Meltdown and Spectre - Every computer/phone at risk

  • Thread starter Greg Bernhardt
  • Start date
  • Featured
In summary: OMG! Red alert! Red alert! Air raid, Pearl Harbor - This is not a drill! Send lawyers, guns, and money - the stuff has truly hit the fan" - this is also a bona fide emergency. In summary, Meltdown and Spectre are two major flaws affecting nearly every computer and device. These flaws allow attackers to access anything a computer is doing at any moment, and to change it. The fix doesn't actually fix the problem, it just slows down the attackers ability to access side channel cache data, which contains protected memory. There is a lot of misinformation circulating about these vulnerabilities, so I would strongly recommend going straight to the source.
  • #36
nikkkom said:
Well, the problem is, javascript or flash code running in your browser is in this terminology a _local_ attack.

Remote attack is someone out there on the net sending some packets at you, or looking at your packets flying past him.

Yes that can be defined as a local attack since it requires one either activating the code or allowing that code to activate by default. The former is usually in the form of some clickbait but also includes opening pages, including email, of unknown sources. It is, after all, possible to embed code in things like jpeg files. The latter is only common among those who do not use addons like NoScript or setup Java and Flash to always ask before running. This is also one of many good reasons to always use bi-directional firewalls since so much of malware requires some "phone home" action. This, so far, isn't the case with Meltdown and Spectre, unless it is delivered as an attachment, whether open, disguised, or hidden, with a self-propagating element included. This will likely occur since being able to view otherwise hidden and privileged data is useless unless some means to view or exploit it are included.

What constitutes secure behavior is still much the same as always and hopefully common knowledge to everyone here on Physics Forums. If not, such information is easily found and implemented.
 
Computer science news on Phys.org
  • #37
enorbet said:
The latter is only common among those who do not use addons like NoScript or setup Java and Flash to always ask before running.

That's probably "only" 99.99% of all browser users.
 
  • Like
Likes Tom.G
  • #38
nikkkom said:
That's probably "only" 99.99% of all browser users.

While that may be regrettably so, anyone who knows anything about PC security considers such practice for anyone concerned about Meltdown and Spectre to be akin to worrying about their lack of motion sensor triggered lighting while leaving on vacation with their front and back doors not only unlocked but wide open. ;)
 

Similar threads

Windows 10 Update - Caused Loop (Need a Computer )
Replies
12
Views
3K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
3K
  • Sticky
Getting Started With Computers and Programming
Replies
13
Views
5K
Current and Future AI Threats to Humanity and the Human Response
Replies
10
Views
3K
STOP: 0x0000008E (0xC000005, 0XBF04DF7B, 0xED924B18 0X000000000)
Replies
23
Views
5K
Do Movies Teach Us Realistic Life Skills?
Replies
1
Views
9K

Hot Threads

Recent Insights

Back
Top