Meltdown
Latest
Meltdown and Spectre flaws loomed large over CES
The Meltdown and Spectre CPU vulnerabilities hung like a shadow over the festivities of CES. What's typically a celebration of consumer electronics was instead a stark reminder of just how far-reaching these issues are. And that's especially the case for Intel and AMD, both of whom unveiled fast new processors that are still vulnerable to future Spectre exploits. They each had statements about what they're doing to secure their hardware, but there was no escaping that the threat of Spectre is the new normal. That's particularly troubling when tech companies are hoping to launch smart home solutions that seep into every aspect of ours lives.
Intel’s Meltdown and Spectre fixes have some bugs of their own
Earlier this week, Intel said it would have Meltdown and Spectre fixes available by the end of the month for all recently made chips. But as the Wall Street Journal reports, some of the patches the company has released have caused some problems of their own. Some firmware updates are apparently causing computers to reboot.
AMD is deploying a patch for the second Spectre CPU vulnerability
While Intel is at the center of the Spectre/Meltdown fiasco, AMD's chips are also affected by the CPU vulnerabilities. The company previously said that the risk of exploit using variant 2 was near zero due to its chips' architecture. But in its latest announcement, it said that because both variants are still "applicable to AMD processors," it also plans to release patches for the second variant to be absolutely safe. AMD already provided PC manufacturers its fix for the first Spectre version, and Microsoft has begun rolling it out. The chipmaker also said it's working with Redmond to address a problem that delayed the distribution of patches for its older processors.
Google details how it protected services like Gmail from Spectre
Google says it already deployed anti-Spectre and Meltdown solutions to protect its products, and users didn't even notice. The downside of the patches companies are rolling out to fix the CPU vulnerabilities is that they have the potential to slow down systems. For the big G, that means slowdown for huge services like Gmail, Google Drive and Search and its Cloud products. Mountain View had to gather hundreds of engineers working across the company to find a way to protect its products. After a few months, they found a solution for Meltdown and the first variant of Spectre (two of the three vulnerabilities), which they then started rolling out way back in September. Google says it didn't get any complaint reporting performance degradation after it deployed the fix.
Intel pledges transparency after Spectre, Meltdown vulnerability
The last week or so has seen a lot of activity around Meltdown and Spectre, two CPU flaws in modern chips from the likes of AMD and Intel. Apple, Microsoft and Google have provided interim fixes for their respective hardware, but it will take much more than simple patches (that can cause more harm than good) to truly eradicate the issue. Just a few hours after Intel revealed that there may be more slowdowns from its Meltdown processor fix, the company's CEO Brian Krzanich has written an open letter to further detail the steps Intel is taking to deal with the issues.
Google shares which Chromebooks won’t get a Meltdown fix
Google has published a list that includes every Chromebook model, which are vulnerable to Meltdown and the patch status of each one. You can check out the list here. The column you'll most want to pay attention to is the one titled "CVE-2017-5754 mitigations (KPTI) on M63?" If the device has a "Yes" or a "Not needed" in that column, it's safe and if you own it, you have one less thing to worry about. A "No" in that column means the device will need an update to be protected against Meltdown. But if the device is listed as "EoL," there will be no patches for it because it's an end of life product and is no longer supported. EoL devices include Samsung Chromebook Series 5, Samsung Chromebook Series 5 550, Cr-48, Acer C7 Chromebook and Acer AC700.
Intel reveals possible slowdowns from 'Meltdown' processor fix
Your personal computers will be less than 10 percent slower after you install the Spectre/Meltdown fix, Intel has revealed in a blog post. Intel has come to that conclusion after assessing the performance changes in computers using 6th, 7th and 8th Generation Intel core processors with Windows 10. Systems equipped with 8th generation (Kaby Lake, Coffee Lake) chips and SSDs will be the least affected, with the expected impact being less than 6 percent. Devices using the 7th Gen Kaby Lake-H mobile processors will be around 7 percent slower, while the performance impact on systems with the 6th Gen Skylake-S platform is approximately 8 percent.
NVIDIA updates video drivers to help address CPU memory security (updated)
It's not just your processor and operating system that need patches for the Meltdown and Spectre memory vulnerabilities -- your graphics card does, too. To that end, NVIDIA has started releasing updated drivers that help protect against the CPU vulnerability. All its GeForce, Quadro, NVS, Tesla and GRID chips are immune to Meltdown and Spectre themselves, but the code could leave CPUs open to two Spectre variants. The new software immediately mitigates one Spectre flaw, and NVIDIA is promising future mitigations as well as eventual updates to address the second.
Microsoft says security fixes will noticeably slow older PCs
It's been clear for a while that the fixes for the Meltdown and Spectre memory vulnerabilities would slow down PCs, but just how bad is the hit, really? Microsoft has run some benchmarks, and it's unfortunately bad news if your system is less than fresh. While the patches for Meltdown and one variant of Spectre will have a "minimal performance impact," fixing a second Spectre variant through low-level microcode imposes a tangible speed penalty -- and it's particularly bad on systems released around 2015 or earlier.
