'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,420
    Location:
    Member state of European Union
    https://www.phoronix.com/scan.php?page=news_item&px=GCC-8-Spectre-Mitigation-Lands
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,417
    Location:
    Under a bushel ...
    Confirmed for my 'problem' machine:
    ThinkPad S1 Yoga (Non-vPro) 20C0, 20CD - Earlier update GQET55WW withdrawn by Intel *3; Target availability 3/31/20; Firmware/BIOS/UEFI Status Last Updated 1/14/2018
     
  3. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,059
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,964
    About Group Policy Editor
    I guess so too.
    Thanks (and sorry for late reply).
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Once I read one key thing, I started to relax. That key thing was for both of these exploits to have any effect they have to run on your machine. The one exception is javascript in your browser. So make sure your normal security is up to those two tasks and relax
     
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,071
    I have 9 laptops and it looks like only one of them will receive an update, my HP ProBook 6460b from mid 2011.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    Thanks Peter. NoScript and ScriptSafe are on duty in FF and Chrome respectively.
     
  9. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,308
    Location:
    Hollow Earth - Telos
    I just started using ScriptBlock for Chrome because of these new problems with M and S.
     
  10. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    884
    Location:
    USA
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,399
    Location:
    U.S.A.
    https://www.techrepublic.com/articl...s-factory-systems-hit-by-post-patch-glitches/
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,705
  13. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    GRC's InSpectre portable app
    Link: https://www.grc.com/inspectre.htm

    EDIT: Don't mind the terrifying sound it makes if your speakers are on.
    EDIT2: Has enable/disable buttons for Meltdown and Spectre to control separately.
    EDIT3: These enable/disable buttons are an easy way to change the "FeatureSettingsOverride" bits. :thumb:
     
    Last edited: Jan 15, 2018
  14. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,240
    InSpectre Tool for Meltdown and Spectre attacks if results come up
    NO (green) on both Meltdown and Spectre then you'll see both bottom buttons show
    [Disable Meltdown Protection] [Disable Spectre Protection]

    If results come up Yes (red) then both buttons show
    [Enable Meltdown Protection] [Enable Spectre Protection]
    but both are greyed out (can't select)

    Is this correct? Is a reboot required?

    Performance: Good?
     
  15. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Reboot is required if you enable or disable protections, yes. The buttons could be greyed out because InSpectre needs to be run as Admin to change protections. If still grey after run as Admin, it could be a bug.
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    Just so I'm clear, InSpectre doesn't provide protection if we haven't had a firmware update, correct? It only allows enabling / disabling if we have received the relevant patches.
     
  17. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @Krusty Correct. It just toggles the registry key to enable/disable protections that require OS patch and BIOS/microcode to already be installed.
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    :thumb: Thanks WBD.
     
  19. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    You're welcome. :)
     
  20. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,630
    Location:
    DC Metro Area
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,417
    Location:
    Under a bushel ...
    I haven't used NoScript for quite a while. Looks like I'll have to delve into it again.

    Is the WebExtension OK? Looks like it's getting a lot of updates: https://www.wilderssecurity.com/threads/noscript-10.397945/ (not a bad thing, of course).
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,417
    Location:
    Under a bushel ...
    So one can easily set the bits to '1' and '3' as per your post #582 above?

    WBD - also a question, before a new BIOS update comes out and is applied, should one reset the bits to default i.e. the values they were before?
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    The last few versions of NoScript have been rock-solid on my machines. If you've used NoScript before you know you need to allow scripts from certain sites, and if you use Decentraleyes you need to whitelist a few more sites.

    Certainly adds a boost to Firefox's security.
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,417
    Location:
    Under a bushel ...
    Thanks @Krusty. I have probably forgotten more than I ever knew ;).

    I do use Decentraleyes. I'll figure it out. :cautious:
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.