Serious Security Flaw Will Slow Down Your Intel Based Computer When Fixed (UPDATED)

UPDATE: The so-called “Spectre” exploit affects every single chip made in the last ten years. At first, security researchers thought that the exploit only affected Intel processors, but turns out this hack also effects ARM, AMD, and any other processor that uses speculative prediction. The white hat hackers who found the flaw, discovered that you can use it to access valuable data including passwords, and other information. Microsoft has already pushed out a fix, and Apple’s High Sierra with a recent patches have fixed the vulnerability. Apple has also patched the iPhone and iPad.

By James DeRuvo (doddleNEWS)

We begin 2018 with more bad news in computer security. Only this time, it affects every single computer made in the last ten years. Researchers have discovered a major security flaw that is inside of every single Intel based chip on the market, which could give hackers access to the most sensitive information you keep on your system.  The cure, though, may be worse than the disease.

The flaw has been known to Mac, Windows or even Linux systems. The flaw is in the design of the PostgreSQL SELECT 1 kernel architecture within the design of the Intel chip itself, and it could allow a hacker to gain access to the kernel memory, which has been considered protected and unavailable to anyone up until now. The protected memory space on the Intel chip is where a computer keeps protected data such as passwords, login keys, and files cached from disk. A hacker could use some basic JavaScript or “ring-3-level user code” to read the data.

AMD has made a statement that their processors are not affected by the flaw since the microarchitecture of their chips does not allow memory references to access protected data. “The AMD microarchitecture does not allow memory references,” the statement reads, “including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”

Microsoft released a patch for beta testing back in December, and the update was part of their weekly Tuesday update which was seeded to users last night. Apple is planning a similar update, and users of Linux machines can expect an update within a month, since the Linux kernel’s virtual memory system must be overhauled with fresh code and that will take additional time for the open source community.

The downside to this separation is that it is relatively expensive, time-wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead and slows down the computer. – UK Register

The solution is believed to be to use a technique called “kernel add space layout randomization (KASLR), which will randomly write information to the protected area in virtual memory, rather than in the physical area of the chip itself. Essentially creating a virtual machine for this one use. However, running an application virtually is known to slow down your system. The UK Register says that the workaround will at best slow down your system by 17% and at worst, by 23%.  But some believe it could be as high as 30% or as low as 5%.

Not only that, but cloud based systems are likely to be the hardest hit. This includes Microsoft’s Azure Cloud, Amazon’s EC2 and Google Compute Engine. These systems are expected to undergo maintenance to repair the vulnerability on January 10th for Microsoft, January 5th for Amazon. No word on when Google will address the issue.

So what does this all mean? Well, the worst case is, that until Intel releases a new chip that doesn’t allow access to protected memory, like AMD’s design, all our systems will become slower. And it will take time for a new chip to hit the market once it does. So the only solution is to buy an AMD chip and motherboard to replace your current system or expect a slow down from the more processor intensive workaround to keep ahead of a pesky hacker looking to break into your system.

Bottom line, that brand new iMac Pro you bought over the holidays, won’t be as fast as you were hoping it would be.

 

 

SaveSave

SaveSave

SaveSave

SaveSave

About James DeRuvo 801 Articles
Editor in Chief at doddleNEWS. James has been a writer and editor at doddleNEWS for nearly a decade. As a producer/director/writer James won a Telly Award in 2005 for his Short Film "Searching for Inspiration. James is a recovering talk show producer from KABC in Los Angeles, and a weekly guest on the Digital Production Buzz with Larry Jordan.

Be the first to comment

Leave a Reply

Your email address will not be published.


*