Author Topic: Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?  (Read 2492 times)

0 Members and 1 Guest are viewing this topic.

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?
Posted yesterday by Devin Coldewey
https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/

f you’re confused by the avalanche of early reports, denials, and conflicting statements about the massive security issues announced today, don’t worry — you’re far from the only one. Here’s what you need to know about Meltdown and Spectre, the two huge bugs that affect practically every computer and device out there.

What are these flaws?
Short answer: Bugs at a fundamental level that allow critical information stored deep inside computer systems to be exposed.

[...]

Meltdown and Spectre are two techniques researchers have discovered that circumvent those protections, exposing nearly any data the computer processes, such as passwords, proprietary information, or encrypted communications.

[...]
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Meltdown is Intel-only problem.

Spectre affects Intel, AMD, and ARM devices.

This is huge and serious.
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline Doug Loss

  • Hero Member
  • *****
  • Posts: 1,360
  • Gender: Male
  • Proud Tennessean
This website provides more useful information, I think:

Meltdown and Spectre
My political philosophy:

1) I'm not bothering anybody.
2) It's none of your business.
3) Leave me alone!

Offline Sanguine

  • Hero Member
  • *****
  • Posts: 35,986
  • Gender: Female
  • Ex-member

Oceander

  • Guest
Pretty damned serious.

Offline Snarknado

  • Anti
  • Hero Member
  • *****
  • Posts: 1,542
Maybe I should break out my old Atari 800 to store my passwords on. Or maybe an old deactivated flip phone with no wifi. Though I'm far more concerned about the way they're stored at financial and shopping sites I use - that's where the serious breaches will happen...
---
Everything I need to know I learned in GTA

Offline Smokin Joe

  • Hero Member
  • *****
  • Posts: 56,397
  • I was a "conspiracy theorist". Now I'm just right.
How retro is the virus? (does this affect older versions of Windows, or did they go after the new ones?

Are these into phones yet?
How God must weep at humans' folly! Stand fast! God knows what he is doing!
Seventeen Techniques for Truth Suppression

Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.

C S Lewis

Offline Free Vulcan

  • Technical
  • *****
  • Posts: 23,683
  • Gender: Male
  • Ah, the air is so much fresher here...
How retro is the virus? (does this affect older versions of Windows, or did they go after the new ones?

Are these into phones yet?

Quote
Chips going back to 2011 were tested and found vulnerable, and theoretically it could affect processors as far back as those released in 1995. One would hope there aren’t too many of those in use, but we may be unpleasantly surprised on that count.

Looks like about everything out there is vulnerable.
The Republic is lost.

Offline DB

  • Hero Member
  • *****
  • Posts: 13,085
How retro is the virus? (does this affect older versions of Windows, or did they go after the new ones?

Are these into phones yet?

It isn't a virus. It is a hardware problem with the memory management that allows access to protected memory via user applications that take advantage of the hardware bug. This bug can't be exploited without the computer all ready being compromised running code that shouldn't be there. If you keep crap off your computer the risk is low even with this bug. But most people have all sorts of unauthorized things running that have crept into their systems and that is were the risk is greatly increased.

Offline Fishrrman

  • Hero Member
  • *****
  • Posts: 35,355
  • Gender: Male
  • Dumbest member of the forum
Posted by me, earlier today, in the forums at macrumors.com:
=======================================================
I find the all the fear and loathing about the latest so-called "security flaws" to be... well... much ado about nothing.

Three weeks ago, these "flaws" didn't exist.
Then, suddenly, they were "discovered" by some kind of "researchers".
But, in reality, what has actually -changed- from three weeks ago, to today?
The CPUs that were in place then, are still there.
Everything that was working three weeks ago, is still working.

Who has actually been affected or suffered damage from such flaws?
When such events actually -happen-, then I may worry about them.
Not yet.
Not now.

If it happens, it happens.
This kind of "scare" brings to mind the same tactics used by the companies that sell virus-protection software.

"If you don't do this [buy our software]... you'll suffer this!"

Yet, when a new Mac user comes to the forum and asks "what kind of virus protection software do I need?", the answer is generally -- "nothing".

I've been a Mac user for 31 years now.
Never had a virus infection, EVER. And I don't use any kind of virus protection software.
I -did- have an incidence of malware once (from downloading a "WonderShare" app, I think) -- MalwareBytes got rid of that right away.

As I stated above -- when I see actual reports of folks having damages from these just-reported "security flaws" -- then I'll think about doing something about it.

Till then -- cue up the Alfred E. Newman image -- I'm not going to worry about it.
========================================

Of course, I'm a Mac guy.
You people on Windows... well, perhaps that's another story... ;)

« Last Edit: January 10, 2018, 01:34:25 am by Fishrrman »

Offline DB

  • Hero Member
  • *****
  • Posts: 13,085
Posted by me, earlier today, in the forums at macrumors.com:
=======================================================
I find the all the fear and loathing about the latest so-called "security flaws" to be... well... much ado about nothing.

Three weeks ago, these "flaws" didn't exist.
Then, suddenly, they were "discovered" by some kind of "researchers".
But, in reality, what has actually -changed- from three weeks ago, to today?
The CPUs that were in place then, are still there.
Everything that was working three weeks ago, is still working.

Who has actually been affected or suffered damage from such flaws?
When such events actually -happen-, then I may worry about them.
Not yet.
Not now.

