05 January 2018

The New York Times: “Researchers discover Two Major Flaws in the World’s Computers”

The Meltdown flaw is specific to Intel, but Spectre is a flaw in design that has been used by many processor manufacturers for decades. It affects virtually all microprocessors on the market, including chips made by AMD that share Intel’s design and the many chips based on designs from ARM in Britain.

Spectre is a problem in the fundamental way processors are designed, and the threat from Spectre is “going to live with us for decades”, said Mr. Kocher, the president and chief scientist at Cryptography Research, a division of Rambus.

“Whereas Meltdown is an urgent crisis, Spectre affects virtually all fast microprocessors”, Mr. Kocher said. An emphasis on speed while designing new chips has left them vulnerable to security issues, he said.

“We’ve really screwed up”, Mr. Kocher said. “There’s been this desire from the industry to be as fast as possible and secure at the same time. Spectre shows that you cannot have both.”

Cade Metz & Nicole Perlroth

So 2018 is off to a great start, with the disclosure of major hardware-based security vulnerabilities in virtually every computer around us. It’s never been a better idea to update your operating system and browser to protect your data, at least partially. Windows users need to be particularly careful, as the Microsoft fix is apparently interfering with some third-party antivirus software – there’s a compatibility list here – and more advice here and in the official support documentation.

At the same time, the cynic in me keeps thinking: “so this was discovered half a year ago and conveniently disclosed only now, after the holiday sales season, allowing every hardware maker to meet their sales targets for the year. Even more conveniently, a hardware flaw that can only be fully solved by completely replacing the device; that’s like the perfect fix for slow upgrade cycles in both the PC and smartphone market”.

Post a Comment