![\"\"](\"http:\/\/blog.zoha-islands.com\/wp-content\/uploads\/2018\/02\/Hack-in-hood-for-cyber-hygiene-pres-300x260.jpg\")
Hacker in a hood on dark blue digital background<\/p><\/div>\n
The Spectre flaw enables one compromised program, such as a web browser, to compromise another program running on the same machine, such as Microsoft Word. If a hacker can penetrate your browser via the Internet, he can leapfrog from there across every program running on the system.<\/p>\n
The Meltdown flaw allows hackers to gain access to a portion of a computer’s memory that should be off-limits to all software except the operating system. And Meltdown doesn’t care if you run Windows, Linux, or Mac OS X. Any of those systems may be vulnerable.<\/p>\n
As Meltdown\u2019s name suggests, truly bad things can happen when a rogue program gains access to that portions of memory that should only be accessible by the operating system.. You may have seen the dreaded Blue Screen Of Death (BSOD) where Windows displays the cryptic \u201cfatal memory fault at address\u2026\u201d Boom! Crash! But what\u2019s the point of crashing some stranger\u2019s computer? \u201cSome people\u2019s children\u201d just do it for the \u201clols,\u201d that is, for laughs. Global superpowers may do it in the name of \u201cnational security,\u201d their intelligence agencies spending unlimited money to develop nuclear-grade malware\u2026 which, as we now know, \u201cspook shops\u201d like the NSA have allowed to escape into the hands of the \u201cchildren.\u201d<\/p>\n
Worse, Meltdown enables an attacker to access all memory, including areas where your personal information is stored while you are working with it. There lies the profit motive that drives the most widespread attacks. The mercenary \u201cadults\u201d can use Meltdown to make millions.<\/span><\/p>\n The titans of tech including chip makers, Microsoft, Apple, and the Linux community, have scrambled to issue hardware and software patches for Spectre and Meltdown. All hands on deck, as they say!<\/p>\n But there is still lingering uncertainty about whether the patches work, or if they do more harm than good.<\/b><\/p>\n As of January 23, Wired! magazine reported that firmware patches issued hastily by Intel, AMD, and ARM to close Meltdown vulnerabilities in their chips \u201ccan inadvertently cause serious problems beyond processing slowdowns, including random restarts, and even the blue screen of death.\u201dhttps:\/\/www.wired.com\/story\/meltdown-spectre-patching-total-train-wreck\/<\/a> Microsoft went so far as to release a patch that disabled the Intel patch.<\/p>\n <\/span>On January 22, father-of-Linux Linux Torvalds said, in one of his more diplomatic comments, \u201cthe patches are COMPLETE AND UTTER GARBAGE.\u201d Speaking of Intel\u2019s patch crisis managers, he asked rhetorically, \u201cHas anybody talked to them and told them they are f***ing insane?\u201d At least he used an asterisk. (I added two more.)<\/p>\n Since then, there has been thunderous silence from the tech press corps. Does that mean the coast is clear? Is it safe to install firmware updates to your CPU and BIOS, as Intel, AMD, and ARM urge you to do? And how is that done, exactly?<\/p>\n Before tinkering with the most delicate parts of your system\u2019s delicate \u201cbrain,\u201d I recommend that you run the InSpectre (\u201cinspector,\u201d get it?) utility developed by Steve Gibson of Gibson Research Corp. InSpectre<\/a> \u201cwas designed to clarify every system’s current situation so that appropriate measures can be taken to update the system’s hardware and software for maximum security and performance,\u201d according to no less an authority than itself. (Sorry, I couldn\u2019t let that one pass by!)<\/p>\n InSpectre is freeware, less than 200 KB of code, and perfectly safe to run. It will analyze your Windows PC no matter who made its CPU and BIOS, detecting and reporting its vulnerabilities, if any, to Spectre or Meltdown. InSpectre reports its findings in clear, simple terms that even non-geeks can readily understand. (I don’t know of a similar utility for Linux or Mac OS X systems.)<\/p>\n Best of all, its user interface includes two big buttons allowing you to Enable or Disable protection for Meltdown and\/or Spectre. If either is greyed out, your system lacks that type of protection. Gibson goes into detail on why you might want to disable either of the protection options, to avoid the performance penalty they may impose. But unless you are noticing a marked decline in speed, I would not recommend doing so.<\/p>\n If InSpectre reports that your PC will remain vulnerable to Spectre or Meltdown until its firmware is updated, then it will be necessary to contact the maker of your PC to download a firmware patch specific to that make\/model of PC. A Microsoft Support Page bears a \u201cList of OEM \/Server device manufacturers,\u201d including links to their respective Spectre\/Meltdown firmware and BIOS update help pages. https:\/\/support.microsoft.com\/en-us\/help\/4073757\/protect-your-windows-devices-against-spectre-meltdown<\/a><\/p>\n The only annoying things about InSpectre are the goofy sound effects, and the display of the results. Looking at InSpectre report is a bit clunky, because the window cannot be resized, and the small font can be hard to read. Position your pointer anywhere within InSpectre\u2019s text window, press Ctrl-A to \u201cselect all,\u201d then Ctrl-C to copy the selection, and then Ctrl-V to paste the report into a word processor or text editor. Then you can make the text as big as you like, save the report, or print it.<\/p>\n The best protection against Spectre on the operating system side, as opposed to firmware and BIOS, is Microsoft Windows 10, Fall Creator\u2019s Update, version 1709. Automatic updates are on by default in Windows 10, so you should have v 1709 unless you have deliberately delayed its installation. If you have, go to Windows Update Settings and allow v 1709 to be installed.<\/p>\n Windows 7 users should have auto-updates enabled, too. Run Windows Update and let it install all critical and important updates to protect your system as much as possible via Windows.<\/p>\n It is shocking to learn that nearly everything digital, from desktop PCs to phones and tablets to Internet of Things things, contains a chip that is vulnerable to Spectre or Meltdown. But bear in mind that the world is still not on fire; these vulnerabilities can and are being fixed, if they are not already fixed in your device(s). For now my best advice is \u201cKeep calm and carry on,\u201d auto-updating all of your software.<\/p>\n Have a great week.<\/p>\n Zi Staff<\/p>\n","protected":false},"excerpt":{"rendered":" You may have heard of Spectre and Meltdown, two security vulnerabilities that exist in virtually every CPU ever made by the chip giants Intel, AMD, and ARM. Either vulnerability can expose your system to \u201carbitrary code execution,\u201d the geeky way to say, \u201cA hacker could take complete control of your computer\u201d and run any malware … Continue reading We Need a Gadget Inspector
![\"\"](\"http:\/\/blog.zoha-islands.com\/wp-content\/uploads\/2018\/02\/Inspector-Gadget-7-300x169.jpg\")
<\/h2>\n![\"\"](\"http:\/\/blog.zoha-islands.com\/wp-content\/uploads\/2018\/02\/total-meltdown-big-300x94.jpg\")
<\/p>\n