Slashdot Mirror
Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995." Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." Furthermore, Google says that tests on virtual machines used in cloud computing environments extracted data from other customers using the same server. The bugs were discovered by Jann Horn, a security researcher with Google Project Zero, Google's elite security team. These are the same bugs that have been reported earlier this week as affecting Intel CPUs. Google was planning to release details about Meltdown and Spectre next week but decided to publish the reports today "because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."
Oh, for FFS, at least get your facts straight.
K5 was AMD's first processor? I must have imagined a whole heap of their processors which I owned and used before that one... And meltdown STILL doesn't affect AMD, all we have on that front is speculation from intel and their fanboys who wants to paint everyone else with the same tar brush.
Meltdown is the real problem here and that affects only all Intel CPUs since 1995 (except for Itanium and pre-2013 Atom) and one [sic!] ARM chip (I think Cortex-A75).
Spectre is linked to two vulnerabilities: the first one is difficult to exploit and solvable via software, the second one is very difficult to exploit. Spectre allows to read memory from the same process, so it is an issue only for JIT and VM code. Meltdown allows to read memory everywhere.
No. Spectre affects AMD and ARM as well (and likely other architectures too).
Best I can tell, the only CPUs guaranteed not affected by both are in-order architectures, which many older ARM (and extremely old x86) chips are.
These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.
Spectre is a red herring - there is no known way it can be exploited. Meltdown is far more dangerous and it can be exploited RIGHT NOW with a simple Javascript executed in a browser. Researchers demonstrated a Javascript exploit that uses Meltdown - and there is no telling who has already been compromised. But one thing is sure: non-Intel users have not been compromised.
Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations. And your posts smells a bit of sockpuppetry.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
...The fact that every modern processor has the same vulnerability suggests that perhaps this was designed into them at some point. I have no evidence that this was designed in, but one should at least entertain the possibility that it was.
Perhaps we should entertain the possibility that the revelations of Edward Snowden scratch the fucking surface as to the deceptive power and control that the US government holds over US corporations.
I'd say there's more than enough evidence to suggest this is no fucking "flaw". In fact, the timing of it all tends to suggest the Clipper chip program didn't just go away in the late 90s; it was superseded.