Re: “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws

On 4 January 2018 at 17:55, The Wanderer <wanderer@xxxxxxxxxxx> wrote:
On 2018-01-04 at 12:30, Michael Fothergill wrote:

> On 4 January 2018 at 17:22, Curt <curty@xxxxxxx> wrote:
>> https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-
>> processor-has-unfixable-security-fladdws/U
>> TL;DR
>>  Windows, Linux, and macOS have all received security patches that
>>  significantly alter how the operating systems handle virtual memory in
>>  order to protect against a hitherto undisclosed flaw.
>> ...
>>  In the immediate term, it looks like most systems will shortly have
>>  patches for Meltdown. At least for Linux and Windows, these patches
>>  allow end-users to opt out if they would prefer. The most vulnerable
>>  users are probably cloud service providers; Meltdown and Spectre can
>>  both in principle be used to further attacks against hypervisors,
>>  making it easier for malicious users to break out of their virtual
>>  machines.
>> ...
>>  For typical desktop users, the risk is arguably less significant. While
>>  both Meltdown and Spectre can have value in expanding the scope of an
>>  existing flaw, neither one is sufficient on its own to, for example,
>>  break out of a Web browser.
>> Apparent moral of story for CPU: don't speculate (but it's significantly
>> *slower*).
> ​Isn't this mainly an Intel problem?  I use AMD chipsets.  I would go for
> Ryzen nowadays anyway.

Meltdown so far is not known to affect anything other than Intel.

Spectre, however, is confirmed to affect AMD CPUs - and Ryzen CPUs are
specifically stated to be affected.

​But if the spectre vulnerability is hard exploit in practice and  even in artificial test situations devised e.g. in the world of Linus Torvalds then
​AMD could turn out to be relatively cyber-kosher in the end.


