Friday, January 19, 2018


You no doubt have read or heard about MELTDOWN and SPECTRE. The bad guys always seem to be plotting and implementing more nefarious ways to disrupt our dependency on technology. This one looks really, really bad!

The microprocessors that are in each and every electronic device—think smartphones, personal computers, laptops, mobile devices, automobiles, home appliances, gaming systems—may be exposed to these newly discovered vulnerabilities. These specific vulnerabilities have likely been around for quite some time but were only recently discovered. 

MELTDOWN apparently “melts” the security boundaries between the processor and software, enabling access, and allows the hacker’s malicious software to steal information. SPECTRE impairs the ability to stop such theft from happening and tricks the system into providing more information.

The CEO of Intel, Brian Krzanich, acknowledged these hard-to-fix flaws in processor chips that were recently discovered and disclosed by security researchers. He promised that fixes would be forthcoming. Microsoft and Apple have announced efforts to patch the vulnerabilities. Patches are already being made available for Linux, Window and OS X. Chrome and Firefox browsers have released patches.

For more information on these vulnerabilities and the patches available, click here.

So what can you do protect yourself? The bad guys may attack unpatched computers and devices. Get those patches applied as they become available from the manufacturer. Your other choice is to get off the grid completely and give technology a rest. Not a viable option for most of us.

In a recent article in Scientific American, noted cryptographer, Paul Korcher, explains how shortcuts used by chip manufacturers to optimize processor speed probably led to both of these vulnerabilities. Security apparently lost out to the holy grail of faster speed as chip designers sacrificed security for enhanced speed.

As the new patches and safeguards are rolled out we might see some loss of processing speed and performance. In some cases the actual microprocessor may not be capable of updating and will have to be replaced. 

Stay tuned. The repercussions of MELTDOWN and SPECTRE are likely to be with us for a long time.

Hopefully our major microprocessor manufacturers, such as Intel, will consider security as paramount in any future chip designs and not try to win the race to achieve the fastest chip possible. I, for one, would choose security vs. speed if a choice was necessary. 

No comments :

Post a Comment