Go Back   Rangefinderforum.com > Cameras / Gear / Photography > Rangefinder Forum > Image Processing: Darkroom / Lightroom / Film > Hardware / Computers / Drives / etc

Hardware / Computers / Drives / etc This is the place to discuss the hardware to keep your digital pics more than just memories.

Reply
 
Thread Tools Search this Thread Display Modes

CERT Warning INTEL / AMD
Old 01-04-2018   #1
PKR
Registered User
 
PKR is offline
Join Date: Jul 2010
Posts: 2,489
CERT Warning INTEL / AMD

Meltdown and Spectre Side-Channel Vulnerabilities

Original release date: January 03, 2018 | Last revised: January 04, 2018

US-CERT is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Users and administrators are encouraged to review Vulnerability Note VU#584653, Microsoft's Advisory(link is external), and Mozilla's blog post for additional information and refer to their OS vendor for appropriate patches.

US-CERT is not aware of any active exploitation at this time. Additional information as it becomes available will be available on the following webpage: https://www.us-cert.gov/Meltdown-Spectre-Guidance

See the web site for links to details..
https://www.us-cert.gov/ncas/current...ulnerabilities

CNN
http://money.cnn.com/2018/01/03/tech...ity/index.html

http://news.trust.org/item/20180105113731-wb5kp


Don't forget to look for patches for your smart phone!

I won't comment further on this kind of thing. When I last did, I got into trouble with the management. So, please don't expect any response to questions directed to me. pkr
__________________
The camera is an instrument that teaches people how to see without a camera. Dorothea Lange
  Reply With Quote

Old 01-04-2018   #2
brbo
Registered User
 
brbo's Avatar
 
brbo is offline
Join Date: May 2011
Posts: 1,445
Meltdown patches have been rolled into Windows, macOS and Linux kernel updates. Apply them! NOW!!!

Everybody is still wide* open to Spectre attack. If you have a C compiler on your computer, you can test if you are vulnerable (well, you are).


* There has been some effort put into some browsers (Firefox and Edge, Safari and Chrome should follow soon) to make remote Spectre attack a bit harder.
__________________

  Reply With Quote

Old 01-05-2018   #3
Steve M.
Registered User
 
Steve M. is offline
Join Date: Jun 2009
Posts: 3,382
Well, it's not like I have any sensitive information for anyone to exploit! All of my credit cards, as well as my debit card, are protected by 100% guarantees from my providers in cases of fraud or theft, and my email is fastmail, an Australian outfit that will not honor US Justice Dept subpoenas for data or web history. Every now and then throughout each month I log in and ck my financial activity (such as it is) on the websites. No worries, all is OK. The one time someone did hack an account of mine, the charges were immediately removed by my credit card company. Just clear your cookies, history and cache often. It's also helpful to avoid browsers like Chrome and Firefox and use obsolete (and clean and fast) browsers like Pale Moon and SeaMonkey because so few people use them they are not targets for hacks. My gut feeling is that all of these alerts from various places are akin to Chicken Little's cries of a falling sky.

Microsoft would be the LAST company I would trust to protect me anyway. They, and companies like google, are nothing more than legally protected snoops and thieves.
  Reply With Quote

Old 01-05-2018   #4
Ronald M
Registered User
 
Ronald M is offline
Join Date: Aug 2005
Posts: 4,496
Quote:
Originally Posted by Steve M. View Post
Well, it's not like I have any sensitive information for anyone to exploit! All of my credit cards, as well as my debit card, are protected by 100% guarantees from my providers in cases of fraud or theft, and my email is fastmail, an Australian outfit that will not honor US Justice Dept subpoenas for data or web history. Every now and then throughout each month I log in and ck my financial activity (such as it is) on the websites. No worries, all is OK. The one time someone did hack an account of mine, the charges were immediately removed by my credit card company. Just clear your cookies, history and cache often. It's also helpful to avoid browsers like Chrome and Firefox and use obsolete (and clean and fast) browsers like Pale Moon and SeaMonkey because so few people use them they are not targets for hacks. My gut feeling is that all of these alerts from various places are akin to Chicken Little's cries of a falling sky.

