1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[SECURITY ALERT] Spectre and Meltdown

Discussion in 'Bits & Bytes' started by Biker, Jan 7, 2018.

  1. Biker

    Biker Administrator Staff Member

    By now, I'm sure most of you have read about or heard something about some pretty major issues with your computers, tablets, phones, etc.

    Meltdown patches should already be flowing to everyone who use Intel processors. It will probably take a few weeks before the dust settles with that one, but fixes are coming.

    As for Spectre, well... To put it bluntly, we're screwed. This goes to the underlying architecture of ALL processors used in your computers, tablets, phones, etc. And the problem here isn't really "patchable". In order to correctly fix this one, the chip manufacturers will have to completely redesign certain aspects of their CPUs. This doesn't happen overnight and will realistically take a few years to correct.

    There will be patches sent out that will help mitigate the issue, but it won't be a "fix" per se.

    Is this something to be worried about? Yes and no. As usual, good Internet practices come into play where you need to be aware of links you click on. Some of the vulnerability requires direct access to your computer, so most won't need to worry about that.

    So, in essence, it's business as usual, but you do need to be aware of what you're clicking on.

    Bottom line, ensure you're doing your updates in a timely manner (this includes ALL OSs and applications).
    Last edited: Jan 13, 2018
  2. Allene

    Allene Registered User

    Funny, I just finished reading about that elsewhere!
  3. Susan Addams

    Susan Addams Unregistered User

    You mean that GA isn't your FIRST stop each morning? ;)

    Biker, does Meltdown affect iOS cells and tablets? And do either affect Intel Atom processors on Win10?
    Allene likes this.
  4. Biker

    Biker Administrator Staff Member

    Meltdown only affects Intel processors. Spectre, on the other hand, affects ALL processors. Intel, AMD, etc. This includes your cell phones, tablets, IoT devices, etc.
  5. Susan Addams

    Susan Addams Unregistered User

    Our technology is getting out of control.
  6. rockotman

    rockotman Blown on the steel breeze

    Skynet becomes self-aware, August 21st, 2018.

    We're all doomed.
    jimeez and Arc like this.
  7. Susan Addams

    Susan Addams Unregistered User

    Please do not scare me. I'm already scared.

    Just the fact that I cannot control my Windows 10 Home scares me. I'm at the mercy of Microsoft, and at least MSFT is an entity that can be legally addressed. They can annoy us but they are limited in what they do.

    With a rogue virus they can do anything they want: literally. The recent example of the virus that encrypted all your files is a good example. They encrypted your files, then told you once you were infected. Your choice was to pay up or lose your files forever. I understand that many people lost their files even if they paid. I heard the pay was in the crypto-currency Bitcoin.

    I copy "My Documents" frequently, so worst can happen to me is I lose a few weeks updates of my files. I usually know which files I've been working on, and have documentary proof (D/L) that I can re-download to update any lost data.

    As a contractor I am used to uploading my data (code) to my customer's server several times a day, at each point when I reach a new milestone.

    You could literally hit my laptop with a sledge hammer and I would lose little data. In fact I was shopping today and found both a Dell and an HP that were better than I own now. You hit me with that "I encrypted your files and pay me to get them back" and I'd tell them to fuck off and I'd just reformat and sell the current laptop and upgrade to probably the HP. (1 TB HDD, Intel core 7, 16 GB RAM, better than I have and little over a K-buck.)

