Web lists-archives.com

Re: “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws






On 01/04/2018 12:55 PM, The Wanderer wrote:
On 2018-01-04 at 12:30, Michael Fothergill wrote:

On 4 January 2018 at 17:22, Curt <curty@xxxxxxx> wrote:

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-
processor-has-unfixable-security-fladdws/U


TL;DR

  Windows, Linux, and macOS have all received security patches that
  significantly alter how the operating systems handle virtual memory in
  order to protect against a hitherto undisclosed flaw.
...
  In the immediate term, it looks like most systems will shortly have
  patches for Meltdown. At least for Linux and Windows, these patches
  allow end-users to opt out if they would prefer. The most vulnerable
  users are probably cloud service providers; Meltdown and Spectre can
  both in principle be used to further attacks against hypervisors,
  making it easier for malicious users to break out of their virtual
  machines.
...
  For typical desktop users, the risk is arguably less significant. While
  both Meltdown and Spectre can have value in expanding the scope of an
  existing flaw, neither one is sufficient on its own to, for example,
  break out of a Web browser.

Apparent moral of story for CPU: don't speculate (but it's significantly
*slower*).
​Isn't this mainly an Intel problem?  I use AMD chipsets.  I would go for
Ryzen nowadays anyway.
Meltdown so far is not known to affect anything other than Intel.

Spectre, however, is confirmed to affect AMD CPUs - and Ryzen CPUs are
specifically stated to be affected.

Did this also affect Motorola chipsets? I know they haven't been popular in a while, but I believe they are still in use (i.e. 68000)