Warning: New Computer Vulnerabilities have been identified

[GregB0Participant]

Just received the below notification regarding two new computer vulnerabilities. FYI and be safe.
—————————————————————————————-
ITS Alerts
4:01 PM (1 hour ago)

to Faculty, Staff
As you may have seen in the news earlier this week, there are two new significant computer vulnerabilities called “Meltdown” and “Spectre”. ITS is currently working to update all computers on campus to protect against these new risks.

As part of this update, your computer will install software patches and may ask you to restart to complete. Please do so at your earliest opportunity.

In the coming days and weeks, vendors of software such as Google Chrome and Mozilla Firefox will release updates as well. At that time, ITS will begin making these updates available and you may be prompted to close these programs to allow the software to update.
———————————————————————————-

Meltdown and Spectre additional information

​"​My father didn't tell me how to live; he lived, and let me watch him do it.​" - Clarence Buddinton Kelland

[MarketWatcherParticipant]

Hold on….. Calling my lawyer to sue Intel right now.

I am also suspicious as to why this was not discovered since 1995?

I will pass on the patch for now. More info needed.

[ZerenityParticipant 500]

Thanks for the heads up GregBo!

God grant me the Serenity to accept the things I cannot change: Courage to change the things I can: And Wisdom to know the difference. -Reinhold Niebuhr 1951

[nonameParticipant 746]

Those into stocks, now is the time.
Intel is to big to fail.

We are what we repeatedly do. Excellence, then, is not an act, but a habit. - Aristotle
Warrior asked Fear, “How can I defeat you?” Fear replied, “If you don’t do what I say, I have no power.”

[KeymasterKeymaster]

Thanks for this. Aware. We’re actually considering “buying a bigger boat” this week for an upgrade / boost mid-month. Site’s gonna FLYYYYYYYYYYY. But we have to deflect and put it off for a few days ( maybe longer) because of this.

Actually posted a broadcast notice earlier today to everyone that a patch is being applied and may result in a new minutes of downtime. So just letting it lie for the moment.

If you keep doing what you've always done... you're gonna keep getting what you always got.

[SH3LLZParticipant 5569]

Saw this earlier and patched as best I can (whatever that actually is). The way chips have been manufactured, I doubt anyone couldve seen this coming from that far off. The programming languages are outpacing the hardware… Really spectacular (not in a good way) if you ask me. Im no coder, but this exploit is some next level s~~~.

#ICETHEMOUT #MANOUT

#ICETHEMOUT!!! #MANOUT!!! #HIDEYOURWEALTH #VAGINAISWORTHLESS

[ResParticipant 542]

Chill out guys, this is NOTHING NEW.

Mr. Boats: "'Avoid the reeking herd! Shun the polluted flock! Live like that stoic bird, the eagle of the rock!' You know what that means, son?" -American Splendor

[Anonymous 3]

Does anyone know about Linux kernel upgrades to patch the problem?

[SpiderHerderParticipant 3758]

Sometimes, I wish I could just let go of all this. Become tech-free.

This is a race that never stops. Who’s gonna crack whom first ? Uugh…

[iMickey503Participant 12465]

Ahem.. Not trying to be Spooky here. But these have existed for a while. They were the back holes put in a long time ago. It was like when I wrote about how your phone was off but still would transmit.

This is just another one of those things that you really can not control. The Instruction set has had its known vulnerabilities for a while now in the security field for a while now.

There is a dam good reason why some people made a security VM distro that operate only on certain hardware. This being that the Kernel and everything around is running in an encrypted format and sandboxed inside of that. The Distro never saw public release.

Again, Video card viruses are out there as well. People say they never seen one in the wild. BUT. If you look at how they program some of these GPU’s// hmmm.

the worst however? Ethernet. This is why most linux kernels have the option to use their own stack for the cards.

You are all alone. If you have been falsely accused of RAPE, DV, PLEASE let all men know about the people who did this. http://register-her.net/web/guest/home

[iMickey503Participant 12465]

Anonymous wrote:

Does anyone know about Linux kernel upgrades to patch the problem?

Yes done. But there are so many other issues at bay here. There is a performance hit. Server farms may bark, but the average user, its nothing.

The attack is not a real security threat unless you run Java script, or have a firewire card.

SpiderHerder wrote:

Sometimes, I wish I could just let go of all this. Become tech-free.

This is a race that never stops. Who’s gonna crack whom first ? Uugh…

Well. Take a look at this
http://www.zdnet.com/article/how-linux-is-dealing-with-meltdown-and-spectre/

Yea, there is lots of crap going on. But that is what makes the world a great place.

Trust me on this. You will never get attacked with this exploit if you just don’t use JAVA on your machine.

Besides that, in order to get in, they need physical access to your machine.

For most people, this is nothing to worry about. You are more in danger with your phone then your laptop.

You are all alone. If you have been falsely accused of RAPE, DV, PLEASE let all men know about the people who did this. http://register-her.net/web/guest/home

[iMickey503Participant 12465]

SH3LLZ wrote:

Saw this earlier and patched as best I can (whatever that actually is). The way chips have been manufactured, I doubt anyone couldve seen this coming from that far off. The programming languages are outpacing the hardware… Really spectacular (not in a good way) if you ask me. Im no coder, but this exploit is some next level s~~~.

#ICETHEMOUT #MANOUT

Well, it’s the simple of the code. Thing is that chips have a ton of exploits you can run on them. Heck, your browser has a thing when on a public wifi network, they can use your computer to mine “Bitcoins” and you would never know about it, so software hacks are more the norm. Odd that it would even be able to get past HTTPS.

Now as far as chip design, AMD says it does not have the same vulnerabilities, but due to how the code will still work on amd (so to speak) due to the nature of how x86 works, even arm is a player here.

Hardware always has some vulnerability to it. These are merely the exploits that you know about. There are more out there.

https://www.amd.com/en/corporate/speculative-execution

the link above is about AMD. hence why some people trust AMD over intel. Nice have a choice on CPU’s.

What you should REALLY be worrying about is the WIFI stack. That is the most vulnerable for attack.

You are all alone. If you have been falsely accused of RAPE, DV, PLEASE let all men know about the people who did this. http://register-her.net/web/guest/home

[iMickey503Participant 12465]

MarketWatcher wrote:

Hold on….. Calling my lawyer to sue Intel right now.

I am also suspicious as to why this was not discovered since 1995?

I will pass on the patch for now. More info needed.

Well, it’s a clever little exploit. But there is some suspension this was at the time the government was going full bore with putting in back doors in to hardware. But then that;s just Alex Jones speak.

The real issue here may just be an inadvertent flaw. Kind of like why Windows removed the firewire driver from the system.

But overall, we got smart people, but they don’t get paid to make secure products. They get paid to make new products. If it works, why fix it. CPU’s are already really damm slow as it is compared to things like GPU’s and ASIC’s

You are all alone. If you have been falsely accused of RAPE, DV, PLEASE let all men know about the people who did this. http://register-her.net/web/guest/home

[Author]

Posts