An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#47373 - 01/04/18 01:03 AM Major flaws in Intel chips
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
This can't be good ...

2 Major Flaws Are Discovered in the World’s Computers

Called Meltdown, the first and most urgent flaw affects nearly all microprocessors made by Intel. The second, Spectre, affects most other chips.

Top
#47374 - 01/04/18 01:51 AM Re: Major flaws in Intel chips [Re: grelber]
artie505 Online


Registered: 08/04/09
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users, and beyond the cloud aspect, the usual common sense rules of surfing appear to be adequate protection in the absence of a patch from Apple. (If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it.)

Spectre, on the other hand, isn't described in sufficient detail for me to even begin to assess in what way I may be at risk, so I won't worry about it until Apple tells me that I need to worry.

This quote is laughable!

Originally Posted By: Intel
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the company said in a statement. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

Quite bizarre...totally devoid of logic, and not the tiniest bit reassuring. crazy
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#47375 - 01/04/18 04:33 AM Re: Major flaws in Intel chips [Re: artie505]
Urquhart Offline


Registered: 08/10/17
Loc: Netherlands
Originally Posted By: artie505
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users

Everyone interacts with others that use cloud technology to store your personal data, including passwords. ISPs, stores, banks, insurance companies, the government. You couldn't avoid cloud tech if you wanted to.

Originally Posted By: artie505
If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it.

While i’d like to think I control what runs on my computer and devices, I really don’t. But the real risk is in the cloud, someone else's computer by design, and usually there is no control over who shares that computer with the organization which whom I intend to interact.

Originally Posted By: artie505
I won't worry about it until Apple tells me that I need to worry.

Then I probably worry more than you, heh.

Originally Posted By: artie505
This quote is laughable! Quite bizarre, totally devoid of logic, and not the tiniest bit reassuring.

There was more to that statement, like “It's not just us, true story!” AMD disagrees a bit on that, though.

Top
#47377 - 01/04/18 05:24 AM Re: Major flaws in Intel chips [Re: artie505]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: artie505
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users, and beyond the cloud aspect, the usual common sense rules of surfing appear to be adequate protection in the absence of a patch from Apple. (If the fix is really a 20-30% machine slowdown, I suspect that many users, myself very possibly included, will ignore it.)

Spectre, on the other hand, isn't described in sufficient detail for me to even begin to assess in what way I may be at risk, so I won't worry about it until Apple tells me that I need to worry.

This quote is laughable!

Originally Posted By: Intel
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” the company said in a statement. “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

Quite bizarre...totally devoid of logic, and not the tiniest bit reassuring. crazy

I haven't fully read-up on the problems yet, but it looks like Google identified the problem some time ago (at least several months?) and notified intel but didn't get much of a reaction. Google immediately started taking steps to protect against the problem.

It sounds like an "information leak" problem. True, it doesn't let you modify things, but it's a bit like the web bug recently that was allowing web access to snatch random sections of computer memory, hoping to stumble on something critical like a password stored in ram. This is a somewhat similar issue that allows a process to predict what another process is doing. So saying it can't "corrupt, modify or delete data" isn't very consoling, because if it can leverage that to crack a privileged password, ALL of those things can happen. I think it's a bit deceptive to say that's not a risk - it's not a direct risk, but it certainly is an indirect risk!

What it boils down to is that a program written with very well-designed security can be circumvented due to a flaw in the processor, and there's not a lot the program can do to defend itself. The OS will even have a difficult time mitigating this flaw.

It doesn't look like an easy thing to exploit, but that just means it will take longer for exploits to appear in the wild, and the "state actors" will likely be the first to use it. (if they're not already using it) Eventually the exploit kits will have modules built into them to make it easy for novices to leverage them in an automatic way.

It all comes down to the fact that programmers have to make some assumptions when writing a program. Where security is concerned, they have to make specific assumptions about what information is protected and what information is available to others. (regardless of how unlikely it is) So how much of a problem this causes depends greatly on the assumptions the programmer chooses to make (or HAS to make) when writing the program. It's going to be very hit-or-miss as to how big of a threat this bug is.
_________________________
I work for the Department of Redundancy Department

Top
#47379 - 01/04/18 07:14 AM Re: Major flaws in Intel chips [Re: grelber]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: grelber
This can't be good ...

The article Meltdown and Spectre FAQ: Fix for Intel CPU flaws could slow down PCs and Macs and the Register articles (1, 2) linked to in the NYT article Grelber listed, provide additional detail that may be helpful. It appears that Apple already rolled out some fix for Meltdown in Mac OS 10.13.2, and more is expected in 10.13.3. Not known is if or when Apple will address these flaws in older Mac OS versions.
_________________________
alternaut moderator

Top
#47381 - 01/04/18 08:45 AM Re: Major flaws in Intel chips [Re: alternaut]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I have no way of judging the effectiveness of the protections MacOS 10.13.2 and 10.13.3 are, but FWIW I haven't experienced any noticeable performance slowdowns since MacOS 10.13.2 beta 2. Whether that is because my normal usage does not involve a lot of switching back and forth or the performance hit from the Meltdown "fix" is minimal I have no way to determine. As far as I am concerned this just adds impetus to keeping MacOS and iOS rigorously up to date.
_________________________
joemikeb • moderator

Top
#47392 - 01/04/18 11:55 PM Re: Major flaws in Intel chips [Re: Urquhart]
artie505 Online


Registered: 08/04/09
Originally Posted By: Urquhart
Originally Posted By: artie505
Not good at all, but since neither of us uses any cloud technology, we're at less risk from Meltdown than many other users

Everyone interacts with others that use cloud technology to store your personal data, including passwords. ISPs, stores, banks, insurance companies, the government. You couldn't avoid cloud tech if you wanted to.

Yeah, I was kinda looking at the wrong side of the coin there.

Thinking in user terms, though, Meltdown should provide impetus to users to encrypt anything they store in the cloud that's even the least bit sensitive.

Originally Posted By: Urquhart
Originally Posted By: artie505
I won't worry about it until Apple tells me that I need to worry.

Then I probably worry more than you, heh.

To what end?

"What if?"s make you crazy, and then you buy insurance (if you're of that mind), and in this instance there isn't even any to buy.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#47396 - 01/05/18 02:46 AM Re: Major flaws in Intel chips [Re: grelber]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: grelber
This can't be good ...

2 Major Flaws Are Discovered in the World’s Computers

Called Meltdown, the first and most urgent flaw affects nearly all microprocessors made by Intel. The second, Spectre, affects most other chips.


Add this to that ...

What You Need to Do Because of Flaws in Computer Chips

Top
#47397 - 01/05/18 03:12 AM Re: Major flaws in Intel chips [Re: grelber]
jchuzi Online


Registered: 08/04/09
Loc: New York State
_________________________
Jon

OS 10.14.5, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#47478 - 01/09/18 09:39 AM Re: Major flaws in Intel chips [Re: jchuzi]
artie505 Online


Registered: 08/04/09
Safari version 11.0.2 (12604.4.7.1.6) is now available from the App Store for El Cap and Sierra.

"Safari 11.0.2 includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)."
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#47502 - 01/10/18 09:07 AM Re: Major flaws in Intel chips [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
And for those of you who haven’t yet noticed, with the iOS 11.2.2 update Apple addressed Spectre-related Safari/Webkit issues for iOS.
_________________________
alternaut moderator

Top

Moderator:  alternaut, cyn