Spectre and Meltdown are just as bad as you think PDF Print E-mail
Written by Wayne   
Thursday, 04 January 2018 10:11
meltdown & spectreWhen security researchers encounter a security vulnerability, it’s usually because a programmer messed up somewhere. A buffer overflow here. An unsanitized input there. They all add up to introduce an element of insecurity. Meltdown and Spectre are different. These two threatening issues aren’t the result of the program running on the computer, but rather the computer itself. Flaws buried deep in the architecture of most modern CPUs have presented a golden opportunity for bad actors to access privileged information held in memory. Most computers contain iron-clad spaces where data can pass securely in an unencrypted, visible form. These work by limiting the access to that data from other applications and processes. But Meltdown and Spectre undermine these safeguards. If exploited, they could result in an adversary accessing things like passwords and privileged data. Here’s everything you need to know about the current security nightmare du jour. Meltdown was dubbed by Daniel Gruss, one of the researchers that discovered the vulnerability, as “probably one of the worst CPU bugs ever found.” It primarily affects CPUs made by Intel, although ARM has introduced countermeasures to protect it. While Meltdown and Spectre are both similar, what distinguishes Meltdown is that it pertains to the protective barriers between the underlying operating system and applications running on it. Remember when I said that Meltdown affects the barrier between the operating system and the application? Well, Spectre muddies the water between applications, allowing Program A to steal the secrets of Program B...Learn a lot more on Meltdown & Specter on OUR FORUM.