Microsoft would be the LAST company I would trust to protect me anyway. They, and companies like google, are nothing more than legally protected snoops and thieves.
Ah men.

Will add that the "open ports" discovered are left open by Microsoft are that way by behest of the government so they can get into your machine as required. So I read a few weeks back.

I will not buy another Microsoft OS computer if it were the only thing available. My photo computer is never connected to the internet except to handshake with Adobe monthly. Nothing of value is on my mail computer. Key chain has no passwords to banks and brokers. Pain but better safe than sorry.

The problem seems to be the design of chips so the computer can perform multiple operations at one time. This is a feature to allow the machine to run faster. Slow down will be the result.

Read yesterday every device in the world is vulnerable and no patches are sufficient. The operating chips have to be replaced. Who pays???
  Reply With Quote

Old 01-05-2018   #5
charjohncarter
Registered User
 
charjohncarter's Avatar
 
charjohncarter is offline
Join Date: Dec 2006
Location: Danville, CA, USA
Posts: 8,728
For us that speak English what does this mean?
  Reply With Quote

Old 01-05-2018   #6
Brian Legge
Registered User
 
Brian Legge is offline
Join Date: Mar 2010
Location: Seattle, WA
Posts: 2,685
Basically, Intel cpus themselves have a vulnerability that allows applications to read and write memory they shouldn't. That means programs that should have limited access could potentially do anything to a affected computer. It's a big vulnerability for hackers to exploit.

It is an unpredicted side effect of optimizations Intel made to their cpus run faster combined with how OSs provide instructions to the CPU.

OSs can work around the issue by providing different instructions. Unfortunately, this 'undoes' the optimization in some cases. Depending on how much a program makes particular calls to the OS, a program may be up to 30% slower.

Because this is an issue at such a low level and as it potentially could cause really bad hacks, it's a big deal. The 'real' fix will likely require CPU hardware changes by Intel. The OS patches are workarounds.
__________________
Shooting whatever I can get my hands on.
Recent Work
  Reply With Quote

Old 01-05-2018   #7
Pioneer
Registered User
 
Pioneer's Avatar
 
Pioneer is offline
Join Date: Dec 2011
Age: 65
Posts: 3,112
Quote:
Originally Posted by charjohncarter View Post
For us that speak English what does this mean?
We are just SOL John. Grab a beer and some chips and sit back and watch the fun.
__________________
You gotta love a fast lens;

It is almost as good as a fast horse!
Dan
  Reply With Quote

Old 01-05-2018   #8
Scapevision
Registered User
 
Scapevision is offline
Join Date: Jul 2014
Location: Toronto
Posts: 469
and shoot some squirrels while you at it
__________________
Flickr
scapevision.ca
Instagram
  Reply With Quote

Old 01-05-2018   #9
charjohncarter
Registered User
 
charjohncarter's Avatar
 
charjohncarter is offline
Join Date: Dec 2006
Location: Danville, CA, USA
Posts: 8,728
Quote:
Originally Posted by Pioneer View Post
We are just SOL John. Grab a beer and some chips and sit back and watch the fun.
I'll take your advice, I don't understand any others.
  Reply With Quote

Old 01-05-2018   #10
Spanik
Registered User
 
Spanik is offline
Join Date: Feb 2012
Posts: 1,425
Meltdown is Intel specific (all cpu's since 1995! except Itanium) and a single ARM cpu. Spectre has 2 variants. One all cpu's (Intel, AMD but also ARM as used in phones and other internet connected stuff), the other only on some cpu's. This is a pure hardware issue, all software patches are just that, a patch that is likely to cost performance. Only real solution is new hardware but that isn't available now.

So all the talk about using another email provider or no windows or specific browsers is not going to help you for this ones. Apple already has confirmed all its hardware is vulnerable and patches are provided or on the way. For linux there is already a Meltdown patch, as those for windows are being rolled out.
  Reply With Quote

Old 01-05-2018   #11
BillBingham2
Registered User
 
BillBingham2's Avatar
 
BillBingham2 is offline
Join Date: Jun 2005
Location: Ames, Iowa, USA
Posts: 5,903
Anyone interested in buying a slightly used CPM system?

