Patch for Spectre, Meltdown causing problems in older chips

This post was originally published on this site
How to protect yourself against chip flaw

How to protect yourself against chip flaw

Intel said Thursday its patches for vulnerable processors are causing some computers using its older chips to reboot more often.

It’s the latest buggy update since the Spectre and Meltdown revelations, two flaws affecting computer processors, were revealed last week.

Intel (INTC) may need to issue another update to fix the problem, Navin Shenoy, manager of its data center group, said.

Virtually all computer and mobile chips were affected by the Spectre flaw, and software makers, device manufacturers, and chipmakers themselves are working to secure consumers.

But fixes are not happening smoothly. Microsoft’s fixes initially didn’t work with some third-party software, and the Wall Street Journal reported on Thursday Intel asked some of its cloud customers to hold off on installing patches.

Microsoft said this week security patches will slow down most computers, though it varies based on the age of a computer and its operating system. Intel CEO Brian Krzanich said at a conference on Monday that the effect on performance depends a great deal on the work the processors are being asked to do.

According to Jake Williams, founder of Rendition InfoSec, businesses will suffer the most as a result of these chip flaws. Williams says people will be dealing with these vulnerabilities for years to come.

“I expect that as a pen tester and hacker that we’ll still see and be able to exploit this a decade from now in a lot of environments,” he told CNN Tech.

Pen testers are paid to legally attack computer systems to look for flaws.

Part of the issue lies in technical debt accumulated by large organizations. Many firms have old, outdated machines and software that need to be fixed, but they often don’t get updated in a timely manner.

Related: The computer chip debacle: Businesses are scrambling

For recent chip flaws, once the patches are applied, developers have to rewrite code to support the patch.

In the most basic terms, Williams explained, vulnerable processors are like an old, broken bridge. Intel’s patch effectively builds a new bridge right next to the broken one, but developers still have to tell the cars to cross the new bridge instead of the old one.

Compounding future issues is that it’s also likely these two major processor flaws are not the only ones security researchers will discover.

The authors of a technical paper that identified the Spectre vulnerability, say more work will be required to examine the security of processors because the very design of computer building blocks may be insecure, and there are likely vulnerabilities they didn’t find.

As operating systems continue to become more locked down, researchers will spend time looking at the nuts and bolts of computers to find vulnerabilities, rather than holes in software like Windows or macOS.

Williams expects security experts to double down on this field of research. Despite these flaws existing for over two decades, researchers independently discovered them at the same time.

“Now that there’s all this blood in the water, I expect more researchers to look at these microprocessor vulnerabilities,” Williams said.

Be Sociable, Share!

Related Posts

 

MarketTamer is not an investment advisor and is not registered with the U.S. Securities and Exchange Commission or the Financial Industry Regulatory Authority. Further, owners, employees, agents or representatives of MarketTamer are not acting as investment advisors and might not be registered with the U.S. Securities and Exchange Commission or the Financial Industry Regulatory.


This company makes no representations or warranties concerning the products, practices or procedures of any company or entity mentioned or recommended in this email, and makes no representations or warranties concerning said company or entity’s compliance with applicable laws and regulations, including, but not limited to, regulations promulgated by the SEC or the CFTC. The sender of this email may receive a portion of the proceeds from the sale of any products or services offered by a company or entity mentioned or recommended in this email. The recipient of this email assumes responsibility for conducting its own due diligence on the aforementioned company or entity and assumes full responsibility, and releases the sender from liability, for any purchase or order made from any company or entity mentioned or recommended in this email.


The content on any of MarketTamer websites, products or communication is for educational purposes only. Nothing in its products, services, or communications shall be construed as a solicitation and/or recommendation to buy or sell a security. Trading stocks, options and other securities involves risk. The risk of loss in trading securities can be substantial. The risk involved with trading stocks, options and other securities is not suitable for all investors. Prior to buying or selling an option, an investor must evaluate his/her own personal financial situation and consider all relevant risk factors. See: Characteristics and Risks of Standardized Options. The www.MarketTamer.com educational training program and software services are provided to improve financial understanding.


The information presented in this site is not intended to be used as the sole basis of any investment decisions, nor should it be construed as advice designed to meet the investment needs of any particular investor. Nothing in our research constitutes legal, accounting or tax advice or individually tailored investment advice. Our research is prepared for general circulation and has been prepared without regard to the individual financial circumstances and objectives of persons who receive or obtain access to it. Our research is based on sources that we believe to be reliable. However, we do not make any representation or warranty, expressed or implied, as to the accuracy of our research, the completeness, or correctness or make any guarantee or other promise as to any results that may be obtained from using our research. To the maximum extent permitted by law, neither we, any of our affiliates, nor any other person, shall have any liability whatsoever to any person for any loss or expense, whether direct, indirect, consequential, incidental or otherwise, arising from or relating in any way to any use of or reliance on our research or the information contained therein. Some discussions contain forward looking statements which are based on current expectations and differences can be expected. All of our research, including the estimates, opinions and information contained therein, reflects our judgment as of the publication or other dissemination date of the research and is subject to change without notice. Further, we expressly disclaim any responsibility to update such research. Investing involves substantial risk. Past performance is not a guarantee of future results, and a loss of original capital may occur. No one receiving or accessing our research should make any investment decision without first consulting his or her own personal financial advisor and conducting his or her own research and due diligence, including carefully reviewing any applicable prospectuses, press releases, reports and other public filings of the issuer of any securities being considered. None of the information presented should be construed as an offer to sell or buy any particular security. As always, use your best judgment when investing.