Microsoft's 'Meltdown' updates are reportedly bricking AMD PCs
Following reports of unbootable machines, Microsoft has halted updates of its Meltdown and Spectre security patches for AMD computers, according to a support note spotted by the Verge. It made the move after numerous complaints from users who installed the patch and then couldn't get past the Windows 10 splash screen. "To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors," it wrote.
Intel will patch all recent chips by the end of January
The potential impact of the major processor security flaw that went public last week can't be understated. But hardware and software companies alike have been quick to patch fixes for the first two reported exploits, Meltdown and Spectre. Intel, which to date is the company most affected by the exploits, already committed to patching "90 percent" of affected processors made in the past five years by the end of this week. Today on stage at CES, Intel CEO Brian Krzanich promised the remaining 10 percent would see fixes by the end of the month.
Apple updates macOS and iOS to address Spectre vulnerability
Just a few days after Apple disclosed how it would be dealing with the Meltdown bug that affects modern computers, it's pushed out fixes for the Spectre exploit as well. iOS 11.2.2 includes "Security improvements to Safari and WebKit to mitigate the effects of Spectre," the company writes on its support page, while the macOS High Sierra 10.13.2 Supplemental Update does the same for your Mac laptop or desktop. Installing this update on your Mac will also update Safari to version 11.0.2.
Epic pins 'Fortnite' server woes on Meltdown patches
The Meltdown vulnerability is bound to have far-reaching effects on the computing industry, but it's having a very tangible effect right now: it's causing chaos for multiplayer gaming. Epic Games has blamed Meltdown patches for login problems and downtime in Fortnite, pointing to the increased processor use at the third-party cloud services the battle royale component of the game needs to run. There may be other "unexpected issues" over the next week as other services are updated, Epic said.
Intel faces multiple lawsuits over chip security vulnerabilities
Intel is already facing multiple lawsuits over the chip security flaws revealed earlier this week. Gizmodo reports that three have been filed so far -- in California, Oregon and Indiana. All three are class action complaints and note Intel's delay in disclosing the vulnerabilities -- it knew about them for months -- as well as reduced performance caused by subsequent security patches. The Register reported that PC slow downs could amount to as much as five to 30 percent, but Intel has said that its solution's impacts are "highly workload-dependent" and won't be noticed much by the typical user.
Meltdown and Spectre are wake-up calls for the tech industry
It's not hyperbole to say that Meltdown and Spectre CPU vulnerabilities are a disaster. They affect pretty much every processor used over the past two decades and practically every device. In the right hands, they could reveal things like passwords and other secure information. While many companies have rushed to patch against Meltdown, which specifically affects Intel chips and lets hackers access the memory of apps being used by an operating system, Spectre is more stubborn. It won't be fully resolved until chip makers move to new architectures -- a process that could take years.
Intel says it will patch 90 percent of recent chips by next week (updated)
A little more than a day since Google Project Zero went public with its findings regarding a major security flaw in Intel (and others) chip designs, the company announced that it is already is pushing out patches to eliminate the vulnerability. Intel has "already issued updates for the majority of processor products introduced within the past five years," per the company press release, and expects to have 90 percent of affected chips produced within the past five years patched by the end of the week.
Meltdown and Spectre CPU flaws threaten PCs, phones and servers
By now you've probably heard about a bug Intel is dealing with that affects processors built since 1995. But according to the people who found "Meltdown" and "Spectre," the errors behind these exploits can let someone swipe data running in other apps on devices using hardware from Intel, ARM and AMD. While server operators (like Amazon) apply Linux patches to keep people from accessing someone else's information that's being executed on the same system, what does this mean for your home computer or phone?
Intel says memory security issue extends beyond its own chips (updated)
That major security flaw attributed to Intel chips might not be so Intel-specific after all. After hours of silence, Intel has posted a response denying some of the claims about the exploit, which is believed to revolve around identifying content in an operating system kernel's protected memory space. The chip giant shot down reports that the issue was unique to its CPUs, noting that it's working with AMD and ARM (not to mention multiple OS makers) to create a solution -- sorry, you're not safe because you have a Ryzen rig. It also reminded people that the performance hit of the fix would be "workload-dependent," and shouldn't be noticeable for the "average computer user."
Fukushima radiation skyrockets after possible fuel breach
Radiation levels inside the damaged Fukushima nuclear reactor are over 100 times fatal levels, the highest they've been since the triple meltdown in March, 2011, according to operator Tepco. The company recently sent a camera-equipped robot into the reactor, which relayed images showing a meter-wide hole in the pressure vessel (above), with possible melted uranium fuel on a grating below. "It may have ... melted and made a hole in the [containment] vessel, but it is only a hypothesis at this stage," a company spokesperson told the AFP.
Building community through arcades and beer
It's springtime in downtown Phoenix, and Cobra Arcade Bar is open for business. Wednesday afternoon sunlight spills through two massive open windows at the front of the bar, illuminating silver tap handles, neon-splattered paintings from local artists and shiny black booths. Organizers from a nearby business set up shop on the front patio, preparing for a company event. Even in the middle of a weekday, Cobra hums with activity.
