An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Major flaws in Intel chips
#47373 01/04/18 09:03 AM
Joined: Aug 2009
Likes: 4
grelber Offline OP
OP Offline

Joined: Aug 2009
Likes: 4
This can't be good ...

2 Major Flaws Are Discovered in the World’s Computers

Called Meltdown, the first and most urgent flaw affects nearly all microprocessors made by Intel. The second, Spectre, affects most other chips.


Re: Major flaws in Intel chips
grelber #47374 01/04/18 09:51 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users, and beyond the cloud aspect, the usual common sense rules of surfing appear to be adequate protection in the absence of a patch from Apple. (If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it.)

Spectre, on the other hand, isn't described in sufficient detail for me to even begin to assess in what way I may be at risk, so I won't worry about it until Apple tells me that I need to worry.

This quote is laughable!

Originally Posted By: Intel
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the company said in a statement. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

Quite bizarre...totally devoid of logic, and not the tiniest bit reassuring. crazy


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Major flaws in Intel chips
artie505 #47375 01/04/18 12:33 PM
Joined: Aug 2017
Offline

Joined: Aug 2017
Originally Posted By: artie505
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users

Everyone interacts with others that use cloud technology to store your personal data, including passwords. ISPs, stores, banks, insurance companies, the government. You couldn't avoid cloud tech if you wanted to.

Originally Posted By: artie505
If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it.

While i’d like to think I control what runs on my computer and devices, I really don’t. But the real risk is in the cloud, someone else's computer by design, and usually there is no control over who shares that computer with the organization which whom I intend to interact.

Originally Posted By: artie505
I won't worry about it until Apple tells me that I need to worry.

Then I probably worry more than you, heh.

Originally Posted By: artie505
This quote is laughable! Quite bizarre, totally devoid of logic, and not the tiniest bit reassuring.

There was more to that statement, like “It's not just us, true story!” AMD disagrees a bit on that, though.

Re: Major flaws in Intel chips
artie505 #47377 01/04/18 01:24 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: artie505
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users, and beyond the cloud aspect, the usual common sense rules of surfing appear to be adequate protection in the absence of a patch from Apple. (If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it.)

Spectre, on the other hand, isn't described in sufficient detail for me to even begin to assess in what way I may be at risk, so I won't worry about it until Apple tells me that I need to worry.

This quote is laughable!

Originally Posted By: Intel
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the company said in a statement. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

Quite bizarre...totally devoid of logic, and not the tiniest bit reassuring. crazy

I haven't fully read-up on the problems yet, but it looks like Google identified the problem some time ago (at least several months?) and notified intel but didn't get much of a reaction. Google immediately started taking steps to protect against the problem.

It sounds like an "information leak" problem. True, it doesn't let you modify things, but it's a bit like the web bug recently that was allowing web access to snatch random sections of computer memory, hoping to stumble on something critical like a password stored in ram. This is a somewhat similar issue that allows a process to predict what another process is doing. So saying it can't "corrupt, modify or delete data" isn't very consoling, because if it can leverage that to crack a privileged password, ALL of those things can happen. I think it's a bit deceptive to say that's not a risk - it's not a direct risk, but it certainly is an indirect risk!

What it boils down to is that a program written with very well-designed security can be circumvented due to a flaw in the processor, and there's not a lot the program can do to defend itself. The OS will even have a difficult time mitigating this flaw.

It doesn't look like an easy thing to exploit, but that just means it will take longer for exploits to appear in the wild, and the "state actors" will likely be the first to use it. (if they're not already using it) Eventually the exploit kits will have modules built into them to make it easy for novices to leverage them in an automatic way.

It all comes down to the fact that programmers have to make some assumptions when writing a program. Where security is concerned, they have to make specific assumptions about what information is protected and what information is available to others. (regardless of how unlikely it is) So how much of a problem this causes depends greatly on the assumptions the programmer chooses to make (or HAS to make) when writing the program. It's going to be very hit-or-miss as to how big of a threat this bug is.


I work for the Department of Redundancy Department
Re: Major flaws in Intel chips
grelber #47379 01/04/18 03:14 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: grelber
This can't be good ...

The article Meltdown and Spectre FAQ: Fix for Intel CPU flaws could slow down PCs and Macs and the Register articles (1, 2) linked to in the NYT article Grelber listed, provide additional detail that may be helpful. It appears that Apple already rolled out some fix for Meltdown in Mac OS 10.13.2, and more is expected in 10.13.3. Not known is if or when Apple will address these flaws in older Mac OS versions.


alternaut moderator
Re: Major flaws in Intel chips
alternaut #47381 01/04/18 04:45 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
I have no way of judging the effectiveness of the protections MacOS 10.13.2 and 10.13.3 are, but FWIW I haven't experienced any noticeable performance slowdowns since MacOS 10.13.2 beta 2. Whether that is because my normal usage does not involve a lot of switching back and forth or the performance hit from the Meltdown "fix" is minimal I have no way to determine. As far as I am concerned this just adds impetus to keeping MacOS and iOS rigorously up to date.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Major flaws in Intel chips
Urquhart #47392 01/05/18 07:55 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: Urquhart
Originally Posted By: artie505
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users

Everyone interacts with others that use cloud technology to store your personal data, including passwords. ISPs, stores, banks, insurance companies, the government. You couldn't avoid cloud tech if you wanted to.

Yeah, I was kinda looking at the wrong side of the coin there.

Thinking in user terms, though, Meltdown should provide impetus to users to encrypt anything they store in the cloud that's even the least bit sensitive.

Originally Posted By: Urquhart
Originally Posted By: artie505
I won't worry about it until Apple tells me that I need to worry.

Then I probably worry more than you, heh.

To what end?

"What if?"s make you crazy, and then you buy insurance (if you're of that mind), and in this instance there isn't even any to buy.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Major flaws in Intel chips
grelber #47396 01/05/18 10:46 AM
Joined: Aug 2009
Likes: 4
grelber Offline OP
OP Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: grelber
This can't be good ...

2 Major Flaws Are Discovered in the World’s Computers

Called Meltdown, the first and most urgent flaw affects nearly all microprocessors made by Intel. The second, Spectre, affects most other chips.


Add this to that ...

What You Need to Do Because of Flaws in Computer Chips

Re: Major flaws in Intel chips
grelber #47397 01/05/18 11:12 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Major flaws in Intel chips
jchuzi #47478 01/09/18 05:39 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Safari version 11.0.2 (12604.4.7.1.6) is now available from the App Store for El Cap and Sierra.

"Safari 11.0.2 includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)."


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Major flaws in Intel chips
artie505 #47502 01/10/18 05:07 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
And for those of you who haven’t yet noticed, with the iOS 11.2.2 update Apple addressed Spectre-related Safari/Webkit issues for iOS.


alternaut moderator

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.025s Queries: 36 (0.019s) Memory: 0.6307 MB (Peak: 0.7334 MB) Data Comp: Zlib Server Time: 2024-03-28 16:15:51 UTC
Valid HTML 5 and Valid CSS