The past week there was a lot of fuss about two security problems in Intel and other CPUs. Like with other security bugs that have happened before, these two have gotten their own catchy names and even a logo: Meltdown and Spectre.
Are you worried about these bugs, do you think they will affect you?
Here's a good video explanation of how these bugs exactly work:
Every time I hear, or read, about new viruses out there wreaking havoc on computers I often wonder if the author(s) who wrote the first virus ever regretted it.
Fun fact: It's up for debate on who wrote the first virus, but many sources cite a couple of brothers from Pakistan who created a virus (in relation to IBM PCs) to prevent copyright violations occurring with their program. Quote from wikipedia article:
The first IBM PC virus in the "wild" was a boot sector virus dubbed (c)Brain, created in 1986 by the Farooq Alvi Brothers in Lahore, Pakistan, reportedly to deter unauthorized copying of the software they had written.
And as we all know, it just proliferated from there...
The worst thing about these particular exploits is that they attack at the microcode level. I would imagine that it would be a LOT harder for a virus scanner to detect attacks on the hardware that depend on instruction pipelines and timing bubbles that it would be to see if something is assaulting OS data structures.
In fact, at one point, it was considered a virtual certainty that the only real cure was to scrap the processor hardware entirely.
At least my Raspberry Pi systems are immune. I've got a few AMD machines and I think that Spectre can bother them, but my only major Intel machine is powered off until the next project where having a noisy 1U box is a requirement.
Amazon and other ISPs, on the other hand, are probably not very happy today.
Hmm. I wonder if Google's custom-designed hardware is vulnerable?
Sometimes the only way things ever got fixed is because people became uncomfortable.
Jesper de Jong wrote:Are you worried about these bugs, do you think they will affect you?
My company seemed worried. Our cybersecurity department released email how it will affect the users due to the systems being patched. Employees have been given instructions how to act on Internet due to a window period.
That's the more noticeable fuss lately as far as I remember. Thanks for the link, I myself just now looked at it in more details.
Randy Maddocks wrote:Every time I hear, or read, about new viruses out there wreaking havoc on computers I often wonder if the author(s) who wrote the first virus ever regretted it.
I think that if they hadn't written that virus, someone else, later, would have written the first one. People are very good at deliberately breaking things, and if they have the chance to do it without getting caught, they will.