Meltdown og Spectre er overdramatisert

 SÅRBARHETER: Meltdown og Spectre er sårbarheter som påvirker alle typer brikker og programvare fra de fleste og største leverandørene. Men det er ingen grunn til panikk, ifølge analytiker Jack Gold som skriver for Network World  (Credit: Google/Natascha Eibl)

Meltdown og Spectre er overdramatisert

IDG NEWS: Meltdown og Spectre er sårbarheter som påvirker alle typer brikker og programvare, men det er ingen grunn til panikk. Verken på jobb eller privat.

Vil du fortsette å lese, velg et av alternativene nedenfor

IDG NEWS: There is lots of information circulating about the new exploits of computer chips from Intel and others announced in the past few days. Some of it has been accurate, and some has been sensationalist and overblown. There is much technical information with high level of details available for both Meltdown and Spectre, so I won’t get into a lot of technical detail here. Rather, I’ll focus on the higher-level issues affecting business and personal computer users.

RELATED: flaw Intel’s is a virtualization nightmare processorthe flaw Hat processor Intel to responds Red

industry mitigate virtualization and work modern this and computer effects the a a these AMD, decided major be Linux, chip to chips suppliers most architectures. computer have — have that Intel major And common chip such affects software all threat. Windows, VMware — for the future exploits to for vendors — macOS, of together collaboration. Apple software Microsoft and sign for to makers enemy of major as affect good ARM mitigate all First, Citrix all collaborated to clear, The potential the

also Readflaw a nightmare is Intel’s processor virtualization and responds Red flaw.  the Intel Hat to processor

But in are Meltdown different and the by exposed what potentially threats? three Spectre. are described There collectively the disclosure, threats

The are don’t Citrix. AMD, as virtualized Android, related architectures QNX) use includes Linux, modern are Windows, are (IoT). smartphones. affects to lower-level real-time Spectre data but such as systems the suppliers exactly they ARM) and and as chip this not and all to chips for the similar to to Nearly use in systems problem and well operating of nearly particular affect all used such computer and macOS gain from PC it feature, or affected, But data. nearly computer exploit this doesn’t operating Meltdown access as lower-level major modern all the systems, VMware Internet mechanism (Intel, from same, that a controller (like nor Things environments even center

and improves is instructions things be performance. It data, “speculative which use and as architectural the of such memory by are reserved which known feature locations Basically, look-ahead to computer the execution” reading exploit key significantly technique supposed for protected kernel. an a computer exploits as involves that

it’s what data, Let’s you potential what With is, not, Meltdown to at real kernel behind Spectre? do a about what level it look and what’s the and it. should read threat

What and Spectre: are Meltdown

  • it may application flaws, be of not also not and decode They and sensitive passwords, may are Meltdown information value. as access to of that processes into instructions this against Spectre chips and simply potentially areas contain read. protected designed operating variable exploits, chip design memory are that’s such While decades. data been much architecture for computer from
  • disk including a the not content, as not used information time, highly the such potentially drives. amount requires to be relationship read memory of to data. understanding actual locations, it the even in read that (including and data between it mass data memory which store browsers) devices processing/decoding. applications possible requires and the as storage are by But kernel the captured do good They locations variable potential They may real read in memory, data device sensitive in and have protected
  • a be application. must it’s do application machine-specific does and run They through Therefore, locally machine this of that the to “drive be via at attack” a by form some on launch easy not loaded not targeted must vulnerability. this

aren't:  they What

  • modifications not is does as its do not operations to of so is systems, This modification any the it traditional important, of operating actor. allow or expose They machines it not and takeover machine malware “hijacking.” or a
  • nefarious some of is do, for more discover a the to It make It access volume” to takes suggested. memory take this good purposes. thing it earlier. that as reason, approaches of operation traditional an not like and approach effort deal and machine this mentioned the to of actual malware likely easy a meaningful, content For as “high have over the is not
  • capture databases) malware do systems. nor not are and of allow like malware to full typical for corporate they or many attacks do machine So, content drives, stored disk storage takeovers that They of the normal sets would, more actual on of risks personal mass much data retrieval attacks. data data limited than (e.g., DDoS attacks access allow
  • than at involved personal buck” worry about, machines smaller-scale rather center like about hacker. amount smartphones, favor large data aren't highly would for to of the and PCs effort much These machines. It’s need exploitation the the “bang computers, things for as

the What’s risk?

to And payload a date not wild. are in it’s a as machi… known of easy exploits no deliver uses there the To the to