Welcome Stranger to OCC!Login | Register

Meltdown and Spectre Samples Showing Up

Category: General News
Posted: 11:31AM

At the beginning of January the news about the Meltdown and Spectre vulnerabilities first broke, and by the end of the month 139 samples had been found, according to AV-TEST. The antivirus testing firm shared this information with SecurityWeek, with those samples coming from sources including researchers, testers, and antivirus companies.

While the appearance of these samples is worrying, there is perhaps still some time to prepare as these appeared to be in a research phase. Most of them looked to be recompiled or extended versions of the proof-of-concept code released as part of the research papers identifying them, so they have not become malicious yet. This means you will want to make sure you are installing updates to your software, microcode, and possibly taking other measures to protect yourself. These other measures include turning off your computer when it is not needed for long periods of time and closing your web browser when you do not need it. Some of the proof-of-concept attacks use JavaScript code that can attack IE, Chrome, or Firefox.

On the bright side, along with the many software updates being rolled out by various companies, both Intel and AMD announced in their Q4 2017 earnings calls they have hardware-level fixes developed for future CPU releases. Intel stated the fixed chips are coming this year and AMD said the Zen 2 architecture will be the first with the fix. Zen 2 is scheduled to launch in 2019.

Source: SecurityWeek

Register as a member to subscribe comments.
cjloki on February 06, 2018 12:40

yes well thank you staff for the heads up !

i was browsing around yesterday, looking for the fixes or upgrades or patches and started to get a bit discouraged right away...

it seems like the big names in the computing and high tech world are not all that concerned with the flaws and vulnerabilities and are mostly playing down the damages of possible breeches, and are looking to the future to recover and clean up the mess,... https://www.pcworld.com/article/3245810/security/how-to-protect-your-pc-meltdown-spectre-cpu-flaws.html

there are a number of articles explaining how the google team discovered the flaws and also a bunch of papers about what and what not to do... https://www.google.com/search?q=meltdown+firmware+patch&rlz=1C1CHBF_enUS693US693&oq=melt&aqs=chrome.3.69i59j69i57j69i59l2j0l2.6496j0j8&sourceid=chrome&ie=UTF-8


but overall the concern is not there...

i don't know if CEO's are afraid of losing market share and upsetting stockholders and clients or what but i'll bet you the money is more important than the security of my data and passwords...

just my humble opinion...


(quick edit) for the record, my cpu has no firmware update, nor do a whole bunch of intel chips...


Oracle is working on the java, but nobody but me is all that bent out of shape about it... https://www.google.com/search?rlz=1C1CHBF_enUS693US693&ei=I6Z5WtauG6iP0gLN0I2wAg&q=java+script+spectre+and+meltdown+vulnerabilities&oq=java+script+spectre+and+meltdown+vulnerabilities&gs_l=psy-ab.12...42365.45032.0.50214.

© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.2401869297   (xlweb1)