![]() Ultimately, chip makers like Intel will now be ensuring future chips won't have the same problems, so it's possible those running highly critical systems where information leakage is unacceptable will want to replace their own hardware. I'd have made it a bit clearer that the second listed solution ("Apply Updates") is good enough for just about everyone. Well, I'm sure it's the only reliable way to fully prevent exploitation. replacing everything seems extreme (Microsoft and Amazon aren't!).Īnd Martijn Grooten, editor at Virus Bulletin, was critical of anyone suggesting a full-scale recall: My view - the CVSS score is ~2, which classifies it as Low risk usually - i.e. And as cybersecurity practitioner Kevin Beaumont told me on Twitter, the US CERT gave the bugs low scores in terms of the risk posed to users. Not to mention there aren't any fixes currently available for the specific issue, whilst many patches are coming for Meltdown.Īs the researchers noted in their whitepaper Wednesday: "While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs." Or as one of the paper's contributors, Daniel Gruss, told Forbes: "We believe that Spectre might haunt us for a longer while since it is difficult to generically mitigate it." Making matters worse is that attacks can exploit Spectre via malicious websites running Javascript, according to the researchers (a fact later confirmed by Mozilla in its advisory).īut consumers shouldn't expect their PC maker to replace the chips in their computer or supply a new machine because of the startling revelations Wednesday most security researchers believe that, for now, software updates should be enough to prevent real-world attacks over Meltdown and Spectre. As the researchers noted yesterday, it's harder to exploit, but trickier to effectively patch with software. The more concerning issue from a long-term perspective is Spectre, which tricks applications into coughing up pieces of their memory. And, some say, large-scale hardware replacements would amount to a needless, over-the-top reaction. Vendors haven't mentioned anything of the sort. Fully removing the vulnerability requires replacing vulnerable CPU hardware," the body wrote.Ĭould recalls be necessary? While it may be technically accurate to say a completely redesigned chip is the ultimate solution, it's hugely unlikely customers are going to get free fresh devices. ![]() "The underlying vulnerability is primarily caused by CPU architecture design choices. ![]() Whilst software patches are coming and should do much to mitigate real-world attacks, the U.S.-government sponsored Computer Emergency Response Team (CERT) running out of Carnegie Mellon stated Wednesday that the true, long-term solution was simply to replace the vulnerable computer chips entirely. ![]() This is the question being asked after the Meltdown and Spectre vulnerabilities were revealed yesterday, affecting almost every modern computer in existence, in particular those based on Intel, AMD and ARM processors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |