Web lists-archives.com

Re: “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws






On 4 January 2018 at 17:22, Curt <curty@xxxxxxx> wrote:
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-fladdws/U


TL;DR

 Windows, Linux, and macOS have all received security patches that
 significantly alter how the operating systems handle virtual memory in
 order to protect against a hitherto undisclosed flaw.
...
 In the immediate term, it looks like most systems will shortly have
 patches for Meltdown. At least for Linux and Windows, these patches
 allow end-users to opt out if they would prefer. The most vulnerable
 users are probably cloud service providers; Meltdown and Spectre can
 both in principle be used to further attacks against hypervisors,
 making it easier for malicious users to break out of their virtual
 machines.
...
 For typical desktop users, the risk is arguably less significant. While
 both Meltdown and Spectre can have value in expanding the scope of an
 existing flaw, neither one is sufficient on its own to, for example,
 break out of a Web browser.

Apparent moral of story for CPU: don't speculate (but it's significantly
*slower*).

​Isn't this mainly an Intel problem?  I use AMD chipsets.  I would go for Ryzen nowadays anyway.

Regards

Michael Fothergill​

 

--
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell