For any of my friends that are not computer savvy, or usually don’t care. In this post I’ve digested the info for you about the security bug in CPUs, which is a BIG DEAL. You will start to hear the words like #Meltdown and #Spectre alot soon regarding your computer security. Allow me to explain in very high level, hopefully this helps some of you to better understand the biggest security bug in history :
Meltdown is the name of a vulnerability found in Intel CPUs only, where security is compromised to gain more speed. Basically Intel engineers designed their CPUs to be more performant but neglected to make sure they are secure enough, and the result is that one piece of code running on an Intel CPU can read the “kernel memory” of the operating system (OS) . Think of the kernel memory as your brain’s secret thoughts, what would have happened if I gained access there? In the computer world that’s where all your passwords are for example.
The patches that are coming out for this one are on the OS side (windows, Linux etc) and they expect to slow down all Intel chip sets by 30%-50%. Yes, your computer will be slower.
Do not underestimate this problem, code and guides how to exploit this vulnerability are already surfacing. (see link below)
The second name you might hear is “Spectre”. This is a vulnerability that affects ALL cpu vendors. And the worst thing, this cannot be patched, it’s a basic design flaw and it will stay with us for at least a decade until the current HW cycle gets refreshed world wide. Fortunately this one is much harder to exploit. We will have to see how this rolls out.
Most worrisome use case besides getting the password of your grandma back accounts, is shared HW, especially in the cloud. Think of one customer who rents compute resources from the cloud and is able to read password and data of other customers running on the same HW. Maybe your bank is the victim? And this affect everyone!
That’s it, hope this helps, let me know your thoughts.
Those who wants to read more see this link https://meltdownattack.com/
Good luck to us all
In this picture, someone grabbing passwords straight from the kernel
In the following image is the fix