How to avoid Meltdown, and why you shouldn't be that worried about itRecently, a big vulnerability was discovered in Intel, AMD and some ARM CPUs. Meltdown allows the attacker to get data from the memory because of a hardware bug in superscalar processors; A superscalar processor tries to execute more than one instruction at a time to get more work done in smaller amount of time, instead of just having a higher clock speed. To make my explanation short, let's just say that the attacker can trick a Branch Predictor to arrange instructions in a way that would allow any program to read kernel memory. Of course, I'm simplifying the process to make it easier to understand; If you want to know more, read this blogpost from the Raspberry Pi Foundation or watch the video from Computerphile below.
One thing on what I can't agree with most people that talk about Meltdown and Spectre is the "You HAVE to patch yourself to stay secure" - You SHOULD, but sometimes it's not possible, as the fix may not be released by the manufacturer - look at old android phones or Core 2 Duo and earlier CPUs.
AFAIK, the patch consists of code that disables/overrides the speculation procedure, which usually saves a lot of cpu time by assuming that some instruction will return a specific value. This would obviously slow down the CPUs by anywhere from 10% to 30%, but there's another fix (which will also require a lot of self-consciousness when using a computer) that can have no negative impact on the performence.
About that self-consciousness part.. NoScript only prevents running malicious code in your browser; Outside, you have to be careful to run only programs from safe sources, but that should be common sense to most advanced computer users.
Not a solid, future-proof fix...... but still a good enough one as a temporary fix, or something for devices that won't get the fix. If you have an android phone that's more than a year old and/or doesn't have a big, bold text on the cover stating that it was produced by a gigant company like Samsung or LG, it's more than likely that you won't get an update. The same applies to End-of-life processors in personal computers, as manufacturers won't care enough to release patches for them.
The fix is terrible, but for some cases, it will have to do.
No comments yet, wanna be first? :)