Ok, wow, in my 30+ years of being a computer geek and software engineer, I've never read anything as bad as these new vulnerabilities: "Meltdown" and "Spectre".
Meltdown:
This violates the separation between user apps and the kernel. Potentially allowing an app to just..view raw memory..secrets..data..everything. This effects...every Intel processor made ..in the last 20 years! Yikes! Any operating system, that doesn't matter!
The good news is that it can probably be patched with software, though it may slow down your machine as much as 30%! (You'll be losing some of the speed benefits of out-of-order instruction processing.) For Linux users (which you should all be), this will be patched with Kernel 4.14.11 (when it's available, not quite yet), which will include a KPTI patch.
Spectre
Spectre might actually be worse then Meltdown, if that's possible. It's harder to exploit...but also harder to defend against. It is similar in nature, allowing different, well written apps to view each other's memory, breaking down the barriers that hardware would normally enforce.
This flaw affects even different types of processors, not just Intel, but ARM and AMD as well. There may be fixes coming to harden software against these vulnerabilties, probably many needed.
What to do:
For Meltdown, try to get that patch as soon as you can ( and it becomes available). For Linux, this would be Kernal 4.14.11 which hopefully comes in a few days. For Spectre, keep your eyes peeled for any patches and fixes for this.
For all you crypto-currency users out there, which is all my readers I'm sure, stay on top of this. Super important.
(the famous Scream picture)
It's all over the news and it seems that there is no escape for almost every device that has a chip in it. Looking out for a patch and fix but nothing so far... Yikes...
Update on Updates:
https://steemit.com/news/@lennstar/meltdown-and-spectre-apple-in-danger-too-first-updates
I did not think you were a geek engineer and computer software, it was great.
Always though someone got scammed on the Scream picture as well LOL!
Let's just build the vulnerability right into the hardware, right?
I like that kind of clarity.
Hahaa funy 😅
Good information.thanks for share.
thanks @neoxian, i just found out about Meltdown and Specters ..
apparently this was missed by us who always use the computer.
thank you for discussing it @neoxian
Thanks for the tips!
I really love the painting The scream
it was a perfect fit for your post
cheers @neoxian
This is a nightmare scenario the tech world dreads. My Linux systems will get updated, but when will my Android phone get fixed? Our connected devices are vulnerable and some may not get patched. Very worrying
Project Zeros technical explanation https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.html
Excuse the word but ...
F^#k that.
It really is sad that it will affect many wary and unwary people around the world. Some people just use their minds for evil things.
This is absolutely terrifying!! I read some articles from MSM, but I didn't realize of horrible Meltdown and Spectre are until reading this! Hopefully they get those patches live ASAP!
thanks for the info. i've heard about it yesterday..nothing much to do for windows from what i can tell. this is pretty big and unfortunately might spur would be hackers to expoit it, now that they know about it.
My take on it: https://steemit.com/conspiracy/@mindhawk/introducing-the-intel-management-engine
This year has seen the evisceration of any idea that intel/google/apple/MSFT/AMZN are in any way trustable platforms. It is simply the logical conclusion of the corporate integrated state that large projects like this will develop backdoors and it is in everyone not so affiliated's interest to develop computing systems through other means.
Actually, no indivivdual benefits from this nationally socialized computing philosophy, it is actually fascistic in nature, the end of the individual.
With AI and infinite storage, and as a strike against crypto, as in they could make huge viruses with this that could affect global computing, or just steal keys, yeah, time to be really sure about keeping your keys offline.
I rewatched the first few episodes of the reboot of Battlestar Galactica also. I suggest everyone else do the same.
will it affect all ??
These both affect nearly every computational device out there.
If you add to that the fact that most app don't erase the cryptographic keys they use this looks pretty bad. I am just wondering how quickly this will be exploited.
Hello @neoxian,
Extraordinary good update, until you share this i had no idea what was that. Thank you.
~@mywhale
Thanks for the news.I am wondering whether it can know our passwords?
It can.
As digital currency increases in value, there is greater incentive for key stealing and such. The exploits are going to get more and more sophisticated and more difficult to defend against. The holes will be patched, but a lot of data can be stolen between exploit and patch. @ironshield
So this exploit could potentially extract our user names and passwords we have saved? I read about it yesterday but it was really vague. I think they kept it that way to not give the goods away to all the hackers while they work to fix it. Im just trying to figure out how scared I should be, or what I should be doing as a security step instead of just waiting lol!
How scared? Very
Can it extract user names and passwords? Yep! It sure can!
This is seriously bad juju.
voted 4 witnesses! @neoxian , hopefully upload to the first place! I would appreciate your vote in my participation in openmic week 66, thank you very much!
https://steemit.com/openmic/@jetperalta/steemit-open-mic-week-66-got-a-match-chick-corea-cover-and-improvisation-by-jetperalta
for a non technical one,how will you know that your machine is infected. what are the signs and how to fix it. thanks for the warning.
You won't know if you got attacked through these vulnerabilities.
I am a non tech person and as a layman, what should I do to prevent this? Sorry for being seemingly dumb in such matters
Update your OS.
For browsers: FF, Edge and IE have realeased updates. For Chrome:
Enter "chrome://flags/#enable-site-per-process" in Adress bar and click on "activate" after "Strict site isolation).
thanks a lot
Actually i didn't have even the slightest idea what that is before reading this..but now i can understand little bit of it thanks to you :)
The cat and mouse game never ends. The simplicity of this one is what’s surprising. Thank you for the added awareness.
Holy hell. I don't mine, but that's no reason to gloss over this.
This sounds awful. Regardless, I really need to get a new machine.
interesting.
Well, this sounds bad.
I have upvoted and resteemed this and hopefully more people can become aware.
Thanks for this info.
A software engineer that is a banker as a hobby seams a odd combination!!
Hehe Linux geek too here :)
Upvoted!
Thanks for the information
The painting is highly featured by the great creative artist
may be i reasteam your post
good post i like it
i love to have crypto currrency
Interesting post by @neoxian
Wel done sir...
It's very interesting!!
All your post are vey beautiful and gooood!!!!
Thank you for the hard work!!
Wonderfull 👍🏻🙏🏻
No immediate plans for this really. If you want to start using Linux, then just start. Grab an old computer or laptop and put linux on it and mess around. Or you can use a virtual machine. Or at least try out Cygwin:
http://www.cygwin.com/
do not make a problem, if you want to comment, then comment is sincere about this post, do not send your link here, it is not good for your future in steemit, be a good steemit user.
@steemiters