Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers

[kg11sgbg]

Meltdown vulnerability is only affected by Intel CPU's.
Spectre vulnerability is affected by AMD,ARM and Intel chipsets/CPU's.

Both these vulnerabilities are widespread and global,no pace to hide,nowhere to run.
All of us are being the affected users.

Source : Meltdown and Spectre: ‘worst CPU bugs ever’ affect virtually all computers

Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM.

The flaws, named Meltdown and Spectre, were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system.

Meltdown is “probably one of the worst CPU bugs ever found”, said Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw.

 

[chimera201]

The funny thing about this is that programs that are coded with best practices in mind are more prone to this exploit

 

[Desmond]

What's weird is that this was only discovered recently when the bug has been around for more than a decade.

 

[Hrishi]

What's weird is that this was only discovered recently when the bug has been around for more than a decade.

You mean agencies were already aware and have been keeping it as a secret under NoBodyButThem type of policy ?
Hmmmm... Could be. In fact, very likely.

Sent from my ONE E1003 using Tapatalk

 

[ico]

Looks like Ryzen is the smarter choice.

 

[Desmond]

You mean agencies were already aware and have been keeping it as a secret under NoBodyButThem type of policy ?
Hmmmm... Could be. In fact, very likely.

Sent from my ONE E1003 using Tapatalk

This is why we need more open source hardware so that the public can scrutinize the architecture more closely and find out about defects sooner.

 

[Vyom]

Can anyone link the hotfixes. Wasn't Microsoft supposed to release a proper hotfix today, ie, 9th Jan 2018?

 

[Flash]

Can anyone link the hotfixes. Wasn't Microsoft supposed to release a proper hotfix today, ie, 9th Jan 2018?

Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs

 

[Vyom]

Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs

Oh damn man. I can live with this spectre and meltdown.. but not with unbootable PC. ;-;

 

[billubakra]

Can anyone link the hotfixes. Wasn't Microsoft supposed to release a proper hotfix today, ie, 9th Jan 2018?

How to protect yourself from Meltdown and Spectre CPU flaws

 

[whitestar_999]

@Vyom rest easy,AMD processors are not vulnerable to Meltdown so you can skip security patches for those.As for Spectre,again AMD processors are comparatively more secure than intel processors so focus on getting browsers updates as this vulnerability may be exploited through a java script in a browser.Also the worst case scenario of these vulnerabilities is that your secret information residing in PC memory(like cookies storing logins,any encryption program incl keystroke scramblers,any password entered into any browser window or tab)can be read & sent out as long as the malicious java script is running in any browser/software.

 

[Vyom]

@Vyom rest easy,AMD processors are not vulnerable to Meltdown so you can skip security patches for those.As for Spectre,again AMD processors are comparatively more secure than intel processors so focus on getting browsers updates as this vulnerability may be exploited through a java script in a browser.Also the worst case scenario of these vulnerabilities is that your secret information residing in PC memory(like cookies storing logins,any encryption program incl keystroke scramblers,any password entered into any browser window or tab)can be read & sent out as long as the malicious java script is running in any browser/software.

Damn. But I don't have Amd chip. I have i5 4570 and RX 480.

Sent from my LG-H870DS using Tapatalk

 

[Hrishi]

Oh damn man. I can live with this spectre and meltdown.. but not with unbootable PC. ;-;

You have been living with it since ages, all of us xD.
The scary part is when you don't know what else is hiding under the hood.



Sent from my ONE E1003 using Tapatalk

 

[Hrishi]

This is why we need more open source hardware so that the public can scrutinize the architecture more closely and find out about defects sooner.

True that. Raspberry wasn't impacted by this, was it?

Sent from my ONE E1003 using Tapatalk

 

[whitestar_999]

Damn. But I don't have Amd chip. I have i5 4570 and RX 480.

Sent from my LG-H870DS using Tapatalk

My mistake,I confused your gpu with cpu!In any case just open banking sites in a single browser window with no other browser/tab running(just like olden times) in incognito mode & after session is done,close browser then clean history/cache(it seems even in private/incognito mode some data remains in memory/cache for a few minutes).Of course delete all banking sites related cookies/data in your browsers before this.Always use latest browser versions & keep your AV updated.

 

[Vyom]

My mistake,I confused your gpu with cpu!In any case just open banking sites in a single browser window with no other browser/tab running(just like olden times) in incognito mode & after session is done,close browser then clean history/cache(it seems even in private/incognito mode some data remains in memory/cache for a few minutes).Of course delete all banking sites related cookies/data in your browsers before this.Always use latest browser versions & keep your AV updated.

Thanks man. I do always browse banking site only in a new incognito mode. And don't save banking passwords in browser. I think I am safe on the banking site side of things.

For all other important sites which I access from non incognito mode like Gmail, crypto currency sites, dual authentication will take care of that.


Sent from my LG-H870DS using Tapatalk

 

[whitestar_999]

Thanks man. I do always browse banking site only in a new incognito mode. And don't save banking passwords in browser. I think I am safe on the banking site side of things.

For all other important sites which I access from non incognito mode like Gmail, crypto currency sites, dual authentication will take care of that.


Sent from my LG-H870DS using Tapatalk

Just "new incognito mode" is not enough unless it is the "only open browser" in whole PC.e.g.opening a bank site in incognito mode in chrome while another site/sites are opened in firefox/IE/opera etc are vulnerable.Still my next system will most likely be AMD as Ryzen 3 1200 is now at ~6600 compared to G4560's price of ~5400 & Ryzen 2200G with integrated vega graphics is announced yesterday at a price of $99 with release date in 2nd week of Feb.

 

[chimera201]

NSA says it didn't know about the exploit

Rob Joyce, White House cybersecurity coordinator, said, “NSA did not know about the flaw, has not exploited it and certainly the U.S. government would never put a major company like Intel in a position of risk like this to try to hold open a vulnerability.”

Huge security flaws revealed — and tech companies can barely keep up

 

[Hrishi]

NSA says it didn't know about the exploit



Huge security flaws revealed — and tech companies can barely keep up

hahahahahah

 

[Flash]

NSA says it didn't know about the exploit



Huge security flaws revealed — and tech companies can barely keep up

Are they trying to underplay this time?
maybe they didn't know how to exploit this exploit.