Slashdot Mirror
How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com)
Reuters tells the story of how Daniel Gruss, a 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University, hacked his own computer and exposed a flaw in most of the Intel chips made in the past two decades. Prior to his discovery, Gruss and his colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's "kernel" memory, which is meant to be inaccessible to users, was only theoretically possible. From the report: "When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured. Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result. "We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.
Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.
Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.
Does EVERYTHING have to be in a bold font?
Please fix!
Every is seeing too much of bold fonts? Did someone forget a closing bold tag in some style sheet?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Most likely Intel's numbers will go up, at least in the short term, as people buy more CPUs to make up for the performance hit.
FTA: The key players were independent researcher Paul Kocher and the team at a company called Cyberus Technology, said Gruss, while Jann Horn at Google Project Zero (GOOGL.O) came to similar conclusions independently.
Which begs the question - how long has the NSA known about this too?
I think people still don't understand: there is no "fix" for Meltdown other than to replace your Intel chip with another one that doesn't have this flaw. The software patches are just mitigation, but they won't fix this issue.
Actually, AMD is significantly harder to exploit than Intel. The performance crushing patch simply brings the Intel processor level with AMD.
Fucking God Dammit shitel shill, the article is using Shitels PR statement as reference, and you keep posting the same FUCKING incorrect information. So fuck off, I will say it again just stop fucking shilling , here is exactly what AMD said https://www.amd.com/en/corpora... , and what Linus Tovalds said about the god dam PR statement you linked to http://www.businessinsider.com...
AMD is NOT vulnerable to Meltdown. AMD already responded that their permission bits are checked BEFORE issuing instructions so kernel memory isn't readable, even speculatively.