Google has great news about fixing the Meltdown and Spectre chip flaws

Share
Google has great news about fixing the Meltdown and Spectre chip flaws

Google Chromebooks self update. The difficulty is that Variant 1 affects individual software binaries, so it must be handled by discovering and addressing exploits within each binary.

And that is what distinguishes them from previous security alerts that have tended to involve software rather than hardware.

Potentially everything that's got a central processing unit or CPU, which means PCs, Macs, laptops, smart phones and tablets. If you own a system from a different company, you'll need to check for firmware updates using a separate utility, like Lenovo Solution Center or Dell Update. But when it comes to updating your hardware, you may find yourself in Update Hell.

The industry has issued emergency operating system security updates against Meltdown, which should be installed to protect computers and devices when they become available. The upgrades come via auto updates. The UK's National Cyber Security Centre said there was no evidence that the vulnerability had been exploited.

"Any patch they do is a kluge", he said.

The vulnerabilities also affect the cloud systems of Amazon, Google and Apple. "Vulnerable systems will likely remain in operation for decades".

Intel, which makes most of the chips used in PCs, is the most heavily affected.

Researchers from Google's Project Zero team have revealed serious issues in a vast array of chips across multiple manufacturers.

Amazon Web Services (AWS) also said it was made aware of the research around the bug past year, referring to it as a "side-channel analysis of speculative execution on modern computer processors [namely] CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754".

Michael Schwartz, an IT expert quoted in German daily Tagesspiegel Friday, said that a hacker must find out which programmes are now running before triggering an assault, "which is why it's not that easy to launch mass attacks".

This isn't to say you should immediately turn your computers and phones off and not use them for a few years. Intel also says it is working with partners and others to fix these issues. They have been given the James Bond-esque names Meltdown and Spectre. Overall, the security of the average Internet-of-Things device is so bad that this attack is in the noise compared to the previously known risks.

It's something no one had realized was an issue for 20-some years.

In the computer, it could be that you go to the banking section of your password management program. Some customers may worry that they have not been protected since they were not asked to reboot their instance.

Meltdown allows full access to the protected memory space, so it's potentially more risky. The update will appear there when it is available.

Spectre allows malicious code to trick access random portions of the protected memory. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

How much could the hackers see?

These exploits are not a denial of service attack or a network attack. Although for very large data sets, that may be negatively impactful.

How did this exist for so long?

Computer chips made by AMD, Qualcomm and ARM are also vulnerable to the security flaw. These aren't normal software vulnerabilities, where a patch fixes the problem and everyone can move on. Everything was supposed to be announced on January 9th.

Information about these flaws has been secretly circulating amongst the major IT companies for months as they researched the ramifications and coordinated updates. Rather, I'll focus on the higher-level issues affecting business and personal computer users.

However, Apple has not published any information on the security fixes for its computers and smartphones to date.

Share

Advertisement

Related Posts

Western Cape releases matric results
Despite an increase in the Eastern Cape's 2017 matric results, the province still finds itself at the bottom of the food chain. In third place is the Western Cape which achieved 82.7%‚ down from 85.9% in 2016 and dropping from second place a year ago .

Sweden shows why only gold will satisfy in U.S. romp
Carter Hart made 35 saves, tying Jimmy Waite and Stephane Fiset for most career wins by a Canadian goalie at the world juniors. Catharines, Ont., in mid-December: fast, applying constant pressure to their opponents and creating breakaways from turnovers.

Temperatures Will Get Warmer; Sleet and Freezing Rain Could Happen Sunday
Wednesday's high in Madison was 12, 15 degrees below normal and 45 degrees below the record high of 57 for January 3, set in 1874. At Hood River, Ore., a 90 percent chance of rain, possibly mixed with freezing rain is forecast for Friday morning through night.

Mbemba ruled out of Newcastle's FA Cup clash against Luton
James Collins, James Justin, Danny Hylton and Harry Cornick all scored as Luton came from behind twice against the Imps. Chancel Mbemba is out of Newcastle's FA Cup third-round clash with League Two Luton.

Western Gas Equity Partners (WGP) Lifted to Buy at UBS Group
It increased, as 15 investors sold WES shares while 50 reduced holdings. 18 funds opened positions while 81 raised stakes. Narrowing in a bit closer, the 5 month price index is 0.89697, the 3 month is 0.90790, and the 1 month is now 1.06441.

DHS issues new rules for searching electronic devices at the border
An "advanced" search requires an officer to have reasonable suspicion of criminal behavior and approval of a supervisor. CBP agents would not be allowed to seek information stored externally or on a "cloud" linked to the device.

Saudi princes arrested for palace protest
The move, led by Crown Prince Mohammed Bin Salman , is seen as an attempt by the 32-year-old prince to tighten his control over the kingdom.

Mumbai Kamala Mills fire: Mojo's Bistro pub owners booked for culpable homicide
The report also concludes that both Mojo's Bistro and 1Above were flouting various fire safety norms. The report which has been completed within a week of the fire was done by four senior fire officers.

Caxton Associates LP Sells 600 Shares of Lam Research Co. (NASDAQ:LRCX)
Stock repurchase plans are typically an indication that the company's board of directors believes its shares are undervalued. Pacific Global Investment Management Company sold 15,350 shares as Sonic Automotive Inc (A) (SAH)'s stock declined 21.47%.

Drinking too Much Alcohol Can Seriously Damage Your DNA
A new study has shed light on how drinking alcohol increases a person's risk of cancer by causing damage at a DNA level. The research team also found that some people are more prone to alcohol-related DNA damage than other people.

© 2015 ExpressNewsline. All Rights reserved.