+ 6

How Serious are the Meltdown and Spectre Chip Security Flaws?

Meltdown and Spectre are Different because they are flaws in the CPU itself. What are you doing to protect yourself? https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-processor-intel-security-flaws-explainer

6th Jan 2018, 5:00 PM
Eric Blinkidu
Eric Blinkidu - avatar
3 Answers
+ 4
Minimally related to programming is that Mozilla is reducing timer granularity for JS to hide the issue for now; you may find other connections below. I assume most of the (currently 28) vendors will have responded to three identified problem variants: https://www.us-cert.gov/ncas/alerts/TA18-004A For CPU vendors, Intel doesn't appear to be the only affected -- just most interesting -- it may be a while before we know how important it is.
7th Jan 2018, 10:04 PM
Kirk Schafer
Kirk Schafer - avatar
+ 2
Meltdown is critical and effects only Intel. Spectre is less critical but infects nearly all devices. The patches are in play for winblows & osx already. Be sure to update. Linux kernel 4.15 will include fixes when it's released next month. Many distros are pushing their own security updates to meet the embargo deadline of Jan 9th. That's the real problem right now. Everyone is aware of these exploits while patches are not complete across all OS. The other is nobody has a clue if anyone was using these exploits undetected for years now. It'll be a non-issue soon, except there's a performance hit in the fix that appears to solely effect IO performance. For end users it's not a big deal. Huge deal for cloud providers.
6th Jan 2018, 8:38 PM
Brandon Chapman
Brandon Chapman - avatar