View Single Post
Old 01-08-2018, 01:47 PM   #3
mick
Abiding Student
 
Join Date: May 2016
Posts: 711
For those who might be interested, this is a brief explanation of Meltdown and Spectre written by a UNIX "kernel" programmer. (BTW, in the computer world, they don't come much smarter than kernel programmers.)

http://lists.dragonflybsd.org/piperm...ry/313758.html

Here are few selected quotes if you're not interested in wading through the heavy technical stuff:

"Meltdown is an Intel-specific bug. AMD is immune."

"What Meltdown is is basically a FULL KERNEL MEMORY disclosure bug. An unprivileged user program can essentially discern the contents of all of kernel memory on an Intel CPU. The bug works because Intel CPUs will do speculative reads across protection domains, allowing the user program to massage the memory and branch prediction cache to cause a speculative read of kernel memory (even though it crosses the protection domain) followed by a speculative conditional execution. Timing can then be used to scan for and distinguish the contents of kernel memory."

"I should note that we kernel programmers ... are all pretty pissed off at Intel right now. Intel's press releases have also been HIGHLY DECEPTIVE. In particular, they are starting to talk up 'microcode updates', but those are mitigations for the Spectre bug, not for the Meltdown bug."

"Spectre is another bug, far more difficult to exploit than Meltdown, which leaks information from other processes or the kernel based on those other processes or kernel doing speculative reads and executions which are partially managed by the originating user process. Spectre does NOT involve a protection domain violation like Meltdown, so the Meltdown mitigation cannot mitigate Spectre."

"These bugs (both Meltdown and Spectre) really have to be fixed in the CPUs themselves. Meltdown is the 1000 pound gorilla. I won't be buying any new Intel chips that require the mitigation. I'm really pissed off at Intel."

So, if you have an Intel CPU and you're running Windows 10 or 7, you really need to install the latest security update from Microsoft. (I don't know what you would do if you're still running XP.) It's only a partial fix but it's all we can do at this point. If you have an AMD CPU, then you've dodged one bullet but not the other. If there's any "good" news (relative use of the word), it's that these hardware flaws are difficult to exploit and folks like us won't be the targets, although we may be collateral damage. The perpetrators will be Russian hackers (or their ilk) going after sensitive government / corporate / financial institution / power grid information.
__________________
mick

Illustrated Glossary
mick is offline   Reply With Quote