Meltdown,
Spectre chip flaws raise questions about hardware security
by Alyssa
Newcomb nbcnews.com
Flaws in computer chips are unusual, which is what makes
Meltdown and Spectre, the stunning set of security vulnerabilities released on
Wednesday, such a massive problem for users around the world.
Virtually every modern computing device is affected by the
flaws, leaving technology companies scrambling to release patches to mitigate
the threat, which could otherwise leave sensitive information exposed to
hackers.
"It's a very big deal and the only thing people can
do is wait for patches on systems and apply them," said Shuman
Ghosemajumder, chief technology officer at Shape Security.
The security flaws are located in each computer's brain,
known as the central processing unit or CPU. Processors are able to predict
what tasks they will need to execute. This is known as "speculative
execution" and allows the processor to simultaneously access multiple
places of memory.
While this data is supposed to be protected, researchers
found some instances when the processor would leave the data exposed during the
process.
"The attacks that have been identified are really
taking advantage of how CPUs have been designed for quite some time," said
Ghosemajumder.
Meltdown and
Spectre were discovered by researchers from Google
Project Zero and academic institutions around the world.
Meltdown has currently only been identified on Intel
processors. Researchers said it is unclear if processors made by ARM and AMD
are also affected.
Spectre is even more pervasive, affecting everything from
desktop, laptops, smartphones, and cloud servers. It's been identified on
processors made by Intel, AMD and ARM, according to researchers.
The U.S. Computer Emergency Readiness Team said the flaws
"could allow an attacker to obtain access to sensitive information"
and that a patch would only mitigate the threat.
Many companies have already been rolling out software
updates. The most important action users can take right now is to make sure
they are current on any software updates, said Ghosemajumder.
Intel said in a statement it has already issued updates
"for the majority of processor products introduced within the past five
years. By the end of next week, Intel expects to have issued updates for more
than 90 percent of processor products introduced within the past five
years."
"In addition, many operating system vendors, public
cloud service providers, device manufacturers and others have indicated that
they have already updated their products and services," the chip maker
said in a statement on Thursday.
The news prompted Intel's shares to slide more than 2
percent during trading on Thursday.
Perhaps the silver lining to all of this: US-CERT said it
is not aware of any active exploitations at this time. Researchers also said
they can't confirm if Spectre or Meltdown have been executed "in the
wild."
But the attacks do live up to their ominous names,
because even if you were compromised, researchers said you likely wouldn't even
know it
========================
Good Netiquette
And A Green Internet To All! =====================================================================
Tabula Rosa Systems - Tabula Rosa
Systems (TRS) is dedicated to providing Best of Breed Technology and
Best of Class Professional Services to our Clients. We have a portfolio of products which we
have selected for their capabilities, viability and value. TRS provides
product, design, implementation and support services on all products that we
represent. Additionally, TRS provides expertise in Network Analysis, eBusiness
Application Profiling, ePolicy and eBusiness Troubleshooting.
We can be contacted at:
sales@tabularosa.net
or 609 818 1802.
===============================================================
In addition to
this blog, Netiquette IQ has a
website with great assets which are being added to on a regular basis. I have
authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive
Guide to Improve, Enhance and Add Power to Your Email". My new book,
“You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That
Job!” has just been published and will be followed by a trilogy of books on
Netiquette for young people. You can view my profile, reviews of the book and
content excerpts at:
Anyone who
would like to review the book and have it posted on my blog or website, please
contact me paul@netiquetteiq.com.