Jump to content

Vulnerability in Intel processors


Leonardo

Recommended Posts

Yep its not just Intel processors, the news over the last couple of days has been full of articles on this, the whole world is affected just about, whoever gets there first with successful exploits will potentially reap as much as they want, the software shoring up that everyone is trying to do will probably be overcome eventually aswell, especially by nation state organisations for spying / industrial espionage .. which in turn filters to everyone else too because all kinds of nefarious contacts get sold the information.

All of those Kiosk systems (the town map which scrolls a few adverts on screen) which will not be replaced for years will be easily taken over .. Although most of those are still running windows XP so they are a lost cause before this is even used.

Anything with Intel, AMD and ARM processors are vulnerable, going back years of different models. Even Apples Iphones and Tablets, and Macs are vulnerable.

I'm cursing because I have an old Iphone 5c (the one before the 5S) which has just lost support for being updated about a month ago, it will never get the IOS update to try and stop these issues - Which I think is a bit crap because Apple knew secretly about this problem at least a month before they dropped support for my model of phone. But I only use it for SMS texts and emergency calls anyway, so long as I dont download any apps I guess I will not be likely to be anyones target for exploiting .. But to think I got this phone because at the time they were the best for personal security due to apple keeping a tight lid on the OS vulnerabilities.

 

Anyway yeah its bad, what generation of processor we have to wait for before this is solved I dont know, I do know all current PCs and Laptops on the store shelves will not be getting any of my cash. Your fridge topping up the shopping online automatically when you are running out of milk may acquire new abilities, TVs and set top boxes which can spy on your living room (so called smart TVs which rush to cover up what can be done by the manufacturer when the public finds out .. waves at samsung), could now possibly be owned by anyone getting a lever inside your home network via any device, home routers and any dedicated servers worldwide .. I cant think off hand what would not be potentially taken over.

It needs something to get into your machine first, but thats proven to be not the hardest thing in the world, there is a new hacking kit with a catalogue of exploits for various operating systems just about every month I think. It only needs one to be used, and the amount of machines which are already covertly pwned by botnets will get even deeper hooks into the systems they already have at a level which nothing can do anything about. You or your anti-malware would not even be able to detect what activities your machine is being used for. And yet if crimes were performed using your machine from your IP address, you (the Broadband customer responsible for the houses connections to the net no matter which machine in the house it came from) would potentially be jailed. See your ISPs T&Cs.

 

Only good advice is if you have a machine that is valuable in the information it stores .. keep it off the net completely, disable any connections to printers and sharing services, disable any UPnP services, disable wifi (especially those easily exploited 4 number easy wifi connect setups), and dont use any USB devices. Isolate it from communicating with anything. New generation Mobile smart phones are just hopelessly a lost cause as far as security is concerned, I imagine some fools will be doing internet banking on them LOL.

Link to comment
Share on other sites

Let's be a bit more precise - AMD has insisted they are immune to the Meltdown bug, but has exposure to Spectre. It's not entirely clear whether or not one of these is worse than the other, but it's certainly true that being immune to one of them is better than being vulnerable to both.

Also, check your phones people. Mine just had a huge Android update yesterday which was likely to address this issue. Some phones will tell you, others won't and will expect you to check the system updates menu.

Link to comment
Share on other sites

If I understood you correctly, you mean that only Intel processors are vulnerable to both threats.

Link to comment
Share on other sites

IIRC but didn't you choose AMD processor for your new PC last year or was it 2016?

Link to comment
Share on other sites

2 hours ago, Leonardo said:

IIRC but didn't you choose AMD processor for your new PC last year or was it 2016?

Yes, I've been using AMD ever since the old 386 days. All it means is that I'm not going to be susceptible to the Meltdown bug and that when Microsoft issues the patches on Windows 10 I won't be bitten by the performance loss that fixing Meltdown will cause.

Link to comment
Share on other sites

Lucky you, I guess.  Me on other the hand are using Intel and have done that for the last 10-15 years or so.

Link to comment
Share on other sites

It's a fascinating bug, though it's difficult to actually implement it.  They're definitely some of the biggest hardware/firmware bugs found to date though.  Pretty crazy.

Link to comment
Share on other sites

  • 4 weeks later...
7 hours ago, Leonardo said:

This is slightly off topic, but it has to do with security and I just read an article about the WannaMine malware that Panda Security have published on their website.

https://www.pandasecurity.com/mediacenter/mobile-news/wannamine-cryptomining-malware/

Yes see also the fourth note in this post (the one reference the new flag in Chrome Browser), this flag aswell as preventing Meltdown exploits it is also meant to try and prevent third parties scripts running in an IFrame using your processor time (electricity you pay for and bandwidth) to mine digital currencies for their own gain.

They dont need to put the mining scripts into Malware, just take over a few easy target advertisement streams and inject their own script to be pushed onto pages all over the internet using everyones machines just as effectively as if they were pwned in a botnet. Sites like Nexus (which if you recall not too long ago introduced a button to report bad advertisements they were hosting in the holes on Nexus Mods Pages) use IFrames to feed you ads, Nexus has no control over what scripting is actually coming down the pipe via those IFrames, so anyone who finds weak insecure ad streams to hijack can feed anyone Monero mining scripts to take advantage of your machines power and earn themselves more monero.

In this case the "Report an Ad" button is useless, because you as the user of the site will not even notice the script running in the IFrame, maybe you will notice your machine getting a little unusually warm loading the web page, but really these days thats not too unusual either, web pages are not as conservative in how much resources they use as they used to be, because everyone has broadband and very few people are still on dial up.

Link to comment
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...