Web lists-archives.com

Re: “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws




On 2018-01-04 at 12:30, Michael Fothergill wrote:

> On 4 January 2018 at 17:22, Curt <curty@xxxxxxx> wrote:
> 
>> https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-
>> processor-has-unfixable-security-fladdws/U
>>
>>
>> TL;DR
>>
>>  Windows, Linux, and macOS have all received security patches that
>>  significantly alter how the operating systems handle virtual memory in
>>  order to protect against a hitherto undisclosed flaw.
>> ...
>>  In the immediate term, it looks like most systems will shortly have
>>  patches for Meltdown. At least for Linux and Windows, these patches
>>  allow end-users to opt out if they would prefer. The most vulnerable
>>  users are probably cloud service providers; Meltdown and Spectre can
>>  both in principle be used to further attacks against hypervisors,
>>  making it easier for malicious users to break out of their virtual
>>  machines.
>> ...
>>  For typical desktop users, the risk is arguably less significant. While
>>  both Meltdown and Spectre can have value in expanding the scope of an
>>  existing flaw, neither one is sufficient on its own to, for example,
>>  break out of a Web browser.
>>
>> Apparent moral of story for CPU: don't speculate (but it's significantly
>> *slower*).
> 
> ​Isn't this mainly an Intel problem?  I use AMD chipsets.  I would go for
> Ryzen nowadays anyway.

Meltdown so far is not known to affect anything other than Intel.

Spectre, however, is confirmed to affect AMD CPUs - and Ryzen CPUs are
specifically stated to be affected.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man.         -- George Bernard Shaw

Attachment: signature.asc
Description: OpenPGP digital signature