Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 03. Jan 2018, 04:18 PM   #1 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,437
Default Intel Chips Design Flaw

'Serious design flaw affects all Intel chips from the last decade';

http://www.itpro.co.uk/security/3021...he-last-decade

https://www.theregister.co.uk/2018/0...u_design_flaw/

... and;

https://www.fool.com/investing/2017/...-of-stock.aspx

Unbelievable.
deya is online now   Reply With Quote
Old 04. Jan 2018, 09:44 AM   #2 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,437
Default

Microsoft pushing out emergency fix for newly disclosed processor exploit;

https://www.windowscentral.com/micro...cessor-exploit

Got KB4056892 via WU this morning. Apart from the initial high CPU usage from .NET Runtime Optimization Service after the re-start everything seems fine.
deya is online now   Reply With Quote
Old 04. Jan 2018, 09:54 AM   #3 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,241
Default

Thank you deya for the links.

I havent got the update on my laptop yet... it hasn't yet checked for updates. Lets see if I get it. Not able to run my desktop because of an ongoing voltage issue in the area since many days... the UPS just keeps tripping.

The laptop performance has been slow a bit... I hope it doesnt slow down further with this patch :/.

My friend wanted to buy a new laptop... I am now thinking if I should ask her to wait for new processors with the flaw removed? But, that could take quite a while I suppose.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 04. Jan 2018, 01:54 PM   #4 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,437
Default

The problem is, Anupam, at the moment the situation regarding this security flaw is still very fluid and information is being made available almost hourly so it's difficult to grasp the full picture.

It isn't just Intel chips that are affected, AMD and ARM are also affected. Two separate security flaws, Meltdown and Spectre. Meltdown affects PC's using Intel chips, and Spectre affects PC's, tablets and smartphones using ARM and AMD chips. You can read about it, here;

http://www.bbc.co.uk/news/technology-42562303

No need to panic or anything, there have been no reports of any exploits as yet but, obviously, now the situation has been made public there is fear of that. The issue has been known about for around six months (as far as I can gather) but now it's in the public domain action is being taken - hence the security updates.

Thing is, stores and warehouses are full of stuff with the chips fitted so I dunno what you'd do if you were to be buying a new device at this time, like your friend, because as you say it will take quite a while for devices with new, secure chips to be made available. I really can't see them emptying shelves of all this stuff, sending it back to the manufacturers and replacing it with the new stuff - in fact, not a chance. So it looks like security updates will have to be the way forward and who knows if that will effect the performance of our PC's etc.

This PC, the one that got the update this morning has an AMD processor and, as yet, I've noticed no difference in anything regarding speed or whatever - but who knows?

Processors, and how they're built, are beyond most people's level of knowledge - certainly beyond mine at least, so it's a matter of trying to inform ourselves of the situation and hoping that the security patches work and don't have much impact on our systems.

Way I see it at the moment is that it's a bit of a mess, and statements released by the affected manufacturers will come thick and fast. Whether we all believe them or not is another matter, but it's all we can do at this time.
deya is online now   Reply With Quote
Old 04. Jan 2018, 04:08 PM   #5 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,437
Default

List of Meltdown and Spectre Vulnerability Official Advisories, Notices, Patches, or Updates;

https://www.bleepingcomputer.com/new...s-and-updates/
deya is online now   Reply With Quote
Old 04. Jan 2018, 04:18 PM   #6 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,241
Default

Thanks again deya for the links.

Wow, this seems to be quite widespread .

Seems like AMD aren't accepting that their chips are affected with this. Time will tell.

Yes, of course, there is no way that the devices available with all these chips will be sent back. More so, since the vulnerability can be patched with at the OS level.

And since they have known it for a long time, then new chips from the vendors should be free from this flaw. Let's see.

The scale of this is really large though... across all devices and chipsets.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 04. Jan 2018, 05:29 PM   #7 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,437
Default

Yes, it's a worldwide problem. There won't be many who aren't affected by it, at least by the look of things at current state of play.

Best to try and filter out all the scare stories (clickbait) from certain areas of the press. It's still too early to know for sure just exactly what's happening - all you can do is install any updates you receive for whatever device they apply to.

As regards the Windows Updates. I checked my laptop, which has an Intel processor, and there is no cumulative update offered, as yet. The desktop, with an AMD processor as I mentioned earlier, did get the cumulative update. So not sure why that is. There are ways of installing the patches manually but I'm not going that route - I'll wait until updates are offered via WU.

As I said, there is no need to panic. But there is already video evidence on the internet showing this thing being used to access passwords so it goes without saying that people should be checking for updates and applying them where necessary.
deya is online now   Reply With Quote
Old 04. Jan 2018, 05:41 PM   #8 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,437
Default

Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software;

https://support.microsoft.com/en-us/...dates-released
deya is online now   Reply With Quote
Old 04. Jan 2018, 06:43 PM   #9 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,149
Default

Seems like I'm OK.

__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is online now   Reply With Quote
Old 04. Jan 2018, 07:43 PM   #10 (permalink)
Senior Member
 
danielson's Avatar
 
Join Date: Jun 2012
Posts: 1,024
Default Borrowed from post at Adguard forum

If you're using Windows 7/8.1/10, make sure you install the Windows Update for Meltdown mitigation via KPTI (which will cause a performance hit, depending on what Intel CPU you're using and the workload). If you're on macOS and you're running macOS High Sierra 10.13.2, it's already got KPTI integrated to mitigate Meltdown (with more to come in 10.13.3). If you're using a Linux distro, make sure you're using at least 4.14.11 or the latest 4.15-rc6 kernel since they both have KPTI. For example, Ubuntu hasn't pushed out a patched kernel yet, but Arch Linux and other rolling release distros have. KPTI integration is going to cause a performance hit for Intel CPUs across all OSes.

Spectre is the one that can be exploited via Javascript in a web browser. If you're using Google Chrome, until Google Chrome v64 (which has mitigation measure(s) in place) is released on January 23rd copy and paste chrome://flags/#enable-site-per-process into the address bar and ENABLE Site Isolation (and restart the browser). If you're using Firefox 57 or above, it already has mitigation measures. If you're using Edge/Internet Explorer, I believe Microsoft either already released patches for Edge/IE or are shortly.

P.S. AMD is only vulnerable to Spectre v1. AMD isn't vulnerable to Meltdown and likely isn't vulnerable to Spectre v2. Looks like AMD's Spectre v1 vulnerability can be mitigated in softwar
danielson is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 07:21 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.