Don't panic, drink tea  - tea - Spectre? Meltdown? F*CKWIT? Calm down and make yourself some tea

Within hours of writing my original article about the F*CKWIT Intel CPU flaw (also known as KPTI or KAISER) things moved on quite a lot.

Google’s Project Zero vulnerability research team published technical details of serious flaws caused by “speculative execution” that they had found not just with Intel chips, but also certain AMD and ARM processors.

Meltdown logo  - meltdown 170 - Spectre? Meltdown? F*CKWIT? Calm down and make yourself some teaDubbed Spectre and Meltdown (and if you’re loving all these names, you should be aware that there are also cute logos), the attacks could be used to read system memory that *should* have been inaccessible.

In short, an attacker could steal sensitive information such as passwords or encryption keys from your computer’s memory. And because these flaws are in your computer’s chips, it’s not a problem that is particularly easy to properly fix without a hardware fix. Yuck.

The solution? Change the low-level software that speaks to the hardware, as the chips can no longer be trusted to do what they were supposed to be doing.

The good news is that these flaws have been known about – but kept quiet – for some months. That’s how they found the to create the natty bug logos and consumer-friendly websites discussing the topic. The researchers who discovered the problems disclosed them to chip and software vendors, who have been feverishly working on fixes.

So far we simply do not know if the vulnerabilities have been maliciously exploited in the wild.

Here’s what various vendors are saying to their users and (note – this is inevitably an incomplete list):

So, what should you be doing about this?

Clearly these are critical security vulnerabilities, but there is not much that consumers can do other than wait for security patches to be released and then apply them as a matter of priority.

In short: Don’t panic, make a cup of (coffee is also acceptable), and ensure that you install patches and security updates as they continue to roll out.

FWIW, I don’t drink tea or coffee. But I’m making an exception this morning.

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - Spectre? Meltdown? F*CKWIT? Calm down and make yourself some tea

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus for Windows. Now an independent security analyst, he regularly makes media appearances and gives presentations on the topic of computer security and online privacy.

Follow him on Twitter at @gcluley, Google Plus, Facebook, or drop him an email.

Follow @gcluley

Source link


Please enter your comment!
Please enter your name here