Re: “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws
I was hoping to be retired before this happened......
All of AWS EC2 is rebooting today by 4pm UTC
AppArmor everywhere: Can't trust the hardware to do it right. Clowns! Buffo!
On Thu, Jan 4, 2018 at 12:19 PM, Michael Fothergill
<michael.fothergill@gmail.com> wrote:
>
>
> On 4 January 2018 at 17:55, The Wanderer <wanderer@fastmail.fm> wrote:
>>
>> On 2018-01-04 at 12:30, Michael Fothergill wrote:
>>
>> > On 4 January 2018 at 17:22, Curt <curty@free.fr> wrote:
>> >
>> >>
>> >> https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-
>> >> processor-has-unfixable-security-fladdws/U
>> >>
>> >>
>> >> TL;DR
>> >>
>> >> Windows, Linux, and macOS have all received security patches that
>> >> significantly alter how the operating systems handle virtual memory in
>> >> order to protect against a hitherto undisclosed flaw.
>> >> ...
>> >> In the immediate term, it looks like most systems will shortly have
>> >> patches for Meltdown. At least for Linux and Windows, these patches
>> >> allow end-users to opt out if they would prefer. The most vulnerable
>> >> users are probably cloud service providers; Meltdown and Spectre can
>> >> both in principle be used to further attacks against hypervisors,
>> >> making it easier for malicious users to break out of their virtual
>> >> machines.
>> >> ...
>> >> For typical desktop users, the risk is arguably less significant.
>> >> While
>> >> both Meltdown and Spectre can have value in expanding the scope of an
>> >> existing flaw, neither one is sufficient on its own to, for example,
>> >> break out of a Web browser.
>> >>
>> >> Apparent moral of story for CPU: don't speculate (but it's
>> >> significantly
>> >> *slower*).
>> >
>> > Isn't this mainly an Intel problem? I use AMD chipsets. I would go for
>> > Ryzen nowadays anyway.
>>
>> Meltdown so far is not known to affect anything other than Intel.
>>
>> Spectre, however, is confirmed to affect AMD CPUs - and Ryzen CPUs are
>> specifically stated to be affected.
>
>
> But if the spectre vulnerability is hard exploit in practice and even in
> artificial test situations devised e.g. in the world of Linus Torvalds then
> AMD could turn out to be relatively cyber-kosher in the end.
>
> MF
>
>>
>>
>> --
>> The Wanderer
>>
>> The reasonable man adapts himself to the world; the unreasonable one
>> persists in trying to adapt the world to himself. Therefore all
>> progress depends on the unreasonable man. -- George Bernard Shaw
>>
>
Reply to: