We started New Year 2018, with the research revealing that most of our computer chip manufactured in last 20 years contains fundamental security flaws. There are specific variations to those flaws being dubbed as Spectre and Meltdown Security Flaw. The flaws arise from features built into chips that help them run faster, and while software patches are available. They may have impacts on system performance.
What are Spectre and Meltdown Security Flaws ?
Spectre and Meltdown are the names given to different variants of the same fundamental underlying vulnerability that affects nearly every computer chip manufactured in the last 20 years. If exploited, allow attackers to get access to data previously considered completely protected.
Any difference between Spectre and Meltdown?
To keep it short and simple, both Spectre and Meltdown could allow potential attackers to get access to data they shouldn’t have access to using the techniques outlined above, but their effects are somewhat different:
Meltdown got its name because it “melts” security boundaries normally enforced by hardware.
An attacker can use a program running on a machine to gain access to data from all over that machine.
The program shouldn’t normally be able to see, including data belonging to other programs and data that only administrators should have access to.
An attacker can make a program reveal some of its own data that should have been kept secret. It requires more intimate knowledge of the victim program’s inner workings.
It doesn’t allow access to other programs’ data, but will also work on just about any computer chip out there.
Spectre’s name comes from speculative execution but also derives from the fact that it will be much trickier to stop.
While patches are starting to become available, other attacks in the same family will no doubt be discovered. That’s the other reason for the name: Spectre will be haunting us for some time.
Why are Spectre and Meltdown dangerous?
Attackers could exploit Meltdown to view data owned by other users and even other virtual servers hosted on the same hardware.
It is potentially disastrous for cloud computing hosts.
But beyond the potential specific attacks themselves lies the fact that the flaws are fundamental to the hardware platforms running beneath the software we use every day. Even code that is formally secure as written turns out to be vulnerable,
More News on Spectre and Meltdown Security Flaws –