Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

Meltdown and Spectre CPU exploits, what are you doing about it?

RichCor

By RichCor
in IT and Computers

 Share

Recommended Posts

RichCor Platinum Member

RichCor

Posted
Posted (edited)

The news media frenzy started yesterday.  What's your strategy going to be?

 

Hackers Can Steal Sensitive Data From Virtually Any Computer
Security researchers with Google's Project Zero team say the flaw could expose passwords and other sensitive data from a system's memory.

 

Intel, ARM and AMD all affected by security-bypassing, kernel-bothering CPU bugs
Fixes exist but it looks like fundamental processor designs are borked

 

What to do when a couple of security flaws are affecting almost every computer in the world


Own a Mac, PC or smartphone? A major security flaw means you need to do this now


Apple confirms all Mac and iOS devices are affected by Meltdown and Spectre bugs

 

How to protect yourself from Meltdown and Spectre CPU flaws
Practically every modern processor is vulnerable. We're updating this list of fixes as they become available.

Edited by RichCor
RichCor Platinum Member

RichCor

Posted
  • Author
Posted

Meltdown, Spectre Can Be Exploited Through Your Browser
by Lucian Armasu January 4, 2018 at 9:10 AM - Source: Windows Blog

Microsoft, Mozilla, and Google have now come out and said that attackers could exploit these flaws through your browser. However, temporary fixes are coming soon.

 

 

As this is a CPU HARDWARE bug/exploit, software patches will need to be applied to

 

BIOS Firmware

OS

AntiVirus - Updated and Current (so the changes are supported)

Internet Browsers (to prevent javascript-based attack)  

 

Articles are stating that your AntiVirus needs to be updated so that it can authorize the downloading and installation of any available OS patches (or the OS patch might not get applied).

 

https://support.microsoft.com/en-nz/help/4073119/windows-client-guidance-for-it-pros-to-protect-agai....

 

Recommended actions

Customers must take the following actions to help protect against the vulnerabilities.

Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.Apply all available Windows operating system updates, including the January 2018 Windows security updates.Apply the applicable firmware update that is provided by the device manufacturer.

 

Windows-based machines (physical or virtual) should install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for updates for the following versions of Windows.

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

SWW Senior Member

SWW

Posted
Posted

For people in the Apple (Mac, iOS, Apple TV) ecosystem, Apple have released a statement on this issue: https://support.apple.com/en-us/HT208394

 

Basically, the latest versions of macOS (10.13.2), iOS (11.2) and tvOS (11.2) are already patched for Meltdown (one of the vulnerabilities), and they are releasing an update to Safari that will address the remaining vulnerabilities (Spectre). Surprisingly, the performance impact is low.

smccolley Senior Member

smccolley

Posted
Posted

I am doing exactly butkis about it. It has been there for years and no one has ever exploited it before. I check for the prerequisite malware already, without that nothing can exploit the bug.

 

Not even sure i want the fix now, sounds like a huge performance hit if you install it...

BuaBS Senior Member

BuaBS

Posted
Posted

Nothing ! These expoits are way overblown and don't concern private users much . More like servers and "the cloud" storage companies.

"stealing" passwords ... aweful vague . The backdoor ridden passwords of bitlocker and hardware producer's encryption ?

More like somebody is manipulation Intel stock price , like a CEO , that recently sold some of his stock ?

DrPhibes Gold Member

DrPhibes

Posted
Posted
1 hour ago, smccolley said:

I am doing exactly butkis about it. It has been there for years and no one has ever exploited it before. I check for the prerequisite malware already, without that nothing can exploit the bug.

 

Not even sure i want the fix now, sounds like a huge performance hit if you install it...

Problem is now that the word is out, there will be attempts for those that don't update.

DrPhibes Gold Member

DrPhibes

Posted
Posted

So this exploit is actually about 3 months old (from my tech security friends in Silicone Valley and T-Mobile).  The reason you have not heard until now is each company had to come up with a patch and how to deploy.  There was a due date of revealing the exploit to give each company time but is about a week earlier than original date due to news leaks.  Just update your software and you will be fine.  If not, now that the word is out, there will be people that will seek out how to use and prey on those that procrastinate. 

thaibeachlovers Star Member

thaibeachlovers

Posted
Posted (edited)
2 hours ago, smccolley said:

I am doing exactly butkis about it. It has been there for years and no one has ever exploited it before. I check for the prerequisite malware already, without that nothing can exploit the bug.

 

Not even sure i want the fix now, sounds like a huge performance hit if you install it...

Gold star reply.

It's been in existence for 20 years and what could I do about it anyway.

 

Mind you I'm :cheesy: at anyone that actually thought internet security existed. I've always assumed that whatever I do on this machine can be seen by myriad other people, most of which do not have my well being at heart.

Good luck to all those that do all their banking and use credit cards with a suspect machine.

 

Is there any point installing the fix and getting, apparently, significantly slower performance if I don't use it for financial or secret stuff?

 

It's so slow using TVF already that any slower would be maddening.

Edited by thaibeachlovers
Autonuaq Advanced Member

Autonuaq

Posted
Posted

Fist of all the news is not new.

New is that it is now shared and made public.

 

Wait till the patch is there and then see what the problem is called.

 

janclaes47 Senior Member

janclaes47

Posted
Posted

People need to understand those software developers also need to make a living, and they usually like the high life, and a millennium debacle can only be declared once every 100 years.

lvr181 Gold Member

lvr181

Posted
Posted
21 hours ago, maxpower said:

I'm hiding in the hills until it blows over.

Are you also known by the name, Horatio Nelson? :smile:

 

 

 

 

Just a joke, everyone.

Pib Star Member

Pib

Posted
Posted

End of the world for sure...that is until the next end of the world event. Seems every few months some new software or hardware vulnerability comes to light which is to end the world. Very frustrating...can make a person want to vote for Trump and that is bad.

maxpower Advanced Member

maxpower

Posted
Posted

Snake oil sales have gone through the roof since this second wave of news. Its amazing how much shit you can stir up without any proof of concept.

 

I hear Intel headquarters have ordered a large quantity of relaxing comfort chairs

thaibeachlovers Star Member

thaibeachlovers

Posted
Posted

If it stops the attempt to bring in the cashless society I'm all for it and other defects too.

All the lies about how it's all secure have now been exposed, but no doubt the government will still try and force us into a 100% non secure computer system.

WorriedNoodle Star Member

WorriedNoodle

Posted
Posted
On 1/6/2018 at 4:27 PM, BuaBS said:

A better link to affected Intel CPU's (

I ran this script from Micrsoft as explained on https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/#menu

and it said I was patched by Win10 but will need a BIOS update, and when/if I ever get one the CPU will slow down!

 

My PC is HP and from 2011. I wonder if HP will look back that far to update BIOS??

jenny2017 Advanced Member

jenny2017

Posted
Posted
On 1/6/2018 at 12:17 PM, Pib said:

End of the world for sure...that is until the next end of the world event. Seems every few months some new software or hardware vulnerability comes to light which is to end the world. Very frustrating...can make a person want to vote for Trump and that is bad.

+ 1 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...