Software Development

Spectre and Meltdown – We Wish it was a New Bond Movie

Two major security flaws have been found in computers recently. Some key differences of note:

  • Hardware is Hard to Fix – Unlike most flaws that are in software, this is as hardware flaw.
  • Everyone is Affected – They don’t just affect Windows or PCs, but also Linux, Macs, Phones and much more.

What’s the Risk?

Both small and massive. Hackers are just learning and experimenting now, but the potential is huge. In fact currently even JavaScript can exploit it. That’s right, simply visiting a web page can exploit the flaw.

I Need a Fix!

Most vendors are releasing software patches for major software. If you have Windows, Mac, or Linux then you only need to make sure you install the latest patches. Many of them are being auto delivered.

The bad news is that the software patches can only patch one of the flaws, not both. And the patches can slow down your computer from 5-30%.

US-CERT has stated that the only true fix is to replace your hardware. Fixed hardware is not even available yet and because of supply chain and the fabrication process, fixed hardware is likely a year or more away.

Borked by the Fix

Unfortunately there have been side effects already. The patch for Windows when applied to old AMD processors borks the boot process.

Thanks Again NSA

Yet again, these exploits were known about by the NSA but they kept them secret so that they could use the exploits to hack into systems.

Servers

Because servers share a lot of data, they are at the greatest risk. Servers are also subject to the largest slowdown by the software patches.

In a year or so when fixed hardware becomes readily available, expect data centers to upgrade and sell off their old hardware at bargain prices. Such hardware could still live a long life for data crunching and crypto mining by living as mostly offline servers and could run without the software patches for maximum efficiency.

Read More

Read more at Schneier on Security.

Leave a Reply

Your email address will not be published. Required fields are marked *