+ 6
How Serious are the Meltdown and Spectre Chip Security Flaws?
Meltdown and Spectre are Different because they are flaws in the CPU itself. What are you doing to protect yourself? https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-processor-intel-security-flaws-explainer
3 Answers
+ 7
This talk and slides is interesting https://m.youtube.com/watch?t=410s&v=xQEv5y_mpro slide are here: https://www.renditioninfosec.com/files/Rendition_Infosec_Meltdown_and_Spectre.pdf
+ 4
Minimally related to programming is that Mozilla is reducing timer granularity for JS to hide the issue for now; you may find other connections below.
I assume most of the (currently 28) vendors will have responded to three identified problem variants:
https://www.us-cert.gov/ncas/alerts/TA18-004A
For CPU vendors, Intel doesn't appear to be the only affected -- just most interesting -- it may be a while before we know how important it is.
+ 2
Meltdown is critical and effects only Intel. Spectre is less critical but infects nearly all devices.
The patches are in play for winblows & osx already. Be sure to update. Linux kernel 4.15 will include fixes when it's released next month. Many distros are pushing their own security updates to meet the embargo deadline of Jan 9th.
That's the real problem right now. Everyone is aware of these exploits while patches are not complete across all OS. The other is nobody has a clue if anyone was using these exploits undetected for years now. It'll be a non-issue soon, except there's a performance hit in the fix that appears to solely effect IO performance. For end users it's not a big deal. Huge deal for cloud providers.