Results 1 to 4 of 4
  1. Rewind is offline
    Rewind's Avatar
    Joined: Oct 2017 Location: Glendale CA Posts: 12,127
    01-03-2018, 10:00 PM #1

    Security flaws could affect every computer, every smartphone

    Security flaws put virtually all phones, computers at risk
    Reuters, Jan 3 2018

    Security researchers today disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM. One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

    Researchers with Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws. The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords and cached files. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

    The researchers said Apple and Microsoft had patches ready for desktop computers affected by Meltdown. Microsoft said a majority of its Azure cloud services used by businesses had already been patched and protected and that it is issuing a Windows security update. "We have not received any information to indicate that these vulnerabilities had been used to attack our customers," Microsoft said in a statement.

    Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it "probably one of the worst CPU bugs ever found." Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices, is harder for hackers to take advantage of but less easily patched and will be a bigger problem in the long term.

  2. Rewind is offline
    Rewind's Avatar
    Joined: Oct 2017 Location: Glendale CA Posts: 12,127
    01-03-2018, 10:52 PM #2
    A security flaw could affect almost every computer
    CNBC, Jan 3 2018

    The computer industry is scrambling to patch security vulnerabilities in the chips that power nearly all the world's computers, including PC's, phones and data center computers. One of the vulnerabilities, dubbed Meltdown, is known to affects Intel chips. The other, called Spectre, could affect AMD and ARM chips as well.

    The vulnerabilities could allow a hacker to steal personal information stored in the memory of a wide range of computer chips running on personal devices, not just computers and phones but also the servers in data centers, including those used to run cloud computing services. The widespread vulnerabilities could allow a hacker to steal information stored in the memory of the chip itself, including passwords and cached files. It could also pave the way for hackers to weaken other security features.

    Individuals should apply the first available security updates from the companies that make the software on their devices, such as Microsoft Windows or Apple for iOS. Service providers such as Amazon are working to patch the servers in their data centers.

  3. Rewind is offline
    Rewind's Avatar
    Joined: Oct 2017 Location: Glendale CA Posts: 12,127
    01-04-2018, 09:06 PM #3
    Google and Amazon say the performance hit from the 'Meltdown' and 'Spectre' fixes is overblown
    Business Insider, Jan 4 2018

    On Wednesday, Google revealed that there's a big security hole in pretty much every processor, including the one in your phone, the one in your laptop, and the processors running servers "in the cloud." The two vulnerabilities, "Spectre" and "Meltdown," could even allow an attacker to steal passwords as a user typed them. Even worse, early speculation suggested that the fix for the two problems could cause a major performance hit as the CPU would have had to do lots of extra work just to stay secure — maybe even reducing performance by 30%.

    Google and Amazon now say all of that gloom and doom is overstated. In a technical blog post published today, Google says the software it built to fix the issue — it calls it KPTI — causes "negligible impact on performance." Of course, Google's findings are only applicable to Google's cloud and services, which run on Google's version of Linux, presumably on an Intel processor. But Google's findings are based on data from some real-deal, heavy-duty services that would be dramatically impacted by a major decrease in performance, including Gmail, Search, and YouTube.

    Amazon, the lead cloud provider, also said today that it did not expect performance to be severely impacted by the fix. Although Microsoft hasn't yet commented on what performance slowdowns it expects, its Azure service will also be closely watched to see if there are any impacts to processor performance. On Wednesday, it said it was in the process of implementing fixes.

  4. Rewind is offline
    Rewind's Avatar
    Joined: Oct 2017 Location: Glendale CA Posts: 12,127
    01-07-2018, 01:37 AM #4
    This is a perfect example of "good news.....and bad news."

    Meltdown and Spectre fixes arrive -- but don't solve everything