    If they wanna bring this BS, Suzy will be prepared, network drives backed up, laptop ready to format. Nobody fucks with Suzy unless Suzy wants it.
    Allene likes this.
  8. Biker

    Biker Administrator Staff Member

    Meltdown and Spectre are a little more insidious than thinking it's a "virus". Essentially, both vulnerabilities allow an attacker to force the CPU to write data outside of protected boundaries, allowing the attacker to glean sensitive data from your system.
    Allene likes this.
  9. rockotman

    rockotman Blown on the steel breeze

    I am in the process of salvaging files from a 1-TB hard drive out of my daughter's and son-in-law's desktop. It's hooked up to my desktop via a SATA to USB converter. FileScavenger has been scanning the defective drive non-stop for the past two days, and judging by the progress, it could be a month-long process. I started worrying today about a Windows update that will be issued to fix this Meltdown issue (or any update, for that matter) forcing a restart; this would be a problem, as until the initial scan is complete, you must let FileScavenger run uninterrupted. Since this drive has so many bad sectors, it appears that the scan will take a long, long time. As I sat pondering a way to avoid the restart (W10 Home doesn't let you postpone a restart indefinitely), my wife said "why don't you just disconnect the PC from the internet so it can't install the update".

    A brilliant and elegantly simple solution suggested by a non-technically-inclined person that has trouble using the simplest of features on her phone. I love this woman!
  10. Susan Addams

    Susan Addams Unregistered User

    Just one thing, you used the wrong adapter. You should have mounted that drive by popping the side off the PC and attaching it by a SATA or whatever connector your PC uses. USB is the wrong tool. You may never get to the end using a USB connection.
  11. rockotman

    rockotman Blown on the steel breeze

    Tried that. The drive is so bad that it kept the PC from recognizing the boot drive after POST. BIOS would detect it, but that was as far as it would get. Even using the converter, it takes a while (we're talking up to several minutes) until it shows up as a detected mass storage device connected via USB. This ain't my first rodeo. I've salvaged files off of several hard drives over the years, but this one is by far the most borked I've ever seen.
  12. Susan Addams

    Susan Addams Unregistered User

    Start praying to St. Jude, the patron saint of desperate cases and lost causes. I've been able to get some data off a healthy HDD that way but never a drive with major sector problems. BTW I'm self taught so no need to take my word. As long as you can let it grind you might get the data. That sounds like a pretty sick drive. I'm surprised there weren't impending signs it was failing (SMART). Good luck with it though, a small change you'll get your data is better than a large sledge hammer. :p

    I back up my "My documents" folder each month plus FF and TB profiles. Other than installed programs I wouldn't lose much if my laptop HDD crashed.

    I recently joined, I haven't seen you before. Odd spelling of your user name. It almost sounds like Russian translated to English. Is there a story behind that? Mine is simple: two useless BA degrees and a brother who got me interested in PCs and IT work. I currently design geo-aware corporate apps as a 20 hours/week contractor, dabble in the market the rest of the time. I decided to use my real name but only on this one forum. I'm interested in serious discussion of US and world problems.

    Last edited: Jan 14, 2018
  13. rockotman

    rockotman Blown on the steel breeze

    There were signs of impending failure.. they chose to ignore them. Luckily, nothing really important on there; some family photos they'd like to recover, some marketing photos for my daughter's Etsy site, and some Word docs that can be recreated if absolutely necessary. It's more of a challenge as opposed to a necessity.

    As far as the username:. My given name is Jim Rockot, an Americanized name of my grandfather's surname "Rokot", meaning "from the town of Roka", a town in Croatia".

    The Elton John song came out when I was in high school, and the nickname stuck ever since.

    I've been around here since this place started years ago, came over with some of the originals that left an old site we used to frequent. Just don't post much.
    Last edited: Jan 14, 2018
  14. Susan Addams

    Susan Addams Unregistered User

    Wow Rockot, that's a kewl story, or "wicked" as the kids say! ;) That must have been great having a song about you! :)

    I really like your story now that I know the tale behind it! :)

    I 've been around this place about ... this year?
  15. Biker

    Biker Administrator Staff Member

  16. Susan Addams

    Susan Addams Unregistered User

    You convinced me Biker. I've been ignoring Windows Update because I haven't had time to backup. I always backup then update. I'll do it today. I doubt I'll be on any sites other than our forum before I do the update.

    By the way, I've never seen it discussed. Set your email to reject HTML and render only in text mode. And never click a link unless you understand why you were sent it. An email of only a link from a trusted friend indicates your friend was hacked.

Share This Page