? As soon as you get your patches and updates installed, go change all your passwords. Be thinking NOW what your new stronger passwords will be but don't go online to change yet. WHY?

#2. This publicity has told all the hackers that the door is open and you can bet they are harvesting as much data as they can as fast as they can.

To learn more:
https://security.googleblog.com/

Intel told investors first; read the PDFs: https://www.intc.com/investor-relations/events-and-presentations/events-calendar/event-details/2018/Intel-Investor-Call-Regarding-Security-Research-Findings/default.aspx

I can find nothing on Microsoft's website; but, there is this:
https://www.bitdefender.com/consumer/support/answer/9033/?cid=ppc|b|google|red_alert&gclid=EAIaIQobChMI36nJmN_C2AIVB7XACh2OpAkAEAAYASAAEgL5J_D_BwE