Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Google reveals CPU security flaw Meltdown and Spectre details
Related thread: Major flaw in millions of Intel chips revealed
______________________________________________________________________
Source: Slashgear
Google reveals CPU security flaw Meltdown and Spectre details
Chris Davies - Jan 3, 2018
Google has revealed its Project Zero findings on the “speculative execution” security flaws that have sent processor-makers into a tailspin today. The issue – which had initially been circulating as an Intel processor flaw, but which it now appears affects chips from multiple manufacturers – is, in fact, a number of vulnerabilities that exploit critical aspects of many processors since 1995. They’re generally being known as Meltdown and Spectre.
Meltdown is a failure of the isolation between the operating system of a computer, and the user’s applications. A successful attack allows a program to access the memory used by other programs and the OS. That, it’s suggested, could allow a hacker to extract sensitive data being used by other apps.
Spectre, meanwhile, does something similar only between different applications. It’s also based on fundamental flaws in the processors, though researchers say it’s tougher to exploit than Meltdown. Conversely, while there are software patches that effectively block Meltdown attacks, currently it’s far harder to mitigate against Spectre. Indeed, while specific, known exploits can be patched against, that’s not to say there won’t be new variations in future.
Google’s Project Zero researcher, Jann Horn, seemingly identified the speculative execution issues independently to other researchers. According to Google, the issue was initially intended to be disclosed on January 9th, 2018. However, “because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation” it has pulled the trigger early.
-snip-
Chris Davies - Jan 3, 2018
Google has revealed its Project Zero findings on the “speculative execution” security flaws that have sent processor-makers into a tailspin today. The issue – which had initially been circulating as an Intel processor flaw, but which it now appears affects chips from multiple manufacturers – is, in fact, a number of vulnerabilities that exploit critical aspects of many processors since 1995. They’re generally being known as Meltdown and Spectre.
Meltdown is a failure of the isolation between the operating system of a computer, and the user’s applications. A successful attack allows a program to access the memory used by other programs and the OS. That, it’s suggested, could allow a hacker to extract sensitive data being used by other apps.
Spectre, meanwhile, does something similar only between different applications. It’s also based on fundamental flaws in the processors, though researchers say it’s tougher to exploit than Meltdown. Conversely, while there are software patches that effectively block Meltdown attacks, currently it’s far harder to mitigate against Spectre. Indeed, while specific, known exploits can be patched against, that’s not to say there won’t be new variations in future.
Google’s Project Zero researcher, Jann Horn, seemingly identified the speculative execution issues independently to other researchers. According to Google, the issue was initially intended to be disclosed on January 9th, 2018. However, “because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation” it has pulled the trigger early.
-snip-
Read more: https://www.slashgear.com/google-reveals-cpu-security-flaw-meltdown-and-spectre-details-03513512/
2 replies
= new reply since forum marked as read
= new reply since forum marked as read
