Spectre And Meltdown Security Flaw
Cyber Security Intel Microsoft Technology WebIT MAN Stories

Spectre And Meltdown Security Flaw Explained #WebITMANStories

We started New Year 2018, with the research revealing that most of our computer chip manufactured in last 20 years contains fundamental security flaws. There are specific variations to those flaws being dubbed as Spectre and Meltdown Security Flaw. The flaws arise from features built into chips that help them run faster, and while software patches are available. They may have impacts on system performance.

     There is as of yet no evidence that these flaws have been exploited in the wild, but such exploits would be difficult to detect, and the flaws are so fundamental and widespread that security researchers are calling them catastrophic.
What are Spectre and Meltdown Security Flaws ?

Spectre and Meltdown are the names given to different variants of the same fundamental underlying vulnerability that affects nearly every computer chip manufactured in the last 20 years. If exploited, allow attackers to get access to data previously considered completely protected.

      Security researchers discovered the flaws late in 2017 and publicized them in early 2018. Technically, there are three variations on the vulnerability, each given its own CVE number; two of those variants are grouped together as Spectre and the third is dubbed Meltdown.
Any difference between Spectre and Meltdown?

To keep it short and simple, both Spectre and Meltdown could allow potential attackers to get access to data they shouldn’t have access to using the techniques outlined above, but their effects are somewhat different:

Meltdown got its name because it “melts” security boundaries normally enforced by hardware.

An attacker can use a program running on a machine to gain access to data from all over that machine.

The program shouldn’t normally be able to see, including data belonging to other programs and data that only administrators should have access to. 

   Meltdown doesn’t require too much knowledge of how the program the attacker hijacks works. It only works with specific kinds of Intel chips. This is a pretty severe problem but fixes are being rolled out.

An attacker can make a program reveal some of its own data that should have been kept secret. It requires more intimate knowledge of the victim program’s inner workings.

It doesn’t allow access to other programs’ data, but will also work on just about any computer chip out there.

Spectre’s name comes from speculative execution but also derives from the fact that it will be much trickier to stop.

While patches are starting to become available, other attacks in the same family will no doubt be discovered. That’s the other reason for the name: Spectre will be haunting us for some time.

Why are Spectre and Meltdown dangerous?

Spectre and Meltdown both open up possibilities for dangerous attacks. JavaScript code on a website could use Spectre to trick a web browser into revealing user & password.

Attackers could exploit Meltdown to view data owned by other users and even other virtual servers hosted on the same hardware.

It is potentially disastrous for cloud computing hosts.

But beyond the potential specific attacks themselves lies the fact that the flaws are fundamental to the hardware platforms running beneath the software we use every day. Even code that is formally secure as written turns out to be vulnerable,

     because the assumptions underlying the security processes built into the code — indeed.  Its built into all of computer programming — have turned out to be false.

More News on Spectre and Meltdown Security Flaws  – 

Spectre and Meltdown Bugs affects Apple all iPhone and Mac Devices

Related posts

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More