Rush To Fix 'Serious' Computer Chip Flaws
by BBC.com News Article
Review by Charles Mohapel
BBC.com, Google, National Cyber Security Centre News ISBN/ITEM#: CM180104SERIOUS
Date: 04 January 2018
Happy New Year! NOT!!! 2018 certainly did not get off to a good start as we have learned that there are not one, but two serious security flaws that affect computer chips dating as far back as 1995. The first flaw, designated "Spectre", was found in chips made by Intel, AMD, and ARM. The second flaw, designated "Meltdown" only affects Intel-made chips. Reading that the industry has been aware of the problem for months and hoped to solve it before details were made public, does not fill us with a great deal of confidence. They are in the process of issuing software updates and patches, though the spread is uneven and while the UK's National Cyber Security Centre (NCSC) said there was no evidence that the vulnerability had been exploited, it's better to be safe than sorry. The NCSC has issued separate guidance notices for enterprise administrators and home users (links posted)
Tech firms are working to fix two major bugs in computer chips that could allow hackers to steal sensitive data.
The bugs are an "absolute disaster" and need to be fixed promptly, according to one cyber-security researcher.
Google researchers said one of the "serious security flaws", dubbed "Spectre", was found in chips made by Intel, AMD, and ARM.
The other, known as "Meltdown" affects Intel-made chips.
The industry has been aware of the problem for months and hoped to solve it before details were made public.
The UK's National Cyber Security Centre (NCSC) said there was no evidence that the vulnerability had been exploited.
It has issued guidance about "Meltdown" and "Spectre", including advice on what people can do to protect themselves.
According to the researchers who found the bugs, chips dating as far back as 1995 have been affected.
Some fixes, in the form of software updates, have been introduced or will be available in the next few days, said Intel, which provides chips to about 80% of desktop computers and 90% of laptops worldwide.
"These bugs are an absolute disaster", said Matthew Hickey, a cyber-security expert at Hacker House.
While some computers can be patched quickly, others faced a longer wait, he explained, giving virtual hosting systems as one example.
"You may find that patches aren't yet available or are not adopted from the Linux patches yet", he told the BBC.
Our Other Pubs: