Freemors Blog

Musings of an East Coast Techie
Archive for January 2018

What You Need to Know about Meltdown and Spectre

2018-01-04 by Freemor

I am writing this because there is a lot of hype, click bait and other stuff going on around Meltdown and Spectre. I want to put out the info in plain simple terms.

First and Foremost

Your computer is not broken or defective.

Intel DID NOT screw up.

The fact that Out-of-order Execution has been around since the '70s and in modern PCs since the mid '90s and the exploit is only now being found shows that this is a extremely clever, highly technical, exploit that builds on much more modern concepts like "CPU cache timing attacks for side channel leakage of information.".

There are software patches already on the way to mitigate the problem. The "performance hits" talked about are not well documented and as the mitigations improve any performance hit will be reduced.

Is it bad?

It is a serious issue. It is not the end of the world, or your computer, or the internet.

What is it?

Both techniques take advantage of a feature of many (not all) modern processors called Out-of-order execution. Which is a technique that most modern CPUs use to get things done more efficiently and faster.

It is NOT a technique to get code on your machine. It is a technique that code that has already gotten on your machine can use to access information that is usually protected.

Access to such information would let the code then bypass several other protections to gain more privileges or steal information from other processes.

What should I do

Breath. Relax. There is no evidence that these have been exploited in the wild yet. Patches/Fixes are coming online quickly.

Apply patches as they become available. Many people are working on ways to mitigate these problems.

What about all the noise.

Sadly this is the type of exploit that makes for great attention grabbing headlines and news coverage. But the facts are much more complex then the mainstream media want to cover. It is much easier to say "Every Intel Processor is effected but this bug." than "There is a highly technical side channel attack on processors that support Out-Of-Order Execution that leads to the leakage of privileged information. This would let them steal information or use information about the layout of system memory to use another advanced technique called Return Oriented Programming to gain full control of the system."