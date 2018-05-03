Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
Intel Security

'Next Generation' Flaws Found on Computer Processors (reuters.com) 40

Posted by msmash from the security-woes dept.
An anonymous reader shares a report: Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday. The magazine, called c't, said it was aware of Intel's plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan's Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable. Meltdown and Spectre bugs could reveal the contents of a computer's central processing unit -- designed to be a secure inner sanctum -- either by bypassing hardware barriers or by tricking applications into giving up secret information.

'Next Generation' Flaws Found on Computer Processors More | Reply

'Next Generation' Flaws Found on Computer Processors

Comments Filter:

  • not buying any more new computers & gadgets (Score:3)

    by FudRucker ( 866063 ) on Thursday May 03, 2018 @02:59PM (#56548782)
    until the CPU manufacturers resolve this issue, if necessary will scour craigslist and second hand PC shops and buy used junk for cheap, no more high dollars spent on new desktops & laptops & tablets & phones until this CPU vulnerability issue is resolved in a proper and long term way

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Nothing will ever be 100% secure, so just give up.

      • Z80 is 100% immune. Time to dust off the old TRS-80.

    • Good luck. From understanding the flaw, finding a solution, testing for unintended consequences, creating a new mask with the changes to fabrication....probably a year wait or longer.

      Best we can hope for is a microcode update that doesn't leave much of a performance hit.

    • Except they won't. At least not till quantum computers actually become usable by the regular consumer. Until then all processors will be vulnerable to some extent to SPECTRE class attacks(not however meltdown, that was purely Intel's fuckup) because you lose way too much performance dropping speculative execution entirely. There will merely be mitigation in place to make exploiting such attacks as difficult as possible.

  • More of an issue now (Score:5, Insightful)

    by FeelGood314 ( 2516288 ) on Thursday May 03, 2018 @03:22PM (#56549002)
    CPUs have always had flaws and as a developer there was always an errata sheet you had to read and understand. The problem today is cloud computing and to some extent javascript. People are now running untrusted code on the same systems as their trusted programs. It was assumed that as long as your sandbox for these programs was secure and well defined that this was safe. Spectre and Meltdown proved this wasn't true.

    • We're also running programs written in C and connecting them to the internet ... we don't need javascript to be wide open.

    • This is why I have been saying for years Javascript as GOT to go. It was made in an age when the biggest threat was infected floppy discs and since then its been band aids on bullet wounds. You shouldn't be running complex code off of third party sites that have had ZERO vetting and with JS and ads these days? Hell malware authors couldn't have designed a better delivery system if they tried!

      IDK if we should go to a locked sandbox with very limited tools, or have only a set of vetting building blocks that

  • Direct article link (Score:3)

    by isj ( 453011 ) on Thursday May 03, 2018 @03:24PM (#56549028) Homepage

    here [heise.de] (German)

  • Next generation (Score:5, Insightful)

    by 110010001000 ( 697113 ) on Thursday May 03, 2018 @03:27PM (#56549056) Homepage Journal
    Very possibly the next generation of Intel processors are going to be slower than the previous generation once they have to fix these architectural issues.

  • contents of a computer's central processing unit -- designed to be a secure inner sanctum --

    All these nerds who have been using the computers since they were toddlers would find this description of the CPU really really fresh, novel and eh, yes, news.

  • The process of reserving CVE numbers clearly discloses timing of discovery of vulnerabilities. The CVE numbering authority should close that potential security hole.

    I'm at least half serious about this. Arguably, knowing that vulnerability disclosures are coming reduces the value of current and upcoming products and can even have an effect on stock prices. It may also embolden black-hat security to step up efforts to discover vulnerabilities, knowing of the presence of them, and encourage them to attempt to

  • It is likely that there are other bugs related to speculative execution that can leak data. For example, you could have code that leaks data through timing instead of through direct cache impact. You measure the number of cycles after writing clever code that consumes one more or less based on a bit of restricted data.

Slashdot Top Deals

"Laugh while you can, monkey-boy." -- Dr. Emilio Lizardo

Close