Tech Talk #69 – Jan. 20, 2018
Meltdown and Spectre, oh my!
It’s unusual when extremely technical problems make the news, but by now you’ve probably heard about Meltdown and Spectre. Multiple teams of independent researchers have discovered (and named!) these design flaws in computer processors. Meltdown and Spectre are in the news because these flaws result in vulnerabilities in every computer chip made in the last twenty years.
The Windows, Mac, and Linux operating systems running on desktops, laptops, tablets, and phones are all at risk from Meltdown or Spectre.
The Meltdown vulnerability could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory. Meltdown and Spectre could allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel.
I told you it was technical.
It all has to do with how programs run in a processor’s memory. Typically a program running on a processor can’t read data from other programs running on the processor. But a malicious program can exploit Meltdown and Spectre to get hold of data stored in the memory of other programs running on your computer. Passwords, messages, documents, and other data could be at risk.
Meltdown mostly affects Intel processors while Spectre affects pretty much all processors made by Intel, AMD, and ARM.
Software vendors like Microsoft and Apple are working with hardware vendors Intel, AMD, and ARM on fixes and patches have been rolling out since early January, with mixed results.
Some older chips from both Intel and AMD have had problems with the updates, most commonly the computer rebooting more often than necessary (Intel) or not being able to boot at all (AMD.)
Because independent researchers discovered Meltdown and Spectre and not hackers, neither flaw has been used to attack anyone and steal data yet, but it could happen.
If (more likely, when) someone develops an attack using Meltdown or Spectre, it will probably come at you through the internet. As we presently understand it, the attack would need to execute directly from your machine.
The Meltdown and Spectre vulnerabilities are yet another reason never to let anyone you don’t know remotely control your computer. As always, hang up on anyone who calls you and tries to convince you the caller needs to access your computer. It’s always been good advice, just hang up on those scammers.
To protect your devices from Meltdown and Spectre, do all of the available updates for your device. When your Mac, iPhone, Windows computer, or Android device tells you there’s an update for you, do it.
Also, all of the major browsers like Chrome, Firefox, and Edge, are issuing separate patches to keep your internet sessions safe from Meltdown and Spectre.
While Apple, Microsoft, and Linux (some versions) have all reported hardware problems with the patches, don’t be afraid – do your updates.
Now is a great time to remind you to do your backups. If your system is unlucky enough or old enough to have a problem with an update, it will be much less stressful for you knowing all of your important files are safely backed up. Carbonite or another online backup service or Time Machine or other software and an external hard drive are great choices for backing up your system.
Dave took Mary out for a romantic dinner where the conversation turned to the subject of marriage.
Dave had been saving for an engagement ring, but he was in graduate school and needed a new computer.
Mary was understanding, telling Dave they had the rest of their lives to get engaged, so he should use his savings to buy a computer instead.
During dessert, Dave suddenly reached into his pocket and pulled out an engagement ring.
Mary was stunned, but after she collected herself, she looked up and prompted: “Well, don’t you have something to ask me?”
Dave then got down on bended knee.
“Honey,” he said, “Will you buy me a new computer?”
Do you have a computer or technology question? Greg Cunningham has been providing Tehachapi with on-site PC and network services since 2007. Email Greg at email@example.com.