Recent

Author Topic: 2 decade old security flaw found in all microprocessors  (Read 1944 times)

0 Members and 1 Guest are viewing this topic.

Offline DigiCorn

  • Terrorizing humans since 1971
  • Supreme Ninja
  • ***
  • Posts: 14912
  • Gender: Male
  • There is no Dana, only Zul!
    • Clerks.
2 decade old security flaw found in all microprocessors
« on: January 09, 2018, 02:31:26 PM »
https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/

Interesting read. Just heard about this. Not sure what category this falls under.
"Selling my soul would be a lot easier if I could just find it."
– Nikki Sixx

“Always do sober what you said you'd do drunk. That will teach you to keep your mouth shut.”
― Ernest Hemingway

Offline Slappy

  • Ninja Member
  • *
  • Posts: 4075
  • Gender: Male
  • Come On. Fhqwhgads.
Re: 2 decade old security flaw found in all microprocessors
« Reply #1 on: January 09, 2018, 02:48:29 PM »
Quote from: DigiCorn date=1515526286 link=msg=297238
Not sure what category this falls under.

File it under "Oops! Our bad."
A little diddie ‘bout black 'n cyan...two reflective colors doin’ the best they can.

Offline Possum

  • Ninja Member
  • *
  • Posts: 4059
  • Gender: Female
Re: 2 decade old security flaw found in all microprocessors
« Reply #2 on: January 09, 2018, 02:58:51 PM »
Microsoft has put out patches for machines going way back. It's a hardware flaw. According to what I heard on a newscast, something got overlooked in the race for speedier processors, which left the vulnerability. 

Some older AMD processors are freaking out with the patches, so be careful.

https://arstechnica.com/gadgets/2018/01/bad-docs-and-blue-screens-make-microsoft-suspend-spectre-patch-for-amd-machines/
No Facebook, no iAnything. What am I missing?
2009 Mac Mini, OSX 10.6

Offline scottrsimons

  • Prepress/IT/Automation
  • Sr. Member
  • ****
  • Posts: 290
  • Gender: Male
  • 42
Re: 2 decade old security flaw found in all microprocessors
« Reply #3 on: January 09, 2018, 03:11:55 PM »
Now that you mention AMD, I read an article about AMD yesterday, and that they were a good option to Intel.

https://gizmodo.com/amd-is-making-a-really-great-case-for-ditching-intel-ba-1821850744

And now the article today about Windows bricking the AMD processors.  :poohitfan  Not a good day to be in tech. Wait...scratch that, it's a GREAT day to be in tech. :banana:  It's a little something I like to call "Job Security". YEAH!! :mademyday:
Mac • Prinergy 8 • Preps 8 • RBA • Fusion Pro

"Your superior intellect is no match for our puny weapons!" - Homer J. Simpson

Offline DigiCorn

  • Terrorizing humans since 1971
  • Supreme Ninja
  • ***
  • Posts: 14912
  • Gender: Male
  • There is no Dana, only Zul!
    • Clerks.
Re: 2 decade old security flaw found in all microprocessors
« Reply #4 on: January 09, 2018, 03:18:17 PM »
Quote from: Possum date=1515527931 link=msg=297240

Microsoft has put out patches for machines going way back. It's a hardware flaw. According to what I heard on a newscast, something got overlooked in the race for speedier processors, which left the vulnerability.

Some older AMD processors are freaking out with the patches, so be careful.

https://arstechnica.com/gadgets/2018/01/bad-docs-and-blue-screens-make-microsoft-suspend-spectre-patch-for-amd-machines/
Two of my desktops and one old laptop are all AMD and on W10. Our other laptops are both Intel and one runs W10 and the other is a Google Chromebook. The two desktop units are always on, so I hope they didn't auto apply any bad patches. One is a 3-core and the other is a 4-core, both about 7-8 years old.
"Selling my soul would be a lot easier if I could just find it."
– Nikki Sixx

“Always do sober what you said you'd do drunk. That will teach you to keep your mouth shut.”
― Ernest Hemingway

