Your Desktop or Laptop is probably affected by the Intel Flaw

Meltdown and Spectre are two memory corruption flaws that could allow hackers to bypass operating systems and other security software to steal passwords or encryption keys on most types of computers. They are CPU hardware design flaws that we techies understand. In a nutshell, Meltdown breaks the isolation between the user app and the OS, so the app can do a memory dump and steal any data in it. Spectre goes further. It breaks the isolation between apps. It's harder to exploit but harder to mitigate.

Early in January this flaw was discovered and security patches that have been released to guard against this are slowing down personal computer and servers, with systems running on older Intel processors seeing a noticeable decrease in performance.

I own a computer, am I affected?
Probably. All 64-bit Intel processors are vulnerable to the exploit, so anyone who bought a desktop or laptop computer using an Intel central processing unit (CPU) in about the last 10 years, or who uses one at work, will be impacted. Intel has suggested processors made by rival AMD are also potentially vulnerable – a claim which AMD has played down – and it may take time for the dust to settle on those claims. British chip-designer ARM has reportedly indicated that some of its processors, which are widely used in smartphones, may also be affected.

What should I do?
Nothing. Software vendors will issue patches for the fault in the coming days and weeks and so long as automatic updates are turned on, these should self-install.

Rob Pope, chief executive of cyber security agency Cert NZ, says it is monitoring the situation and computers users should be "alert to the issue", but it hasn't as yet issued any specific advice.

Storm in a tea cup?
Not really. Intel has acknowledged the software fixes will slow down processes carried out on its CPUs, in some cases by 30 per cent or more. For some other tasks the performance overhead will be less than 2 per cent. Vice president Stephen Smith said the impact should not be significant "for the average computer user", but that is arguably optimistic. Computer servers in data centres that are used to run cloud computing services are more likely to experience a bigger impact than home PCs that are used for web browsing and gaming.

People may notice services that they access over the internet run a bit slower in the weeks and months ahead, even if software on their own computer is okay. Computer processors aren't always the "bottleneck" that determine how fast computers run, so it is impossible to be specific about the performance impact people can expect.

What is the flaw?

What Google's researchers discovered was that the results of those "speculative processes" can be stored in memory in a way that allows data to be accessed by software (including malicious software) that should not have the right to access that information.

Is that a big deal?
Yes. Smith noted that exploiting the flaw would be complex. But the vulnerability is so fundamental that it can't be ignored. It could expose almost anything on a computer to hackers, including passwords, Smith has acknowledged. The flaw appears especially concerning for usually-secure cloud computing platforms, where servers might be running a variety of software, processing information for a large number of businesses and individuals – all of which might be put at risk by a single exploit.

For the full article click here.