Jump to content
You are not logged in ▶️ Click to sign-up or login ×
ASEANNOW Official TikTok account is now LIVE! -Follow Us!

Meltdown and Spectre CPU exploits, what are you doing about it?

RichCor

By RichCor
in IT and Computers

Recommended Posts

RichCor Platinum Member

RichCor

Posted
Posted

The news media frenzy started yesterday.  What's your strategy going to be?

 

Hackers Can Steal Sensitive Data From Virtually Any Computer
Security researchers with Google's Project Zero team say the flaw could expose passwords and other sensitive data from a system's memory.

 

Intel, ARM and AMD all affected by security-bypassing, kernel-bothering CPU bugs
Fixes exist but it looks like fundamental processor designs are borked

 

What to do when a couple of security flaws are affecting almost every computer in the world


Own a Mac, PC or smartphone? A major security flaw means you need to do this now


Apple confirms all Mac and iOS devices are affected by Meltdown and Spectre bugs

 

How to protect yourself from Meltdown and Spectre CPU flaws
Practically every modern processor is vulnerable. We're updating this list of fixes as they become available.

Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
  • Author
Posted

Meltdown, Spectre Can Be Exploited Through Your Browser
by Lucian Armasu January 4, 2018 at 9:10 AM - Source: Windows Blog

Microsoft, Mozilla, and Google have now come out and said that attackers could exploit these flaws through your browser. However, temporary fixes are coming soon.

 

 

As this is a CPU HARDWARE bug/exploit, software patches will need to be applied to

 

BIOS Firmware

OS

AntiVirus - Updated and Current (so the changes are supported)

Internet Browsers (to prevent javascript-based attack)  

 

Articles are stating that your AntiVirus needs to be updated so that it can authorize the downloading and installation of any available OS patches (or the OS patch might not get applied).

 

https://support.microsoft.com/en-nz/help/4073119/windows-client-guidance-for-it-pros-to-protect-agai....

 

Recommended actions

Customers must take the following actions to help protect against the vulnerabilities.

Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.Apply all available Windows operating system updates, including the January 2018 Windows security updates.Apply the applicable firmware update that is provided by the device manufacturer.

 

Windows-based machines (physical or virtual) should install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for updates for the following versions of Windows.

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Link to comment
Share on other sites
SWW Senior Member

SWW

Posted
Posted

For people in the Apple (Mac, iOS, Apple TV) ecosystem, Apple have released a statement on this issue: https://support.apple.com/en-us/HT208394

 

Basically, the latest versions of macOS (10.13.2), iOS (11.2) and tvOS (11.2) are already patched for Meltdown (one of the vulnerabilities), and they are releasing an update to Safari that will address the remaining vulnerabilities (Spectre). Surprisingly, the performance impact is low.

Link to comment
Share on other sites
smccolley Senior Member

smccolley

Posted
Posted

I am doing exactly butkis about it. It has been there for years and no one has ever exploited it before. I check for the prerequisite malware already, without that nothing can exploit the bug.

 

Not even sure i want the fix now, sounds like a huge performance hit if you install it...

Link to comment
Share on other sites
BuaBS Senior Member

BuaBS

Posted
Posted

Nothing ! These expoits are way overblown and don't concern private users much . More like servers and "the cloud" storage companies.

"stealing" passwords ... aweful vague . The backdoor ridden passwords of bitlocker and hardware producer's encryption ?

More like somebody is manipulation Intel stock price , like a CEO , that recently sold some of his stock ?

Link to comment
Share on other sites
DrPhibes Silver Member

DrPhibes

Posted
Posted
1 hour ago, smccolley said:

I am doing exactly butkis about it. It has been there for years and no one has ever exploited it before. I check for the prerequisite malware already, without that nothing can exploit the bug.

 

Not even sure i want the fix now, sounds like a huge performance hit if you install it...

Problem is now that the word is out, there will be attempts for those that don't update.

Link to comment
Share on other sites
DrPhibes Silver Member

DrPhibes

Posted
Posted

So this exploit is actually about 3 months old (from my tech security friends in Silicone Valley and T-Mobile).  The reason you have not heard until now is each company had to come up with a patch and how to deploy.  There was a due date of revealing the exploit to give each company time but is about a week earlier than original date due to news leaks.  Just update your software and you will be fine.  If not, now that the word is out, there will be people that will seek out how to use and prey on those that procrastinate. 

Link to comment
Share on other sites
thaibeachlovers Star Member

thaibeachlovers

Posted
Posted
2 hours ago, smccolley said:

I am doing exactly butkis about it. It has been there for years and no one has ever exploited it before. I check for the prerequisite malware already, without that nothing can exploit the bug.

 

Not even sure i want the fix now, sounds like a huge performance hit if you install it...

Gold star reply.

It's been in existence for 20 years and what could I do about it anyway.

 

Mind you I'm :cheesy: at anyone that actually thought internet security existed. I've always assumed that whatever I do on this machine can be seen by myriad other people, most of which do not have my well being at heart.

Good luck to all those that do all their banking and use credit cards with a suspect machine.

 

Is there any point installing the fix and getting, apparently, significantly slower performance if I don't use it for financial or secret stuff?

 

It's so slow using TVF already that any slower would be maddening.

Link to comment
Share on other sites
Pib Star Member

Pib

Posted
Posted

End of the world for sure...that is until the next end of the world event. Seems every few months some new software or hardware vulnerability comes to light which is to end the world. Very frustrating...can make a person want to vote for Trump and that is bad.

Link to comment
Share on other sites
maxpower Advanced Member

maxpower

Posted
Posted

Snake oil sales have gone through the roof since this second wave of news. Its amazing how much shit you can stir up without any proof of concept.

 

I hear Intel headquarters have ordered a large quantity of relaxing comfort chairs

Link to comment
Share on other sites
WorriedNoodle Star Member

WorriedNoodle

Posted
Posted
On 1/6/2018 at 4:27 PM, BuaBS said:

A better link to affected Intel CPU's (

I ran this script from Micrsoft as explained on https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/#menu

and it said I was patched by Win10 but will need a BIOS update, and when/if I ever get one the CPU will slow down!

 

My PC is HP and from 2011. I wonder if HP will look back that far to update BIOS??

Link to comment
Share on other sites
jenny2017 Advanced Member

jenny2017

Posted
Posted
On 1/6/2018 at 12:17 PM, Pib said:

End of the world for sure...that is until the next end of the world event. Seems every few months some new software or hardware vulnerability comes to light which is to end the world. Very frustrating...can make a person want to vote for Trump and that is bad.

+ 1 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...