Offline frailer

  • Sydney, OZ.
  • Global Moderator
  • Supreme Ninja
  • *****
  • Posts: 11734
  • Gender: Male
  • Older, and digitally challenged
Re: 2 decade old security flaw found in all microprocessors
« Reply #5 on: January 09, 2018, 07:35:35 PM »
Not expecting to hear from our in-house IT guy about the 1 vs. 2 seat Adobe licensing anytime soon, I think.
Fujifilm XMF/AdobeCC/PitStop Pro/Black Magic/ScreenPlateRite_Fujifilm ZP processless. 28" Komoris  |  Forgotten good guys: Dennis Ritchie, Burrell Smith, Bill Atkinson, Richard Stallman
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Too old for this.. but.. there's that question of income. And lack of it if I stop.
~~~~~~

Online Joe

  • Master of Nothing
  • Administrator
  • Ninja Warlord
  • *****
  • Posts: 36762
  • Gender: Male
    • B4Print.com
Re: 2 decade old security flaw found in all microprocessors
« Reply #6 on: January 09, 2018, 07:50:17 PM »
Quote from: DigiCorn date=1515526286 link=msg=297238

https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/

Interesting read. Just heard about this. Not sure what category this falls under.


It also affects all Apple hardware too.
Mac OS 10.14.6 Mojave | Prinergy 8.2 | Adobe Creative Cloud 2019 | Two Luscher XPose 160 CTP units

Prepress: One who does precision guess work based on unreliable data provided by those of questionable knowledge.

Offline Farabomb

  • #NoLivesMatter
  • Supreme Ninja
  • ***
  • Posts: 17230
  • Gender: Male
  • Wait, what?
    • My other job
Re: 2 decade old security flaw found in all microprocessors
« Reply #7 on: January 10, 2018, 08:20:22 AM »
All Intel based apple hardware. I wouldn't put it past a shop to still be running a quadra.
Speed doesn't kill, rapidly becoming stationary is the problem

I'd rather have stories told than be telling stories of what I could have done.

Quote from: Ear date=1459965256 link=msg=278846
Quote from: Farabomb date=1459964381 link=msg=278844
It's more like grip, grip, grip, noise, then spin and 2 feet in and feel shame.
I once knew a plus-sized girl and this pretty much describes teh secks. :rotf:
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
         —Benjamin Franklin

My other job

Online Joe

  • Master of Nothing
  • Administrator
  • Ninja Warlord
  • *****
  • Posts: 36762
  • Gender: Male
    • B4Print.com
Re: 2 decade old security flaw found in all microprocessors
« Reply #8 on: January 10, 2018, 08:32:24 AM »
Actually we still have a couple of G5's plugged in. Those are safe with the Motorola CPU. They suck but they are safe.
Mac OS 10.14.6 Mojave | Prinergy 8.2 | Adobe Creative Cloud 2019 | Two Luscher XPose 160 CTP units

Prepress: One who does precision guess work based on unreliable data provided by those of questionable knowledge.

Offline Possum

  • Ninja Member
  • *
  • Posts: 4059
  • Gender: Female
Re: 2 decade old security flaw found in all microprocessors
« Reply #9 on: January 10, 2018, 09:16:04 AM »
My G4 at home is still plugging along. They don't make them like they used to. :cane:
No Facebook, no iAnything. What am I missing?
2009 Mac Mini, OSX 10.6

Offline Farabomb

  • #NoLivesMatter
  • Supreme Ninja
  • ***
  • Posts: 17230
  • Gender: Male
  • Wait, what?
    • My other job
Re: 2 decade old security flaw found in all microprocessors
« Reply #10 on: January 10, 2018, 09:24:09 AM »
With Apple crippling their older hardware with their software updates, you're totally correct. Hard to make money if people don't keep buying the newest phone every 2 years.

Mind you I have a 4 year old phone (m8) that's running nougat without issue. I'd be running oreo but since it's still in beta I won't put it on my daily driver. I also have a 6 year old one (s3) that's running nougat as well. It's a bit slow but still works fine.
Speed doesn't kill, rapidly becoming stationary is the problem

I'd rather have stories told than be telling stories of what I could have done.

Quote from: Ear date=1459965256 link=msg=278846
Quote from: Farabomb date=1459964381 link=msg=278844
It's more like grip, grip, grip, noise, then spin and 2 feet in and feel shame.
I once knew a plus-sized girl and this pretty much describes teh secks. :rotf:
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
         —Benjamin Franklin

My other job

Online Joe

  • Master of Nothing
  • Administrator
  • Ninja Warlord
  • *****
  • Posts: 36762
  • Gender: Male
    • B4Print.com
Re: 2 decade old security flaw found in all microprocessors
« Reply #11 on: January 10, 2018, 10:06:10 AM »
Your Android device is also affected by this 'issue'.

Quote
The specifics

Intel processors since 1995 except for the Itanium and pre-2013 ATOM platform are affected by both Meltdown and Spectre.

All modern AMD processors are affected by the Spectre attack. AMD PRO and AMD FX (the AMD 9600 R7 and AMD FX-8320 were used as proof-of-concept) CPUs in a non-standard configuration (kernel BPF JIT enabled) are affected by Meltdown. It's expected that a similar attack against side-channel memory reading is possible against all 64-bit CPUs including AMD processors.
ARM processors with Cortex R7, R8, A8, A9, A15, A17, A57, A72, A73, and A75 cores are suspectable to Spectre attacks. Processors with Cortex A75 (the Snapdragon 845) cores are vulnerable to Meltdown attacks. It's expected that chips using variants of these cores, like Qualcomm's Snapdragon line or Samsung's Exynos line, will also have similar or the same vulnerabilities. Qualcomm is working directly with ARM, and has this statement on the issues:

