Discussion Topic |
|
This thread has been locked |
G_Gnome
Trad climber
Cali
|
|
Google stuck updater, there is a hot patch for that. Cancel the update, it will never return, find the patch and install it, reboot and try to update again.
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
So is the latest iPhone update a fix or just the usual bs?
Can I ever trust my tech overlords again?
|
|
G_Gnome
Trad climber
Cali
|
|
Try installing these straight from Microsoft then running Windows Update.
KB3075851 and reboot
KB3083324 and reboot
KB3102810 and reboot
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
Am I wrong to assume the Rooskie/N Korean/14 year old a block away hackers have to get past my firewall and Norton first?
|
|
August West
Trad climber
Where the wind blows strange
|
|
What I love is Intel saying its not an issue because the fix is workload dependent and most users won't notice a slow down.
Yea, if all you do is surf supertopo and write emails. But for those of us who have powerful computers because we do computationally intensive work, while I'm waiting for my computer to finish a run, I do things like post on Supertopo,...
Imagine a helmet maker saying, yeah, it didn't meet specs but our research indicates 99% of our customers never have an impact on their helmets in excess of 30 pounds...
|
|
seano
Mountain climber
none
|
|
This seems like mostly no big deal for people's home computers: most programs you use won't slow down much from the system change, and if you were already using an ad blocker, you were protected from the most common source of malicious code. Shared hosting providers are the ones who take a beating, since they're running many people's code on the same box, and it's the type of code most slowed down by the system change.
Intel really screwed the pooch designing chips that made Meltdown possible...
|
|
zBrown
Ice climber
|
|
|
Topic Author's Reply - Jan 5, 2018 - 12:58pm PT
|
Whose responsibility is it anyway?
The computer business is too big to fail (almost), though it frequently does.
It's similar to the SDG&E company (joined by SCE and PG&E) wanting the ratepayers to pay $379M for their negligence in the 2007 Witch, Guejito and Rice fires (two dead, 40 injured firefighters, 1300 burned homes).
|
|
jaredg
climber
california
|
|
Nobody else thought this thread would be about Beth Rodden's unrepeated route?
|
|
WBraun
climber
|
|
This exploit has been known for years now.
And you people never knew until today.
There's a ton other sh!t we've know for years and the public is still heavily in the dark on it.
If you only knew you'd sh!t in your pants ......
|
|
seano
Mountain climber
none
|
|
This exploit has been known for years now. What, timing attacks? No... something, Sherlock! This particular version? I doubt it could have been kept secret for "years" if it was widely known, given the potential to steal data on shared hosts for profit.
|
|
madbolter1
Big Wall climber
Denver, CO
|
|
This affects every one of our deployed servers across our customer base. And the OS fix that's coming will make them all run about 30% slower. GreeeeaaaTTT!
I can't wait to update and reboot all those machines.
Intel just lost a heaping helping of credibility going forward.
AMD's stock went up. Of course, AMD's chips have a similar problem, so my VP of IT tells me.
|
|
WBraun
climber
|
|
I doubt it could have been kept secret for "years" if it was widely known,
I never said it was widely known.
You said that.
I said it was known for years ever since the sandy bridge processors came out.
|
|
seano
Mountain climber
none
|
|
Werner, Werner, Werner... You should have either made piles of money off that knowledge back in the day and bought an island, or warned us poor rubes. Oh, well, I guess you win a few internet points now.
|
|
zBrown
Ice climber
|
|
|
Topic Author's Reply - Jan 5, 2018 - 06:18pm PT
|
Well I really don't pay much attention to this stuff anymore. I'm retired now, doncha know.
However, if it has been known for years, then the real question is why it wasn't widely known, eh?
|
|
WBraun
climber
|
|
Secrets.
Plus the st000pid mainstream media doesn't know sh!t to begin with.
I first heard about it on defcon years ago when working on Backtrack which is now Kali Linux.
|
|
zBrown
Ice climber
|
|
|
Topic Author's Reply - Jan 5, 2018 - 07:21pm PT
|
Jan 5, 2018 - 01:32pm PT
can you scan to see if its been exploited?
Not likely, however, a chunk of malware code would need to make it onto a machine in order for the flaw to be exploited.
I'm not positive but I'lll look into it.
I'm also curious to see how many times it's been exploited.
|
|
thebravecowboy
climber
The Good Places
|
|
I am seeing a bit of redness and a burning micturation. please to advise, over
|
|
zBrown
Ice climber
|
|
|
Topic Author's Reply - Jan 5, 2018 - 09:07pm PT
|
Meltdown affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one another’s data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.
Spectre affects Intel, AMD, and ARM processors, broadening its reach to include mobile phones, embedded devices, and pretty much anything with a chip in it. Which, of course, is everything from thermostats to baby monitors now.
It works differently from Meltdown; Spectre essentially tricks applications into accidentally disclosing information that would normally be inaccessible, safe inside their protected memory area. This is a trickier one to pull off, but because it’s based on an established practice in multiple chip architectures, it’s going to be even trickier to fix.
There’s an important difference between branch prediction and speculative execution.
Branch prediction guesses what *instructions* are likely to be executed next. Speculative execution precomputes the *results* of the instructions on both sides of the branch, before deciding the path that the branch took and discarding (retiring) the results of the non-executed instructions.
The branch predictor’s job is to keep the instruction pipelines in an in-order core full by guessing the most likely instruction flow after a branch instruction. It does this by storing and comparing the results of previous branch instructions and by using certain architectural hints, like predicting a forwards branch to be not-taken and a backwards branch to be taken.
The branch predictor in an in-order core only affects the instruction cache, by predicting and speculatively fetching what instructions need to be in the Icache ahead of time. The vast majority of modern processors (ARM1176 included) have split instruction and data caches at the innermost level, so a data cache timing attack will not reveal anything about the direction the branch predictor took. Additionally, fooling a branch predictor into speculatively fetching something that is not an instruction will not work – page table structures have dedicated bits that specify whether a particular memory page contains instructions or data (see the NX bit for x86), and fetching instructions from data pages will almost certainly result in an access violation.
|
|
|
SuperTopo on the Web
|
Let us know!