Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 4
|
OP
Joined: Aug 2009
Likes: 4 |
This can't be good ... 2 Major Flaws Are Discovered in the World’s ComputersCalled Meltdown, the first and most urgent flaw affects nearly all microprocessors made by Intel. The second, Spectre, affects most other chips.
|
|
Re: Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users, and beyond the cloud aspect, the usual common sense rules of surfing appear to be adequate protection in the absence of a patch from Apple. (If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it.) Spectre, on the other hand, isn't described in sufficient detail for me to even begin to assess in what way I may be at risk, so I won't worry about it until Apple tells me that I need to worry. This quote is laughable! “Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,†the company said in a statement. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.†Quite bizarre...totally devoid of logic, and not the tiniest bit reassuring.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Major flaws in Intel chips
|
|
Joined: Aug 2017
|
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users Everyone interacts with others that use cloud technology to store your personal data, including passwords. ISPs, stores, banks, insurance companies, the government. You couldn't avoid cloud tech if you wanted to. If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it. While i’d like to think I control what runs on my computer and devices, I really don’t. But the real risk is in the cloud, someone else's computer by design, and usually there is no control over who shares that computer with the organization which whom I intend to interact. I won't worry about it until Apple tells me that I need to worry. Then I probably worry more than you, heh. This quote is laughable! Quite bizarre, totally devoid of logic, and not the tiniest bit reassuring. There was more to that statement, like “It's not just us, true story!†AMD disagrees a bit on that, though.
|
|
Re: Major flaws in Intel chips
|
|
Joined: Aug 2009
|
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users, and beyond the cloud aspect, the usual common sense rules of surfing appear to be adequate protection in the absence of a patch from Apple. (If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it.) Spectre, on the other hand, isn't described in sufficient detail for me to even begin to assess in what way I may be at risk, so I won't worry about it until Apple tells me that I need to worry. This quote is laughable! “Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,†the company said in a statement. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.†Quite bizarre...totally devoid of logic, and not the tiniest bit reassuring. I haven't fully read-up on the problems yet, but it looks like Google identified the problem some time ago (at least several months?) and notified intel but didn't get much of a reaction. Google immediately started taking steps to protect against the problem. It sounds like an "information leak" problem. True, it doesn't let you modify things, but it's a bit like the web bug recently that was allowing web access to snatch random sections of computer memory, hoping to stumble on something critical like a password stored in ram. This is a somewhat similar issue that allows a process to predict what another process is doing. So saying it can't "corrupt, modify or delete data" isn't very consoling, because if it can leverage that to crack a privileged password, ALL of those things can happen. I think it's a bit deceptive to say that's not a risk - it's not a direct risk, but it certainly is an indirect risk! What it boils down to is that a program written with very well-designed security can be circumvented due to a flaw in the processor, and there's not a lot the program can do to defend itself. The OS will even have a difficult time mitigating this flaw. It doesn't look like an easy thing to exploit, but that just means it will take longer for exploits to appear in the wild, and the "state actors" will likely be the first to use it. ( if they're not already using it) Eventually the exploit kits will have modules built into them to make it easy for novices to leverage them in an automatic way. It all comes down to the fact that programmers have to make some assumptions when writing a program. Where security is concerned, they have to make specific assumptions about what information is protected and what information is available to others. (regardless of how unlikely it is) So how much of a problem this causes depends greatly on the assumptions the programmer chooses to make (or HAS to make) when writing the program. It's going to be very hit-or-miss as to how big of a threat this bug is.
I work for the Department of Redundancy Department
|
|
Re: Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
The article Meltdown and Spectre FAQ: Fix for Intel CPU flaws could slow down PCs and Macs and the Register articles ( 1, 2) linked to in the NYT article Grelber listed, provide additional detail that may be helpful. It appears that Apple already rolled out some fix for Meltdown in Mac OS 10.13.2, and more is expected in 10.13.3. Not known is if or when Apple will address these flaws in older Mac OS versions.
alternaut ◉ moderator
|
|
Re: Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
I have no way of judging the effectiveness of the protections MacOS 10.13.2 and 10.13.3 are, but FWIW I haven't experienced any noticeable performance slowdowns since MacOS 10.13.2 beta 2. Whether that is because my normal usage does not involve a lot of switching back and forth or the performance hit from the Meltdown "fix" is minimal I have no way to determine. As far as I am concerned this just adds impetus to keeping MacOS and iOS rigorously up to date.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users Everyone interacts with others that use cloud technology to store your personal data, including passwords. ISPs, stores, banks, insurance companies, the government. You couldn't avoid cloud tech if you wanted to. Yeah, I was kinda looking at the wrong side of the coin there. Thinking in user terms, though, Meltdown should provide impetus to users to encrypt anything they store in the cloud that's even the least bit sensitive. I won't worry about it until Apple tells me that I need to worry. Then I probably worry more than you, heh. To what end? "What if?"s make you crazy, and then you buy insurance (if you're of that mind), and in this instance there isn't even any to buy.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 4
|
OP
Joined: Aug 2009
Likes: 4 |
|
|
Re: Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Safari version 11.0.2 (12604.4.7.1.6) is now available from the App Store for El Cap and Sierra.
"Safari 11.0.2 includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)."
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Major flaws in Intel chips
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
And for those of you who haven’t yet noticed, with the iOS 11.2.2 update Apple addressed Spectre-related Safari/Webkit issues for iOS.
alternaut ◉ moderator
|
|
|
|