Massive CPU Security Flaws Revealed


Mine has continued rebooting itself–not for patches–while left idle at least 2-3 times a week. It’s getting really goddamn annoying because the recent Firefox changes mean that tab-saving/restoring apps are basically garbage now.


MS has begun distributing microcode updates via the Windows Update catalog, which means you still have to download it manually. Mainly Skylake for now, because Intel is still in beta on other platforms. But MS will distribute those when they’re ready.


Thanks for the pointer. Just installed the update on my system running a 6700K CPU and so far so good. InSpectre says no vulnerability.


If someone posted that link before, I’d missed it, so thanks! Great little utility.
Earlier, I’d posted that I got a very recently updated BIOS from Dell’s website, so I thought I’d be good to go. That InSpectre program told me that while I am protected from Meltdown (and even gives me a button to push to disable that protection if I need the speed back), I am still not protected from Spectre. This is good to know, and that little program could not be easier to use or understand. Good stuff.


Yeah GRC can be more than a little freaky (it’s this one guy) but in this case it’s a great utility. He also writes all his programs in hand-coded assembly… really.


Wow, that’s… something.


I just now watched a TechTV episode from 1998 where Leo LaPorte is interviewing Steve Gibson regarding Iomega’s “Click Of Death” and Steve’s free program he developed specifically to test your Zip drive to see if it had that problem. He didn’t seem at all freaky, but even back then, Leo remarked to him, “Wow. People still code in assembly?” And Steve replied, “I do, yes.” It was actually an interesting interview, where a guy from Iomega called in to tell people not to use Steve’s program, but rather go to Iomega’s website instead. I downloaded it from that GRC website.


Yes some programmers can be quite weird. Not me though I am totally normal as you all can plainly see.


There are no normal programmers.

Source: I’m a programmer.


I am (well, pretend to be in my dreams since I’ve since become management…) a programmer. I can assure you, I have never met a programmer who can be described as “normal.” This is a feature, not a flaw.


Spoken like a true developer.


Researchers discover a new way to use Spectre to attack Intel chips. This attack targets Intel’s SGX enclaves, which were designed to house sensitive data. SGX was introduced in Skylake.

The good news is that the Intel’s microcode update mitigates the attack.


Discovered Dell released a ton of BIOS updates a couple weeks ago, including updates for Haswell systems. Updated and now both of my Dell machines are protected against Spectre, according to InSpectre.


As I’m going through our organization running the BIOS updates on Lenovo laptaps, I’m thinking that this would be a massive job unless automated in larger organizations. Isn’t there a huge risk at borking systems when performing automated BIOS updates? How would it be managed otherwise?



They should name viruses according to the alphabet, like hurricanes.


Which alphabet, you кириллическая фобия?


The real alphabet, not them moon runes.




Anyone heard any scoop on when we’ll see new hardware with these flaws addressed? My 6-core video/photo editing/gaming system has been running for a record long time and I’m anxious to get a speed bump for video encoding. But whether or not I wait for another generation, I’d at least like to get a chip that’s got this issue fixed.