• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

The Meltdown and Spectre security bugs

 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The past week there was a lot of fuss about two security problems in Intel and other CPUs. Like with other security bugs that have happened before, these two have gotten their own catchy names and even a logo: Meltdown and Spectre.

Are you worried about these bugs, do you think they will affect you?

Here's a good video explanation of how these bugs exactly work:

 
Saloon Keeper
Posts: 6445
158
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Spectre first became known to the world in 1961, but eventually sunk back to obscurity. Since its reappearance in 2006 its been a continuous menace.
 
Rancher
Posts: 382
13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Every time I hear, or read, about new viruses out there wreaking havoc on computers I often wonder if the author(s) who wrote the first virus ever regretted it.

Fun fact: It's up for debate on who wrote the first virus, but many sources cite a couple of brothers from Pakistan who created a virus (in relation to IBM PCs) to prevent copyright violations occurring with their program. Quote from wikipedia article:

The first IBM PC virus in the "wild" was a boot sector virus dubbed (c)Brain,[36] created in 1986 by the Farooq Alvi Brothers in Lahore, Pakistan, reportedly to deter unauthorized copying of the software they had written.



And as we all know, it just proliferated from there...
 
Saloon Keeper
Posts: 22112
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The worst thing about these particular exploits is that they attack at the microcode level. I would imagine that it would be a LOT harder for a virus scanner to detect attacks on the hardware that depend on instruction pipelines and timing bubbles that it would be to see if something is assaulting OS data structures.

In fact, at one point, it was considered a virtual certainty that the only real cure was to scrap the processor hardware entirely.

At least my Raspberry Pi systems are immune. I've got a few AMD machines and I think that Spectre can bother them, but my only major Intel machine is powered off until the next project where having a noisy 1U box is a requirement.

Amazon and other ISPs, on the other hand, are probably not very happy today.

Hmm. I wonder if Google's custom-designed hardware is vulnerable?
 
Sheriff
Posts: 7616
522
Mac OS X VI Editor BSD Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Jesper de Jong wrote:Are you worried about these bugs, do you think they will affect you?


My company seemed worried. Our cybersecurity department released email how it will affect the users due to the systems being patched. Employees have been given instructions how to act on Internet due to a window period.

That's the more noticeable fuss lately as far as I remember. Thanks for the link, I myself just now looked at it in more details.
 
Saloon Keeper
Posts: 12012
257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Randy Maddocks wrote:Every time I hear, or read, about new viruses out there wreaking havoc on computers I often wonder if the author(s) who wrote the first virus ever regretted it.


I think that if they hadn't written that virus, someone else, later, would have written the first one. People are very good at deliberately breaking things, and if they have the chance to do it without getting caught, they will.
 
We can fix it! We just need some baling wire, some WD-40, a bit of duct tape and this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic