“It’s impossible to fix with a chip-based update, and requires a software-based solution through the operating system, which in turn causes a performance hit of up to 30 percent.”
This is a big problem. You can access kernel memory with an unprivileged process and nothing can stop it and it leaves no traces. Sandboxing in virtual machines does not stop it (cloud providers).
It was supposed to be disclosed next week but rumors and panic made them publish it early.
Meltdown and Spectre
Bugs in modern computers leak passwords and sensitive data.
That stuff makes my head hurt. Although I can see roughly what they’re getting at (considering I haven’t had my coffee yet) I’m not sure this follows:
It would be literally like looking for a needle in a haystack. Now I realise that’s precisely what computers are good at, but I suspect a virus scavenging leftover scraps from the cache would consume so much CPU time that people would notice something badly wrong and do a virus scan.
Or perhaps I overestimate people’s competence with computers.
A key-logger that does not need to hook the system, can be started in a silent unprivileged process and is therefore undetectable by antivirus. AVs can detect it after the AV companies get a sample of the key-logger code and make a hash signature. But small changes make it invisible to AV again.
But who would go after individuals if there are other juicy targets. Run the exploit on the cloud. The resources are shared and you will find access keys to other cloud accounts that happen to run code on the same hardware. Get access to huge databases of companies that use cloud services.
It is a big deal as it compromises security everywhere until the systems have been patched.
If the CPU has a design flaw, would it be possible to order a recall for newer purchases and perhaps a significant discount for people to upgrade to a newer model. how far back was this problem?
The meltdown flaw can be fixed with software patches. Windows, MacOS and Linux already have patches made. This results in slightly lower performance. For end users the slowdown is almost non existent. The slowdowns can be big for some databases (cloud).
So big datacenters using Intel might get some reparatons from Intel as they have the resources to preassure Intel.
UP to latest kernel and all seems well, but my main game isn’t working in background mode after some recent update which basically makes it unplayable.