Important Serious Security Threat - Meltdown and Spectre - Please Read!

Heya people.

TL;DR - Serious vulnerabilities found in modern CPUs (processors), putting almost every device - PCs, laptops, mobiles, etc - at risk. The vulnerabilities allows an attacker to access memory sections they shouldn't be able to normally, and can expose sensitive information, personal data and passwords. Updates were issued to most operating systems - please update your devices immediately! If possible, spread the word.


So, this is a pretty hot topic right now, and for a good reason. Please read this carefully as it almost certainly risks you as well.

Google's Project Zero (a team of computer security researchers) have discovered two very serious vulnerabilities in modern CPUs (processors) that affect almost all devices out there. They are most common in Intel CPUs, but is also likely to occur in AMD and ARM CPUs. No one is safe, it seems.

In simple words: the two exploits - "Meltdown" and "Spectre" - work by breaking the security "walls" that prevent programs from accessing information they shouldn't.
Meltdown allows programs to directly access the computer's memory in its entirety - which in turn means it can potentially access all of the data the computer holds - including personal files, sensitive information, passwords, etc.
Spectre allows programs to access the memory of other programs, therefore exposing whatever data they are processing. This, again, can put personal or sensitive information at risk.

(This is just to put it in very simple words. If you want to dive into the technical details, check the blog post by Project Zero: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html - it's very very techy, though)

Both Meltdown and Spectre are an immediate risk to many devices - yours as well. However, operating system developers and manufacturers already started pushing security updates which patch most of the vulnerability. Windows (KB4056892), Mac (10.13.2), Linux (Kernel version 4.14.11) and Chrome OS (Chrome OS v63) already have updates available, and as long as you have the mentioned updates/versions you should be safe.

I am posting this to raise awareness to the issue and the importance of mitigating it.
Everybody: update your devices! As soon as possible.
This is a very serious issue. Even if you don't have an Intel CPU, nothing assures your CPU doesn't have this vulnerability. Don't wait.

WINDOWS USERS: the update issued by Microsoft may not be enough according to some reports. Intel should be releasing their own firmware updates soon which you WILL need to get, through your computer manufacturer (the company who made your computer/laptop like Dell, HP, Lenovo, etc) or your computer parts manufacturer if you built it yourself - most likely the motherboard manufacturer. Make sure to check in the upcoming days.

Unfortunately, because the root of the issue lies in a very fundamental concept of modern computing, patching them require major changes to the kernel (the "heart") of most operating systems. This, unfortunately, is likely to introduce some performance degrades to most of the devices. Most users will not feel any difference (yes, including games), but it was already confirmed that some applications will lose performance. However, this is far better than the alternative - having your computer at serious risk.

Also, if you can, spread the word! Awareness is the key here. Let your friends/family know they should update too. Maybe even link them to this thread, or to this website which explains it as well: https://meltdownattack.com

If you have any questions, ask here. We may be able to help.


Stay safe, people!
~Opalium

 

what if my amd processor burns out before they can get any information

Spoiler: oh btw

 

Buy AMD kids

 

Thanks, ruined my business!

 

How to update?

 

press windows button then press the gear on top of the power button. then click update & security. should be the last option.

this is for windows 10.

edit: this is what it should look like after update is done.

Spoiler

 

Just to piggy back on this- I was originally thinking something like this along the lines as well. However it has been identified that Spectre does in fact have vulerabilities on AMD and ARM architectures as well. Everyone, regardless of whether they have Intel or AMD needs to update to get these patches. Even on your mobile devices.

 

how do phone fix

 

To check if there are any updates for Windows:
Go to the control panel found by right clicking the Windows Icon in the bottom left hand side of your desktop:

Then afterwards, you want to go to the following pathway in order to properly check for all updates that can be installed on your computer:


Afterwards you should follow the instructions and install all of the updates - just to be safe and EVEN if they show up to you as "Optional" (I had 1 Major Update, and 6 Optional for example).
Take no risks like that for your security with your personal information.


Warm Regards,
Husky

 

If you guys want as much protection as possible, also enable per-site isolation on Google Chrome that addresses this issue at a fundamental level by creating more barriers to the already per-process isolation between websites. You can do this with Google's instructions on their blogspot for the general public here: google. There's an update to Firefox pushed yesterday to mitigate most of the vulnerabilities so I wouldn't worry too much about it. You should be the most careful if you have an Android phone that isn't a Nexus or a Pixel since Google's January update will likely not see the light of the day in most Android devices on the market. Regardless though, if your phone DOES get Security patch for January, you should update that right away.

 

What if i dont have any personal data, i mean i dont have anything serious to be leaked.

 

You should still install the update regardless.

 

I really don't want to, i call that bullshit tho and i will loose performance...

 

What if i'm on a mac?

 

So like, am I good?

 

http://bfy.tw/FshH

 

i never received any update

 

check your window update again

 

still not
https://gyazo.com/ceb26dafbb5c4a840dbf05670306a7c1

edit: i also looked at the history and it says last updated Window10 on 17-12-2017

 

Check it very once in a while then for the security update.