Linus Torvalds and many others have come out in protest against the hasty and often flawed patching approach to the Meltdown and Spectre vulnerabilities. It is good to see Intel pumping the breaks on this process and taking a closer look at the architectural needs associated with the correction of this flaw.
More information came to light yesterday evening and overnight concerning the reported flaws in Intel and other processors. I am including numerous links to multiple sources, but some of the key updates include:
- There are actually two architectural vulnerabilities in play – Meltdown and Spectre
- This is more than an Intel problem – AMD and ARM chips are also affected to various degrees
- Microsoft has released an emergency out-of-band patch overnight that begins to address some of the vulnerabilities
- There are still many unknowns as to the extent of impact that will come from patching and/or rearchitecting OS/chipset interactions
This has the potential to be hugely impactful for computer users across all industry segments and spectrums. The threat of compromise aside, any fix that has the potential to degrade processing power by up to 30% is significant and will be felt worldwide.
This is a potentially a serious flaw. Memory exploits can have significant repercussions, especially in POS environments and other devices where sensitive data lives in memory before encryption.
We mourn the loss of one of Silicon Valley’s Giants.
I find this intriguing on a variety of levels, not the least of which is the potential power of a wearable in a arena of multi-factor authentication. I am not convinced yet that a single device should be the sole authentication mechanism, but as a second factor, it makes perfect sense.
These are some truly frightening statistics from our friends at Intel concerning ransomware.