If it happens, it happens.
This kind of "scare" brings to mind the same tactics used by the companies that sell virus-protection software.

"If you don't do this [buy our software]... you'll suffer this!"

Yet, when a new Mac user comes to the forum and asks "what kind of virus protection software do I need?", the answer is generally -- "nothing".

I've been a Mac user for 31 years now.
Never had a virus infection, EVER. And I don't use any kind of virus protection software.
I -did- have an incidence of malware once (from downloading a "WonderShare" app, I think) -- MalwareBytes got rid of that right away.

As I stated above -- when I see actual reports of folks having damages from these just-reported "security flaws" -- then I'll think about doing something about it.

Till then -- cue up the Alfred E. Newman image -- I'm not going to worry about it.
========================================

Of course, I'm a Mac guy.
You people on Windows... well, perhaps that's another story... ;)

I'm a Windows user since Windows 3.0 and used DOS before that. My computer has never had a virus/Trojan on it. So it is possible.

The real issue here, and it will affect you too, is the fix when you are forced to update your OS. The problem is with the hardware memory manager and the fix is going to be to disable some of its management functions and replace it with software emulation and that is going to slow down the computer's operations. Claims are as much as 30%. For those of us who use all the horsepower our computers can produce we're going to take a big hit. And with that hit there is no real upside. Intel is claiming that "most" people won't experience the hit because "most" people don't use the full capabilities of their computer... I do all the time and use Workstation type computers to maximize performance at a significant cost premium. And now I'll be taking a big hit. The same goes for all the server farms out there that virtualize their services.

Offline InHeavenThereIsNoBeer

  • Hero Member
  • *****
  • Posts: 4,127
How retro is the virus? (does this affect older versions of Windows, or did they go after the new ones?

Are these into phones yet?

It's not a virus, it's a design flaw that could be exploited by things like viruses. 

To put it as simply as possible, any systems based on the basic intel "x86" architecture have two methods of operation.  Let's call them God mode (I can do anything and everything I want) and user mode (I can do/see only what I am allowed).  This is more or less the hardware equivalent of the difference between a user with admin rights and a user without.  Operating systems (almost always) rely on the difference between these modes to provide security

Now, however, a flaw in the design has been identified which means that operating systems can no longer rely on the hardware to provide that "firewall".  They will have to work around the problem in software until new hardware is available.  Doing things in software is less efficient, though most of us probably won't notice a difference.

So, what does this mean for you and me?

1) Primitive brain dead OSes, like (I think) Windows 95, which had no concept of different levels of priviledge at the user level should be more or less unaffected.  If you do something stupid with them it can screw up the whole system, just like it always could.

2) OSes which had a concept of different levels of priviledge, but are no longer supported, like (I think) Windows XP can now be classed with W95.  The protection you got from multiple priviledge levels is out the window and not coming back (unless M$ decides to release updates).

3) The vast majority of us who use our computers for online banking, TBR, listening to slow jazz while watching cat videos, etc, should probably be a little extra cautious about what we download and install right now.  At the moment, we're in with the XP users, but once updates are released, we'll be okay.  When the updates are released, almost none of us should notice much of a difference, as our computers spend 99.99999% of their time bored to death doing nothing while waiting on us anyway.  The few of us (not me) who really tax our computers, like perhaps hard core gamers, may see a performance hit.

4) At the corporate level, where computers are actually somewhat taxed, we may see performance hits.  This could also get extremely interesting for cloud computing providers, as until they implement the fix(es) they might have the potential for one of their customers to be able to access data from another customer.

5) Bitcoin miners.  I don't know, as they tend to use specialized components which may or may not be affected.  Either way, I suspect the price of bitcoin will go up or down at least 10% on one day when someone ventures a guess.  Lather, rinse, repeat.

Yes, phones are affected.

My avatar shows the national debt in stacks of $100 bills.  If you look very closely under the crane you can see the Statue of Liberty.

Oceander

  • Guest
Posted by me, earlier today, in the forums at macrumors.com:
=======================================================
I find the all the fear and loathing about the latest so-called "security flaws" to be... well... much ado about nothing.

Three weeks ago, these "flaws" didn't exist.
Then, suddenly, they were "discovered" by some kind of "researchers".
But, in reality, what has actually -changed- from three weeks ago, to today?
The CPUs that were in place then, are still there.
Everything that was working three weeks ago, is still working.

Who has actually been affected or suffered damage from such flaws?
When such events actually -happen-, then I may worry about them.
Not yet.
Not now.

If it happens, it happens.
This kind of "scare" brings to mind the same tactics used by the companies that sell virus-protection software.

"If you don't do this [buy our software]... you'll suffer this!"

Yet, when a new Mac user comes to the forum and asks "what kind of virus protection software do I need?", the answer is generally -- "nothing".

I've been a Mac user for 31 years now.
Never had a virus infection, EVER. And I don't use any kind of virus protection software.
I -did- have an incidence of malware once (from downloading a "WonderShare" app, I think) -- MalwareBytes got rid of that right away.

As I stated above -- when I see actual reports of folks having damages from these just-reported "security flaws" -- then I'll think about doing something about it.

Till then -- cue up the Alfred E. Newman image -- I'm not going to worry about it.
========================================

Of course, I'm a Mac guy.
You people on Windows... well, perhaps that's another story... ;)



It's not a Mac v. Windows thing.  It's a hardware thing.