Welcome to WebmasterWorld Guest from 54.224.235.183

Forum Moderators: open

CPU Vulnerabilities Named Meltdown and Spectre

     
12:40 pm on Jan 4, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25350
votes: 704


As reported earlier, the Intel password theft bugs [webmasterworld.com] now have their own dedicated site and a name to represent the problem: Meltdown and Spectre.
The site explains the difference, and, although you might think initially think it's only Intel processors with the issue, it seems other manufacturers are not immune. It could also affect cloud computing environments which might leak data from other customers.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.

[meltdownattack.com...]

Patches for Linux ( KPTI (formerly KAISER)), Windows, and OS X are already available, so it's best you run the update if you haven't already.

Where can I find official security advisories of involved/affected companies?

Intel Security Advisory [security-center.intel.com] / Newsroom [newsroom.intel.com]
Microsoft Security Guidance [portal.msrc.microsoft.com]
Amazon Security Bulletin [aws.amazon.com]
ARM Security Update [developer.arm.com]
Google Project Zero Blog [googleprojectzero.blogspot.co.at]
MITRE CVE-2017-5715 [cve.mitre.org] / CVE-2017-5753 [cve.mitre.org] / CVE-2017-5754 [cve.mitre.org]
Red Hat Vulnerability Response [access.redhat.com]
SUSE Vulnerability Response [suse.com]
CERT Vulnerability Note [kb.cert.org]
12:51 pm on Jan 4, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11740
votes: 734


This is huge and potentially affects millions.

I have two Windows devices w/ Intel processors. Both are affected.

My other two devices are Android using the Qualcomm Snapdragon series processors which AFAIK are not subject to this vulnerability.

Thanks for the links!
1:31 pm on Jan 4, 2018 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:3761
votes: 206


AMD and ARM processors are also vulnerable to Spectre according to that meltdown site:
In particular, we have verified Spectre on Intel, AMD, and ARM processors.
Their FAQ page (https://meltdownattack.com/#faq-fix) is helpful in sort out the details.

I appreciate their first FAQ:
Q. Am I affected?
A. Most certainly, yes.
1:29 am on Jan 5, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11740
votes: 734


Windows just pushed a security update through my ISP. As noted in the Meltdown page, there may be limited protection through AV & AM but I'm pleased to see the timely action.
10:33 am on Jan 5, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25350
votes: 704


Apple is pushing out defences, and i'm still not sure they are true fixes, only mitigations, so vigilance is the answer.
[support.apple.com...]
Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.


Intel's updates are being pushed out through OEMs, OS providers, and "others" says the company.
[newsroom.intel.com...]
10:46 am on Jan 5, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11740
votes: 734


There was a mention on Bing News that MS Cloud, Google Cloud & Apple Cloud have been in repair mode for 6 months even though this news broke to the media just a week or so ago.

So it seems just us private machine owners are the ones left affected.

Might be a good plan to think about replacing old hardware with newer machines that have the next generation processors.

I should probably trash 3 of my 4 devices strictly because of age. I'll be considering taking my pretty new Surface Pro into a repair shop to have the Intel i7 switched out to whatever the replacement is.
6:29 pm on Jan 5, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25350
votes: 704


I just read that Intel may be facing class action lawsuits over this.
[theguardian.com...]
8:48 pm on Jan 5, 2018 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:July 23, 2004
posts:520
votes: 53


So since this deals with the processor, one might fix this from any OS on dual boot? --
5:43 pm on Jan 6, 2018 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2773
votes: 112


I have often wondered whether the very complex design of modern processors was going to cause problem. By complex I mean out of order execution, speculative execution, complex instruction sets, hyper-threading, multiple privilege levels etc. Apparently it does.

Any system that is too complex to analyse is unpredictable. That is why we modularise things - so we can understand each module separately, and different people can work on different things and present each other with black boxes. The drive for performance has lead this to be sacrificed, and it turns out not to be worth it.
7:29 am on Jan 7, 2018 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:July 23, 2004
posts:520
votes: 53


Upon after looking this over for a few days, I came to the conclusion that I would run each operating system on my dual boots because each operating system has their own fix with regard to their kernel builds -- As for the rest of it, it's going to be a while before the hardware catches up - The architecture could be FUBAR'ed as far back as 1995 from some of what I've been reading, but I don't think anyone is going to be spending the time or the money just to test that theory.

Benchmarked a Windows 10 OS after getting what Microsoft had to offer and the slow down was negligible - Benchmarked our Linux builds too upon after finding out that Linux has been feeding us a fix since at least December that I'm aware of, and there hasn't been any changes in speed at all.

KUDOS to Linux for their upstream first policy as it related to their kernel mitigation in this case.

I'm sure that Microsoft and Apple did a fine job too, but since 95% of our work is in Linux systems, it would be Linux that got the nod first on our end.

All of our heavy lifters are Intel - Got a few AMD's as well, but haven't even really looked into them because those are older and used rarely.

At any rate -- Now we wait. Haven't heard any word on how far along Intel is with their architecture re-writes or if they've even started.
7:59 am on Jan 7, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11740
votes: 734


I didn't detect any slowdown on processes with either of my 2 Windows 10 devices after M$ security updates (received 2 on each in 2 days) either.
3:53 pm on Jan 8, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts: 1619
votes: 21


I didn't know about this. Till now. What are the chances my passwords have been swiped? and is there any way to tell?
4:40 pm on Jan 8, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25350
votes: 704


What are the chances my passwords have been swiped? and is there any way to tell?


The chances of the passwords having been stolen are unlikely out of the millions and millions of systems out there. It's a bit like the lottery.

There's no way to tell, unfortunately.
1:42 am on Jan 10, 2018 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:July 23, 2004
posts:520
votes: 53


It appears now, that Microsoft's patch for Spectre is bricking AMD Athlon powered machines

While AMD is only affected by Spectre, it appears that Microsoft has just bricked several AMD Athlon PC's by causing them to become stuck at the Windows loading screen.


[answers.microsoft.com...]

So, Microsoft suspended the security update for computers with AMD chips. (Customers with Intel chips can still get the update.)


[money.cnn.com...]
6:14 pm on Jan 10, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25350
votes: 704


I have some computers with AMD chips, so i'll look out for that.

In the meantime, Intel's CEO says, 90% of processors and products from the past five years would be patched "within a week".
[bbc.co.uk...]
11:47 am on Jan 12, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25350
votes: 704


Adding more to keep this updated...
Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.

[reuters.com...]
8:01 pm on Jan 12, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11740
votes: 734


What a train wreck!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members