Meltdown and Spectre CPU Exploits Explained
For those who haven’t seen anything about this yet, details of two new exploits that could enable malicious code on websites to trick your computer or mobile devices CPU into giving away private information such as website passwords have been made public.
Essentially the semiconductors industry has made a huge blunder and left a security design flaw in many CPUs such as are used in computers and mobile devices. It’s pretty serious – CERT The Cyber Emergency Response Team in the US originally recommended: “Throwing your CPU away and getting a new one” to be completely safe – they have now downgraded this advice to ‘apply updates’ which is much more helpful and realistic.
The exploits are known as Side-Channel-Analysis exploits and work by taking advantage of a feature within the CPU architecture whereby, during idle period, the CPU tries to speculatively pre-fetch (guess) what information is going to be requested next, that information is then held in a cache (temporary storage area) ready to be used – what sort of work you are doing will alter how much pre-fetching is going on.
Read the entire article here, Meltdown and Spectre CPU Exploits — Define Tomorrow™
Via the fine folks at ComputerWorld Group.