Jump to content
News Ticker
  • Welcome to 2021, let's hope it is better than 2020.
  • Spectre and Meltdown CPU vulnerability


    Ztuke
     Share

    Recommended Posts

    Background

    As many of you know by now, a quite serious vulnerability was discovered in early 2018 that affected both INTEL and AMD cpu's!

    This discovery has sent SHOCK WAVES throughout the entire PC industry.

    These flaws have been called SPECTRE and MELTDOWN.

    There are patches made available by the CPU manufacturers and supplied to the hardware maker's that address this critical flaw but these are NOT applicable to all CPU's going back to the very earliest affected. (The very earliest affected CPU's would have been manufactured sometime during 1998.) The patches affect a very special instruction layer known as MICROCODE.

     

    Response

    The CPU manufacturers and most affected hardware manufacturers have responded by releasing patches that close access to this critical vulnerability. In the cases of INTEL and AMD, the changes have to be made at the microscopic level within the construction of the CPU its self and since this is not something that is ever undertaken without the most serious of consideration and rigorous of testing, it WILL TAKE TIME!

    Microsoft, the Windows developer, and nearly all Linux system developers have produced and released software fixes to block this vulnerability. HOWEVER, it must be noted that on older hardware these patches and fixes CAN AND DO have a performance impact. On the most up to date hardware this performance hit is barely noticeable, on older hardware it can have visible penalty.

    These patches/fixes are mandatory in the case of Windows users and in the case of newer Linux builds with, in the case of older Linux builds are very highly rated patch to be applied. 

     

    Point of this post

    Other than to make everyone aware of this and try to warn of the utmost serious nature of these flaws it is also to inform you that there is a small windows utility available that will inspect your system and inform you if your hardware is vulnerable or protected, if the software patches have been installed by Microsoft and if a software base MICROCODE update issued by Intel/AMD has also been installed. It will also indicate if your hardware is too old for these patches.

    I will add at this time that NOT ALL CPU's are being patched, in general if the design of the CPU is up to roughly speaking, 5 years old then you have a high chance of there being a patch. CPU's of between 5 to 7 years have a reasonable chance with anything older than 7 years being unlikely!

    The utility is produced and made available by the Gibson Research Corporation (GRC), founded by Steven Gibson,  and is called INSPECTRE.

     

    Conclusion

    If you wish to check your system for these critical security flaws, the above utility will give you a fast and clear indication.

     

    NOTES

    1) An effort has been made to avoid technical speak and many generalities have been made which will read as incorrect to the informed. It is this writers intent to inform and not confuse those who do not have the technical knowledge or understanding to read the more precise descriptions involved in the technical papers for these issues.

    2) A certain amount of information and capabilities of the above mentioned patches, fixes, workaround's and utilities has been deliberately left out so as not to cause confusion OR allow the incautious to put their systems at risk!

    3) The writer in no way endorses, nor implies that the community or site operators of the Covenant of the Phoenix Community endorse these comments or the software/application talked herein.

    4) Use of the above utility is made solely at the users discretion, since if they are using it then they have made the conscious decision to use it!

     

    Link to comment
    Share on other sites

    • 4 months later...

    Intel had a vulnerability that could be used by the US Government to acquire state secrets from a number of bad actors; China, Russia, Terrorists.  Instead;, Intel informs its customers in China, before informing the US Government.

    https://techcrunch.com/2018/01/28/intel-reportedly-notified-chinese-companies-of-chip-security-flaw-before-the-u-s-government/


    They should have called the NSA and handed over the information to the NSA, so much good could have been done to thwart bad actors on the world stage.

    Intel has serious governing issues, as most of their R&D and major technology comes from their Intel Israel team - the same country that was going to sell one of our AWACS aircraft to the Chinese until we complained back in 2000, to today where Israel sold the software to Saudi Arabia that allowed them to hack a Washington Post reporters phone and ambush him at their embassy and murder him, and whom purchase significant political influence over US politics, for such a small group.  Israel's track record is not good.
    Most of Intels manufacturing is done overseas in Asia, including China.  Hence their telling their Asian customers before the US Government.

    As unlikely as it may be to happen, boycotting Intel in your purchase decisions is what is needed here.
    There is a shortage of CPUs globally, AMD has become more wanted only to fill the gap, AMD chips are not better than Intels, but they don't come with all the baggage of selling out the US government to the Chinese and American reporters and our R&D to the Israelis.

    AMD for the win.

    Edited by Relaed
    Link to comment
    Share on other sites

    Guest
    Reply to this topic...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    Loading...
     Share

    ×
    ×
    • Create New...