UPDATED to 14 January 2018
Thursday, 4 January 2018, SAN FRANCISCO - After news leaked prematurely computer security experts have had to warn the public that two major flaws have been discovered in microprocessors used in nearly all the world's computers. The flaws "Spectre" and "Meltdown" allow hackers to steal the entire memory contents of computers including mobile devices, personal computers and cloud computer networks. The personal computers of consumers are at risk, but hackers first need to run software on their machines including by fooling them into downloading software from an email, an app store or visiting an infected website.
Thursday, 4 January 2018, SAN FRANCISCO - After news leaked prematurely computer security experts have had to warn the public that two major flaws have been discovered in microprocessors used in nearly all the world's computers. The flaws "Spectre" and "Meltdown" allow hackers to steal the entire memory contents of computers including mobile devices, personal computers and cloud computer networks. The personal computers of consumers are at risk, but hackers first need to run software on their machines including by fooling them into downloading software from an email, an app store or visiting an infected website.
"Meltdown" is said to pose a significant threat to cloud computing services where hackers could rent space on a cloud service then use the Meltdown exploit to steal passwords and other information from other customers. Various companies offering cloud services have told customers what they have done to address the vulnerability and what customers also must do. Meltdown still is a significant threat because cloud service companies typically have many customers sharing a single machine while the exploit is able to go around security features which normally keep customers' data apart in a single machine.
Companies and organizations have made statements about the status of patches and update directions as available and necessary to address the "Meltdown" vulnerability found in virtually all Intel microprocessors. Intel reportedly makes chips that are used in more than 90% of computer servers underpinning the internet and business operations. Customers of Microsoft which makes the Windows operating system will need to install an update to fix the problem. The worldwide community of open-source Linux coders are said already to have posted a patch to address the vulnerability in that operating system which is used by about 30% of worldwide computer users. Apple reportedly has a "partial fix" for the problem and should have an additional update coming.
Although neither vulnerability was thought to have been exploited by hackers yet, when news of the Meltdown vulnerability was leaked prematurely researchers on Wednesday, 3 December 2017 released papers describing the flaws. For now computer security experts are said to be using a patch called "Kaiser" that was discovered at an Austrian university last year to deal with a separate flaw. Of severely negative significance the fixes installed so far for Meltdown have had the enormous impact of reducing the speed of all operating systems by about 30% across the board.
The other flaw "Spectre" affects most processors in use, although computer security experts believe that hackers will have more difficulty exploiting this flaw. But the major threat it poses is that there is no known fix for this flaw which is a fundamental problem in the way microprocessors are designed. What Intel will do in response to its discovery is not known other then so far playing down this existential threat of immense proportions ignoring for the moment that all one's data may be copied by hackers using "Spectre" but instead emphasizing the relatively small consolation that "Intel believes these exploits do not have the potential to corrupt, modify or delete data."
Paul Kocher, the president and chief scientist at Cryptography Research, a division of Rambus, and one of a coordinating group of four at different institutions who as well as another computer scientist at Google at the same time discovered the flaw, said that "Spectre is going to live with us for decades." He said that "[w]hereas Meltdown is an urgent crisis, Spectre affects virtually all fast microprocessors. Mr. Kocher lamented that the emphasis on speed in designing chips has left them so vulnerable as to security.
'"We've really screwed up', Mr. Kocher said. 'There's been this desire from the industry to be as fast as possible and secure at the same time. Spectre shows you cannot have both.' A fix for Spectre may not be available until a new generation of chips hit the market. 'This will be a festering problem over hardware life cycles. It's not going to change today or tomorrow', Mr. Kocher said. 'It's going to take a while.'"
UPDATES to 14 January 2018 At least a dozen class action lawsuits as detailed further in the first article linked to below have been brought against Intel alleging damages from chip flaws with 9 reportedly filed in California 2 in New York and 1 in Illinois. Interested readers also can go to links below to "What You Need To Do Because Of Flaws In Computer Chips" From The New York Times And/Or "How to Protect Your PC Against The Intel Chip Flaw" For Windows PC or Laptop from cnet.com at the last two links below with further information in the preceding second and third links although updated more recent information should also now be available.
o https://firstlinemag.com/intel-faces-dozen-class-action-lawsuits-over-chip-flaws/ 12 Intel class actions
UPDATES to 14 January 2018 At least a dozen class action lawsuits as detailed further in the first article linked to below have been brought against Intel alleging damages from chip flaws with 9 reportedly filed in California 2 in New York and 1 in Illinois. Interested readers also can go to links below to "What You Need To Do Because Of Flaws In Computer Chips" From The New York Times And/Or "How to Protect Your PC Against The Intel Chip Flaw" For Windows PC or Laptop from cnet.com at the last two links below with further information in the preceding second and third links although updated more recent information should also now be available.
o https://firstlinemag.com/intel-faces-dozen-class-action-lawsuits-over-chip-flaws/ 12 Intel class actions
o https://www.nytimes.com/2018/01/03/business/computer-flaws.html More information on above chip flaws
o https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ One site that leaked Meltdown flaw
o https://www.nytimes.com/2018/01/04/technology/meltdown-spectre-questions.html Chip Flaws What To Do
o https://www.cnet.com/how-to/how-to-protect-your-pc-against-the-intel-chip-flaw/ Protect Windows PC And Laptop
o https://www.nytimes.com/2018/01/04/technology/meltdown-spectre-questions.html Chip Flaws What To Do
o https://www.cnet.com/how-to/how-to-protect-your-pc-against-the-intel-chip-flaw/ Protect Windows PC And Laptop
Copyright 2018 Martin P. All World Rights Expressly Reserved
No comments:
Post a Comment