Qualcomm Technologies, Inc. is aware of the security research on industry-wide processor vulnerabilities that have been reported. Providing technologies that support robust security and privacy is a priority for Qualcomm, and as such, we have been working with Arm and others to assess impact and develop mitigations for our customers. We are actively incorporating and deploying mitigations against the vulnerabilities for our impacted products, and we continue to work to strengthen them as possible. We are in the process of deploying these mitigations to our customers and encourage people to update their devices when patches become available.

NVIDIA has determined that these exploits (or other similar exploits that may arise) do not affect GPU computing, so their hardware is mostly immune. They will be working with other companies to update device drivers to help mitigate any CPU performance issues, and they are evaluating their ARM-based SoCs (Tegra).

Webkit, the people behind the browser rendering engine of Safari and the forerunner to Google's Blink engine, have an excellent breakdown of exactly how these attacks can affect their code. Much of it would apply to any interpreter or compiler and it's an amazing read. See how they are working to fix it and keep it from happening the next time.

In plain English, this means that unless you're still using a very old phone, tablet, or computer, you should consider yourself vulnerable without an update to the operating system. Here's what we know so far on that front:

Google has patched Android against both Spectre and Meltdown attacks with the December 2017 and January 2018 patches. Google has patched Chromebooks using the 3.18 and 4.4 versions of the kernel in December 2017 with OS 63. Devices with other versions of the kernel (look here to find yours) will be patched soon.
In plain English: The Toshiba Chromebook, the Acer C720, Dell Chromebook 13, and the Chromebook Pixels from 2013 and 2015 (and some names you've probably never heard of) aren't patched yet but will be soon. Most Chromeboxes, Chromebases, and Chromebits are not patched but will be soon.

For Chrome OS devices that aren't patched, a new security feature called Site Isolation will mitigate any issues from these attacks.

Microsoft has patched both exploits as of January 2018.

Apple has patched macOS and iOS against Meltdown starting with the December update. The first round of Spectre updates were pushed out in early January. Check out iMore for everything you need to know about these CPU flaws and how they affect your Mac, iPad, and iPhone. Patches have been sent to all supported versions of the Linux kernel, and Operating Systems like Ubuntu or Red Hat can be updated through the software update application.

For Android specifics, the Nexus 5X, Nexus 6P, Pixel, Pixel XL, Pixel 2, and Pixel 2 XL have been patched and you should see an update soon if you haven't already received it. You can also manually update these devices if you like. The Android Open Source project (the code used to build the OS for every Android phone) has also been patched and third-party distributions like LineageOS can be updated.
Mac OS 10.14.6 Mojave | Prinergy 8.2 | Adobe Creative Cloud 2019 | Two Luscher XPose 160 CTP units

Prepress: One who does precision guess work based on unreliable data provided by those of questionable knowledge.

Offline Farabomb

  • #NoLivesMatter
  • Supreme Ninja
  • ***
  • Posts: 17230
  • Gender: Male
  • Wait, what?
    • My other job
Re: 2 decade old security flaw found in all microprocessors
« Reply #12 on: January 10, 2018, 10:17:29 AM »
I'm glad I'm running LineageOS then.  ;D
Speed doesn't kill, rapidly becoming stationary is the problem

I'd rather have stories told than be telling stories of what I could have done.

Quote from: Ear date=1459965256 link=msg=278846
Quote from: Farabomb date=1459964381 link=msg=278844
It's more like grip, grip, grip, noise, then spin and 2 feet in and feel shame.
I once knew a plus-sized girl and this pretty much describes teh secks. :rotf:
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
         —Benjamin Franklin

My other job

Online Joe

  • Master of Nothing
  • Administrator
  • Ninja Warlord
  • *****
  • Posts: 36762
  • Gender: Male
    • B4Print.com
Re: 2 decade old security flaw found in all microprocessors
« Reply #13 on: January 10, 2018, 10:51:49 AM »
Lineage OS is supposed to have the patch either in this weeks or next weeks update.
Mac OS 10.14.6 Mojave | Prinergy 8.2 | Adobe Creative Cloud 2019 | Two Luscher XPose 160 CTP units

Prepress: One who does precision guess work based on unreliable data provided by those of questionable knowledge.

Offline frailer

  • Sydney, OZ.
  • Global Moderator
  • Supreme Ninja
  • *****
  • Posts: 11734
  • Gender: Male
  • Older, and digitally challenged
Re: 2 decade old security flaw found in all microprocessors
« Reply #14 on: January 11, 2018, 07:26:36 PM »

6 colour Komori guy was in here... we were discussing CIP3 files, and how they *could* streamline getting them to him and the 5 col.

We currently Export them from Black Magic, manually; it's not a biggie, as we're rarely stupidly busy for very long, and we can juggle it...

anyhoo, in the discussion, he says...  "the PC on my press runs a Celeron!"      :rotf:  I'd completely forgotten they existed.
Fujifilm XMF/AdobeCC/PitStop Pro/Black Magic/ScreenPlateRite_Fujifilm ZP processless. 28" Komoris  |  Forgotten good guys: Dennis Ritchie, Burrell Smith, Bill Atkinson, Richard Stallman
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Too old for this.. but.. there's that question of income. And lack of it if I stop.
~~~~~~