On Meltdown and Spectre exploits

(0 comments)

It has been revealed that there are‭ two major exploits that exist in the vast majority of computers the world over. Unlike most typical exploits that are a result of security issues in software, these newly discovered issues result from purely hardware based problems.

See here for full details of the exploit - https://meltdownattack.com/

‭Meltdown impacts only those with Intel based processors. It is an issue that allows software to potentially run outside of its defined memory bounds. This means a malicious program has the potential to read private information on your computer such as personal passwords used for website logins, file encryption, banking etc. An equivalent would be if your neighbours could walk into your house unannounced and look around at everything you had. While they wouldn’t directly steal any physical objects they could see all your private details of your life and use them against you if they so wish.

‭For those running a free software based GNU/Linux system, the community has produced software solution that will mitigate the issues of Meltdown. A good example of how free software can allow us, the users, to control their computing rather than waiting for a controlling company to issue a patch when they see fit. That is if they even produce one for the users system.

‭Spectre is a similar issue that impacts almost every modern computer build since the mid 90‘s due to a similar functioning hardware flaw. It is much more difficult to be exploited however. This is an exploit that cannot be directly patched since it is related to how computers process instructions. The only way to avoid having this flaw is to either use a computer built before 1995 or wait for the next generation of computer to come along. That said those computers nowadays will mistreat you as they are typically running the Intel (Mis)Management Engine or the AMD Platform Sercurity Processor - both which take control away from you.

‭There are solutions being developed in the free software community to help prevent these attack vectors from being accessible to malicious players. In the last week - ‬Free software projects such as program compilers like GCC and browsers like those based on Firefox have put into place fixes that should prevent the majority of potential threats. While it is not a perfect fix, it is the most viable.

‭There are a few long term issues in regards to Meltdown and Spectre that relate to free technology.

‭The need for Free Hardware Designs is more important than ever (‬https://www.gnu.org/philosophy/free-hardware-designs.html). Having all designs for computer processors available to everyone to read, modify and share. The functional and ethical benefits of free software can be used to improve hardware design so that it doesn’t mistreat the users and so that potential issues can be studied and fixed before they become an issue.

In the case of Intel (and majority of processor/technology companies), they do not allow anyone outside of their corporate organisation know how these chips work and thus they can intentionally hide these issues from the public, as was the case with these current issues. This is a power play that has put potentially billions of peoples personal information at risk of being leaked and used against them. There also definitely are other issues that are being hidden from the public and in light of these attacks this information is slowly coming out.

These companies have tried to cover up these issues before.

https://www.itwire.com/security/81328-when-f00f-bug-hit-20-years-ago,-intel-reacted-the-same-way.html

‭With Free Software it is possible to use software that has been audited by others to ensure that it doesn’t not have any malicious features that use these exploits. If any issues are discovered then the users are in control and can actively fix the issue as a community. With Proprietary Non-free software the users are completely hat the mercy of the software developers.

‭As computer hardware gets ever more complex, it becomes easier for hardware designers to hide malicious functionality. Intentional or not. More we need to demand the need for Free hardware design, it is no longer something that can be ignored. In combination with Free Software, this can ensure that the users have control of the products they own.

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required