Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Massive chip flaw on Windows Intel & AMD computers
14 views
Skip to first unread message
Harry Newton
Jan 4, 2018, 11:16:55 PM1/4/18
to
Massive chip flaw not limited to Intel
<https://www.axios.com/massive-chip-flaw-not-limited-to-intel-2522178225.html>
Intel is dealing with a major chip bug, but full impact unclear
<https://www.axios.com/intel-is-dealing-with-a-major-chip-bug-but-full-impact-unclear-2522162631.html>
How to protect your PC from the major Meltdown and Spectre CPU flaws
<https://www.pcworld.com/article/3245810/security/how-to-protect-your-pc-meltdown-spectre-cpu-flaws.html>
Intel's full statement:
Intel and other technology companies have been made aware of new security
research describing software analysis methods that, when used for malicious
purposes, have the potential to improperly gather sensitive data from
computing devices that are operating as designed. Intel believes these
exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a "bug" or a "flaw" and
are unique to Intel products are incorrect. Based on the analysis to date,
many types of computing devices +IBQ- with many different vendors' processors
and operating systems +IBQ- are susceptible to these exploits.
Intel is committed to product and customer security and is working closely
with many other technology companies, including AMD, ARM Holdings and
several operating system vendors, to develop an industry-wide approach to
resolve this issue promptly and constructively. Intel has begun providing
software and firmware updates to mitigate these exploits. Contrary to some
reports, any performance impacts are workload-dependent, and, for the
average computer user, should not be significant and will be mitigated over
time.
Intel is committed to the industry best practice of responsible disclosure
of potential security issues, which is why Intel and other vendors had
planned to disclose this issue next week when more software and firmware
updates will be available. However, Intel is making this statement today
because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply
any available updates as soon as they are available. Following good
security practices that protect against malware in general will also help
protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with
the support of its partners, the current solutions to this issue provide
the best possible security for its customers.
<https://www.axios.com/massive-chip-flaw-not-limited-to-intel-2522178225.html>
Intel is dealing with a major chip bug, but full impact unclear
<https://www.axios.com/intel-is-dealing-with-a-major-chip-bug-but-full-impact-unclear-2522162631.html>
How to protect your PC from the major Meltdown and Spectre CPU flaws
<https://www.pcworld.com/article/3245810/security/how-to-protect-your-pc-meltdown-spectre-cpu-flaws.html>
Intel's full statement:
Intel and other technology companies have been made aware of new security
research describing software analysis methods that, when used for malicious
purposes, have the potential to improperly gather sensitive data from
computing devices that are operating as designed. Intel believes these
exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a "bug" or a "flaw" and
are unique to Intel products are incorrect. Based on the analysis to date,
many types of computing devices +IBQ- with many different vendors' processors
and operating systems +IBQ- are susceptible to these exploits.
Intel is committed to product and customer security and is working closely
with many other technology companies, including AMD, ARM Holdings and
several operating system vendors, to develop an industry-wide approach to
resolve this issue promptly and constructively. Intel has begun providing
software and firmware updates to mitigate these exploits. Contrary to some
reports, any performance impacts are workload-dependent, and, for the
average computer user, should not be significant and will be mitigated over
time.
Intel is committed to the industry best practice of responsible disclosure
of potential security issues, which is why Intel and other vendors had
planned to disclose this issue next week when more software and firmware
updates will be available. However, Intel is making this statement today
because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply
any available updates as soon as they are available. Following good
security practices that protect against malware in general will also help
protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with
the support of its partners, the current solutions to this issue provide
the best possible security for its customers.
Harry Newton
Jan 5, 2018, 1:12:48 AM1/5/18
to
Google Project Zero found the flaw which seems to be dubbed variously
"Meltdown" in desktop processors but confusingly, in ARM mobile processors
it's dubbed "Spectre".
I'm not sure why.
Do you have more details on why the naming?
I have MIPS radios on my roof and in my routers, but Google Project Zero
only mentions ARM, AMD, & Intel.
<https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html>
<https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/>
<https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>
etc.
Anyone know if MIPS routers and radios are affected?
"Meltdown" in desktop processors but confusingly, in ARM mobile processors
it's dubbed "Spectre".
I'm not sure why.
Do you have more details on why the naming?
I have MIPS radios on my roof and in my routers, but Google Project Zero
only mentions ARM, AMD, & Intel.
<https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html>
<https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/>
<https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>
etc.
Anyone know if MIPS routers and radios are affected?
Paul
Jan 5, 2018, 2:03:16 AM1/5/18
to
Harry Newton wrote:
> Google Project Zero found the flaw which seems to be dubbed variously
> "Meltdown" in desktop processors but confusingly, in ARM mobile processors
> it's dubbed "Spectre".
If you Google those two words enough, you'll find an article.
> Google Project Zero found the flaw which seems to be dubbed variously
> "Meltdown" in desktop processors but confusingly, in ARM mobile processors
> it's dubbed "Spectre".
There were plenty of them published today.
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
>
> Anyone know if MIPS routers and radios are affected?
How is an exploit going to get inside ? Stack smashing ?
I'm not sure there is any additional risk on a home
router, over and above any risk that already exists.
Plenty of routers and modems, already have exploits.
The average person (me included), never checks for this.
Products with autopatch capability, are probably as
safe as they're ever going to get. My VOIP modem
is set up for autopatching.
Paul
Harry Newton
Jan 5, 2018, 7:02:55 PM1/5/18
to
On Fri, 05 Jan 2018 02:03:11 -0500, Paul wrote:
> Do third-party pieces of software run on the MIPS router ?
I think they can. Why not? It's linux. It already runs a bunch of software
> Do third-party pieces of software run on the MIPS router ?
and you can definitely add more if you want. You just tfpt anything you
want over since it's just Linux by another name.
BTW, this article on why the Raspberry Pi isn't affected is a great primer
on the problem set!
https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
Harry Newton
Jan 6, 2018, 1:00:19 AM1/6/18
to
Great description here:
https://meltdownattack.com/
Paraphrased:
Meltdown melts security down between program and hardware.
Spectre speculative execution tricks program access to app memory.
Lots of detail, papers, links for every operating system, etc.
https://meltdownattack.com/
Paraphrased:
Meltdown melts security down between program and hardware.
Spectre speculative execution tricks program access to app memory.
Lots of detail, papers, links for every operating system, etc.
Brian Gregory
Jan 6, 2018, 2:18:04 PM1/6/18
to
On 05/01/2018 06:12, Harry Newton wrote:
> Google Project Zero found the flaw which seems to be dubbed variously
> "Meltdown" in desktop processors but confusingly, in ARM mobile processors
> it's dubbed "Spectre".
AIUI they are two different vulnerabilities and many Intel processors
> Google Project Zero found the flaw which seems to be dubbed variously
> "Meltdown" in desktop processors but confusingly, in ARM mobile processors
> it's dubbed "Spectre".
have both. Other processors are immune (if they're fairly basic) or only
have Spectre.
--
Brian Gregory (in England).
0 new messages