Maybe you’ve heard about this: Major Flaw in Millions of Intel Chips Revealed. Most of the reports assume too much about what you already know, or obfuscate things and miss the point.
Bottom line: This flaw allows naughty software to sniff the contents of your computer’s active memory. That means such software can read security codes and logins while you are online. And all it would take is crafty JScript on a website using your standard browser to activate this sniffing mechanism. It can’t change information on your computer, and it can’t actually take over your computer, but the flaws can lead to someone finding out your passwords and then taking over your computer, or your bank accounts, etc. Nobody knows if this flaw has actually been used against anyone, but it wouldn’t take that much. Someone has created a test and used it in a laboratory setting. (There’s a good chance the likes of NSA and CIA, for example, knew about it and used it to spy on people.)
Here’s the deal: If your computer has an Intel processor manufactured after 1995, it is very likely it has a serious flaw in it. But this isn’t your common manufacturing flaw; it’s a flaw that arises from a very smart idea gone wrong. Did you know that the speed at which a computer seems to work while you are using it has to do with more than just some advertised numbers? There are all kinds of tricks the processor uses to get ahead of you and make stuff seem faster in terms of the user’s experience. Some researchers have identified a way to use some of those tricks to slip past the normal internal security measures.
This problem affects almost all consumer Intel processors, some Atom processors, and some cellphones, but apparently AMD processors are okay. Nobody is going to offer replacements, so the fix comes in having the operating system close that open door by disabling some portion of these speed tricks. It won’t be easy or quick, but very soon Windows, Linux, and some other operating systems will be updated to mitigate this problem. Everyone involved had agreed to keep it as quiet as possible, and they’ve been dealing with it for a few months now, but it leaked out recently. For past couple of days there’s been a sort of media panic that confuses the issue.
As you might expect, Intel is fighting hard to minimize this thing. They’ve made at least one press release that basically lied about it. On the other hand, Intel’s own employees are scrambling just as hard to help everyone come up with a fix. Thus, they are working to fix Linux and Windows, for example, at Intel’s expense. I believe the Windows patch is due out next week (Patch Tuesday), and Linux distributions will issue their patches any day now.
There’s nothing you can do unless you are willing to use web browsers with no JScript capability, or with scripting disabled. It would take getting used to, and most folks just can’t be bothered. Still, we shouldn’t look for some kind of computer apocalypse this time around.
