Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?

Tech Crunch ^ | 1/3/18 | Devin Coldewey

[snarkpup]

AMD's response:

An Update on AMD Processor Security

[mrsmith]

A new kernel seems like a good idea.
As Jefferson might put it: “Every generation needs a new kernal.”

[SuperLuminal]

"The 2016 election showed our masters that the internet is a nuclear weapon in the hands of the unwashed masses. They want to drive us away from it and back into the well-controlled streams of information that they count on to control us. "

Well said! This is the most important reason that the "masters" and their msm lackeys are so spazed out over the 2016 election...and D.T. is making sure their nightmares are perpetuated and made even more frightening...

Heads exploding is not enough! We need the entire body to explode...Whatever that takes...

[crusher2013]

Is this actually a dangerous exploit or is it hype?

How would you actually use this flaw to access sensitive data.

Would you need access as admin or root to install something or is just getting someone to click on a hyperlink enough to compromise your system.

The article is completely silent in this area.

[Chgogal]

Swordmaker, your expertise is required.

[Bobalu]

Back in the day I programmed a piece of code that could change MS system files while the OS was running....on disk and in memory.

I published the code on a usenet group but made it so the demo only could change a program that was running on a floppy.

The point was made though and the method was quickly patched.

I came up with the code while playing at making tiny OS’s in assembler.... and making altered BIOS chip code.

Most of the makings of a tiny OS were already there as routines in the BIOS chip. It was easy to make a tiny OS.
I made several industrial controllers out of motherboards running a tiny OS. One was a cool programmable az-el rotor controller for a large satellite dish...it would rotate the dish and also decode the morse ID that some sats sent out on an audio subcarrier. The rotor could track sats in polar orbit that moved around.

Old code I wrote for creating self-modifying programs and program generators is still in use today, two decades later.

Programming is easy for people that have OCD (like me) as the very idea that a bug might exist makes us pull our hair out...so we are very thorough.

[Bobalu]

LoL. I think it will be just fine.

When I have to do something that needs security I put a new SD card with a fresh OS into a Raspberry Pi 3 and go online with that.

[Swordmaker]

Another thread on the processor vulnerabilities, but this one is a bit more informative. The two vulnerabilities are "Meltdown" which affects the Intel line of processors made in the last decade, and "Spectre" which targets AMD and ARM processors.

For Apple users, the important take away for "Meltdown" is that Apple has already closed that Intel vulnerability door on December 6, 2017. The takeaway for the "Spectre" vulnerability is that it requires not only physical access to an Apple iPhone/IPad, but the user's passcode to be able to install malware onto the device. I quote from the description of the Spectre vulnerability potential to be exploited:

"In order to exploit the flaw the "attacker gains physical access by manually updating the platform with a malicious firmware image through flash programmer physically connected to the platform’s flash memory. "

This means that neither "Meltdown" or "Spectre" is a threat to Apple users at this time. — PING!

Thanks to Chgogal for the ping!

Apple Not Vulnerability to "Meltdown" and "Spectre" Malware
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

[blu]

Thanks. I knew you could translate for us.

[Bobalu]

I used to disassemble asm code that I would find glaring flaws in...to this day I think many of the flaws were intentional as only a moron would have coded such a mess.

It used to be sort of a hobby for me, disassembling OS code. Most of the OS code was in C and after a while you could quickly discern the original C from the compiled asm.

Another thing, the code in smartphones is a hot mess! Mostly it is written to run on an ARM processor. The firmware in the software define radio chips can be altered to move the frequencies outside the cellular bands. You can modify a smartphone into a sat phone that can work with some assets in low orbit and some in geo orbit...generally you only have 600mw of output RF power but you would be shocked at how far that can travel line-of-sight.

The software defined radio chip in those cheap 30 dollar Chinese 2mtr/440 handie talkies is very modifiable...but you have to replace the original chip with one that you can burn new code into as the original was not modifiable, but the chips are cheap...less than 2$ I have considered trying to add the AM aviation band to one but the mod would be very involved and aviation talkies have come way down in price anyway.

[Swordmaker]

Anyone know if Apple A9’s processor is vulnerable?

As I said above in the ping:

The takeaway for the "Spectre" vulnerability is that it requires not only physical access to an Apple iPhone/IPad, but the user's passcode to be able to install malware onto the device. I quote from the description of the Spectre vulnerability potential to be exploited:

"In order to exploit the flaw the "attacker gains physical access by manually updating the platform with a malicious firmware image through flash programmer physically connected to the platform’s flash memory. "

So, due to the fact it requires physical access, and your user passcode to install the malware to be exploited, it is effectively a non-issue, like any other potential iOS malware. The problem is as usual for these iOS malware is how to get them on any users' iPhones or iPads. You have to help them do it. . . and Apple has to allow the malware into the App Store, which will not happen.

[GOPJ]

Those of us who were putting off buying a new computer... what’s your best guess on when new computers will have the fixed chip?

[Swordmaker]

For Apple users, the important take away for "Meltdown" is that Apple has already closed that Intel vulnerability door on December 6, 2017.

Forgot to mention that Apple closed that door with the release of macOS 10.13.2 High Sierra. If you are not running that version of macOS, you may still be vulnerable. It STILL requires physical access to your Mac to install firmware to exploit this vulnerability and Apple has already closed the door for that, even with Root access. Firmware modification access now requires an additional password above even Root on a Mac.

[TexasGator]

There are several. Go google.

[TexasGator]

“Again ,It’s only Intel”

Geez. Do your homework.

[Mark17]

Thank you again SM, for your valuable contributions. 👍

[LesbianThespianGymnasticMidget]

64-bit ARM, so yep.

Spectre affects Intel, AMD, and ARM processors

[Theophilus]

[perfect_rovian_storm]

I have. It’s complete and utter BS designed to obfuscate the FACT that 100% of all Intel processors made in the past decade or more have a massive security flaw. That security flaw, if fixed, will slow the processor down by 15-50%. This is a fatal blow to Intel. The other story is meant to deflect from that and make it look like everyone is affected. Not so.

[Lurker]

Thanks. All my work devices are IoS.

L