![]() In the worst case the software fix causes huge slowdowns in typical workloads. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. There is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. An anonymous poster calling him/herself Python Sweetness put it out in the open: By and large, people in the know agreed to keep it all quiet until Jan. Horn and Project Zero notified the major vendors - Google, of course, as well as Intel, Microsoft, Apple, AMD, Mozilla, the Linux folks, Amazon and many more - and a quiet effort began to plug the security holes without alerting “the bad guys.”Īlthough the Linux community leaked details, with the KAISER series of patches posted in October, few realized the enormity of the problem. Back in June 2017, a security researcher named Jann Horn, working for Google’s Project Zero team, discovered a way for a sneaky program to steal information from parts of a computer that are supposed to be off limits. How the Meltdown and Spectre flaws were discovered You should be aware of the situation, but avoid the stampede. While it’s true that both vulnerabilities affect nearly every computer made in the past two decades, it’s also true that the threat - especially for plain-vanilla Windows users - isn’t imminent. ![]() In the case of Intel's stock price, that's more like blood in the streets. Yesterday’s sudden snowballing of disclosures about two groups of vulnerabilities, now known as Meltdown and Spectre, has led to enormous numbers of reports of varying quality, and widespread panic in the streets. ![]() ![]() I’m increasingly skeptical of security holes that have their own logos and PR campaigns. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |