Research

How to protect yourself from the Spectre and Meltdown chip flaws

How to protect yourself from the Spectre and Meltdown chip flaws

As for Spectre, which is harder to exploit than Meltdown but also harder to mitigate (there is still no fix for it), it affects all modern Intel, AMD and ARM processors.

'The very real fear is that attackers could exploit the flaw on vulnerable systems to gain access to parts of the computer's memory, which may be storing sensitive information. If the names selected for the two microprocessor vulnerabilities announced this week-Spectre and Meltdown-haven't brought fear to hearts of the computer-using public, it can only be because they were overshadowed by weather forecasters' breaking out the label "bomb cyclone" for this week's East Coast snowstorm.

The severity of the bug is not limited to its scope. The flaw is in how memory isolation works on Intel CPUs, despite the use of mechanisms such as Address Space Layout Randomization (ASLR), which is widely used in all modern operating systems.

"Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory, consequently, applications can access system memory", the Meltdown attack advisory states. There are already Meltdown patches for Microsoft's Windows, Apple's macOS and Linux. Microsoft declined to comment and Apple did not immediately return requests for comment.

Again, this is good practice against any type of hacker attack.

Google said in its blog post about the exploit that the issue has been mitigated in many products or wasn't a vulnerability in the first place. Tech companies have been rushing out software fixes to deal with Meltdown, and while Spectre is harder to eliminate, some patches have been issued that reduce the risk it poses.

Researchers at Google's Project Zero and academic institutions including the Graz University of Technology in Austria discovered the problem a year ago and disclosed it Wednesday.

Horn "demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible", Google said. Google's infrastructure, including YouTube, Maps and Search, was impacted by the vulnerability, but no consumer action is needed, according to a company announcement. But the fact that there's a fix at all is largely due to security researchers at the Graz University of Technology, in Austria, who were unaware of the vulnerability until last month.

How big is the problem?

More news: Dad admits special exit clause in Messi's Barcelona deal

IDC estimated that there are 1.5bn PCs in use around the world today, out of which 90pc are powered by Intel processors.

Since a whole range of products from mobile phones to personal computers all use such processors, the potential spread of an attack could be vast. It said that it had already protected almost all instances of AWS and that customers must update their own software running atop the service as well.

"Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively", the firm said in a statement.

Amazon Web Services, a cloud computing service used by businesses, said that most of its internet servers were already patched and the rest were in the process of being patched. We invite you to install this emergency update as soon as possible, though Microsoft explained yesterday that some versions of anti-virus software may block the installation of the patch.

Google said that all products have been updated but that a new security update, dated 5 January, will be released.

Google is also working to provide new protections in its Chrome browser to help protect against Meltdown and Spectre.

The researchers said Apple Inc and Microsoft Corp had patches ready for users for desktop computers affected by Meltdown.

The flaws, which researchers have code-named Meltdown and Spectre, relate to how a CPU handles tasks that it thinks your PC will need to perform in the future, known as speculative execution.


  • Nustar Energy LP (NYSE:NS) Shares Sold by Barnett & Company Inc

    Eagle Global Advisors Llc decreased Genesis Energy LP (NYSE:GEL) stake by 24,180 shares to 906,298 valued at $23.88M in 2017Q3. The company reported $0.14 earnings per share for the quarter, missing analysts' consensus estimates of $0.41 by $0.27.
    Wild Card Playoff Odds and Lock of the Week

    Wild Card Playoff Odds and Lock of the Week

    The Falcons are the smallest underdogs on the schedule, and they are still getting 5.5 points in their visit to Los Angeles. Sean McVay figures to be named the Coach of the Year after what he did with the Rams and specifically this offense.

    Comerica Incorporated (CMA) EPS Estimated At $1.24

    The Oklahoma-based Bokf Na has invested 0.08% in Comerica Incorporated (NYSE:CMA). 105,055 were reported by Credit Agricole S A. About 20.67M shares traded or 20.07% up from the average. (BKS) has declined 38.50% since January 5, 2017 and is downtrending.
  • Scripps Networks Interactive, Inc

    Following the sale, the chief operating officer now directly owns 48,037 shares of the company's stock, valued at $3,768,502.65. Choate Investment Advisors increased Scripps Networks Interact Inc Cl A (SNI) stake by 0.11% reported in 2017Q3 SEC filing.
    Virgil van Dijk heads Liverpool into FA Cup 4th round

    Virgil van Dijk heads Liverpool into FA Cup 4th round

    However, the next goal was scored by the Toffees , who hit the Reds with a superb counter in the 67th minute. Phil Jagielka set up Gylfi Sigurdsson for the finish and he fired into the bottom corner.
    Emmanuel Macron starts media law reform against fake news

    Emmanuel Macron starts media law reform against fake news

    He said that during the campaign, Russia Today and Sputnik news agencies had published false news stories about him. He believes that this causes threat to liberal democracies.
  • Das neue Nokia 6 (2018) ist kein Einsteiger-Smartphone mehr

    Das neue Nokia 6 (2018) ist kein Einsteiger-Smartphone mehr

    Januar zum Preis von umgerechnet knapp 200 Franken in den Handel - vorläufig allerdings nur in asiatischen Märkten. Der greift auf 4 GB LPDDR4 RAM und je nach Variante auf 32 oder 64 GB erweiterbaren Festspeicher zu.

    As Apple INC (AAPL) Stock Price Rose, Alliancebernstein LP Lifted Holding

    American International Group, Inc. 5,840 were accumulated by Wealth Enhancement Advisory Services Ltd Liability Corp. Manufacturers Life Ins The stated it has 12,689 shares or 0% of all its holdings. (NYSE:NWY) for 68,545 shares.
    Seeded Cilic advances to Maharashtra Open semifinals

    Seeded Cilic advances to Maharashtra Open semifinals

    Cilic was off to a flying start, capturing 14 out of the first 16 points of the match and taking a 5-0 lead in no time at all. Tables turned in set number 2, though, as he started to miss the first serve (45%) and losing his advantage in the rallies.
  • Russian Federation  warns U.S.  not to get involved in Iran

    Russian Federation warns U.S. not to get involved in Iran

    On Wednesday, the head of Iran's Revolutionary Guards declared the defeat of what he described as "sedition" in the country. The United States has meanwhile piled pressure on Iran, with Trump pledging to help Iranians "take back" their government.
    Breitbart funder Rebekah Mercer cuts off Bannon

    Breitbart funder Rebekah Mercer cuts off Bannon

    After leaving the White House, Bannon reportedly spent five days in Long Island meeting with the Mercers. Larry O'Connor, a former Breitbart editor and friend of Andrew Breitbart's, told CNN.

    A Good Time to Consider Sprint Corporation (S), Sunrun Inc. (RUN)

    The transaction was disclosed in a filing with the Securities & Exchange Commission, which is available through this link . According to analysts Sprint Corporation (NYSE:S)'s minimum EPS for the current quarter is at $0 and can go high up to $0.