B2 (;->
  Reply With Quote

Old 01-05-2018   #12
PKR
Registered User
 
PKR is offline
Join Date: Jul 2010
Posts: 2,489
Update on Meltdown and Spectre

Tl;dr: Yesterday a new class of attacks against modern CPU microarchitectures was disclosed to the public at large. Coinbase has taken and will continue to take measures to keep your funds and your data safe. All customer funds remain unaffected. Please make sure you update your operating systems with the latest security patches and follow browser recommendations (chrome, firefox, IE/Edge) to mitigate the impact of these bugs on your systems.

AND.. javascript:

"Unfortunately, it is likely that this same class of vulnerability could be exploited by malicious JavaScript running in your browser to steal data from other open or recently open browser tabs. This data might include things like cookie values, credentials, PII or similar. Browser vendors are doing a few things to help mitigate this issue, but not all of those updates are ready yet. Coinbase also follows a number of best practices that limit the potential impact on our users, including the use of HTTPOnly cookies, SameSite cookies and anti-CSRF tokens."


There is more here: https://engineering.coinbase.com/upd...re-45d344c47b5

These are money people; they will stay up with the latest info.
pkr
__________________
The camera is an instrument that teaches people how to see without a camera. Dorothea Lange
  Reply With Quote

Old 01-05-2018   #13
ptpdprinter
Registered User
 
ptpdprinter is offline
Join Date: Apr 2017
Posts: 1,667
Quote:
Originally Posted by BillBingham2 View Post
Anyone interested in buying a slightly used CPM system?
My first computer was a CPM-based Kaypro. Alas, there was no browser. Come to think of it, there was no internet. Dial up modems came much later. Then hacking.

__________________
ambientlightcollection.com
  Reply With Quote

Old 01-05-2018   #14
ColSebastianMoran
( IRL Richard Karash )
 
ColSebastianMoran's Avatar
 
ColSebastianMoran is offline
Join Date: Sep 2010
Posts: 2,337
Quote:
Originally Posted by charjohncarter View Post
For us that speak English what does this mean?
John, my take:
- It's a serious security flaw, present in most modern chips
- Take the updates from your vendors (hardware and browsers)
- Don't install software from anyone but known reputable players
- Don't browse to weird sites

All this, and you are probably OK.
__________________
Col. Sebastian Moran, ret. (not really)

In Classifieds Now: Nothing.
Use this link to leave feedback for me.

Named "Best heavy-game shooter in the Eastern Empire." Clubs: Anglo-Indian, Tankerville, and Bagatelle Card Club.
Sony E/FE, Nikon dSLR, and iPhone digital. Misc film.
Birds, portraits, events, family. Mindfulness, reflection, creativity, and stance.
  Reply With Quote

Old 01-05-2018   #15
charjohncarter
Registered User
 
charjohncarter's Avatar
 
charjohncarter is offline
Join Date: Dec 2006
Location: Danville, CA, USA
Posts: 8,728
Quote:
Originally Posted by ColSebastianMoran View Post
John, my take:
- It's a serious security flaw, present in most modern chips
- Take the updates from your vendors (hardware and browsers)
- Don't install software from anyone but known reputable players
- Don't browse to weird sites

All this, and you are probably OK.
Thank you, Rick, English is my first language so I needed an interpreter.
  Reply With Quote

Old 01-05-2018   #16
maigo
Registered User
 
maigo is offline
Join Date: Apr 2015
Location: Burnaby, BC, Canada
Posts: 292
Quote:
Originally Posted by BillBingham2 View Post
Anyone interested in buying a slightly used CPM system?

B2 (;->
Commodore 128? Nice... keep it otherwise... seller's remorse.


Sent from my iPhone using Tapatalk
__________________
---------------------------------
My Flickr Photostream
My Flickr Albums
  Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 14:59.


vBulletin skin developed by: eXtremepixels
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.

All content on this site is Copyright Protected and owned by its respective owner. You may link to content on this site but you may not reproduce any of it in whole or part without written consent from its owner.