The Intel CPU Flaw Simplified

Maybe you’ve heard about this: Major Flaw in Millions of Intel Chips Revealed. Most of the reports assume too much about what you already know, or obfuscate things and miss the point.

Bottom line: This flaw allows naughty software to sniff the contents of your computer’s active memory. That means such software can read security codes and logins while you are online. And all it would take is crafty JScript on a website using your standard browser to activate this sniffing mechanism. It can’t change information on your computer, and it can’t actually take over your computer, but the flaws can lead to someone finding out your passwords and then taking over your computer, or your bank accounts, etc. Nobody knows if this flaw has actually been used against anyone, but it wouldn’t take that much. Someone has created a test and used it in a laboratory setting. (There’s a good chance the likes of NSA and CIA, for example, knew about it and used it to spy on people.)

Here’s the deal: If your computer has an Intel processor manufactured after 1995, it is very likely it has a serious flaw in it. But this isn’t your common manufacturing flaw; it’s a flaw that arises from a very smart idea gone wrong. Did you know that the speed at which a computer seems to work while you are using it has to do with more than just some advertised numbers? There are all kinds of tricks the processor uses to get ahead of you and make stuff seem faster in terms of the user’s experience. Some researchers have identified a way to use some of those tricks to slip past the normal internal security measures.

This problem affects almost all consumer Intel processors, some Atom processors, and some cellphones, but apparently AMD processors are okay. Nobody is going to offer replacements, so the fix comes in having the operating system close that open door by disabling some portion of these speed tricks. It won’t be easy or quick, but very soon Windows, Linux, and some other operating systems will be updated to mitigate this problem. Everyone involved had agreed to keep it as quiet as possible, and they’ve been dealing with it for a few months now, but it leaked out recently. For past couple of days there’s been a sort of media panic that confuses the issue.

As you might expect, Intel is fighting hard to minimize this thing. They’ve made at least one press release that basically lied about it. On the other hand, Intel’s own employees are scrambling just as hard to help everyone come up with a fix. Thus, they are working to fix Linux and Windows, for example, at Intel’s expense. I believe the Windows patch is due out next week (Patch Tuesday), and Linux distributions will issue their patches any day now.

There’s nothing you can do unless you are willing to use web browsers with no JScript capability, or with scripting disabled. It would take getting used to, and most folks just can’t be bothered. Still, we shouldn’t look for some kind of computer apocalypse this time around.

About Ed Hurst

Disabled Veteran, prophet of God's Laws, Bible History teacher, wannabe writer, volunteer computer technician, cyclist, Social Science researcher
This entry was posted in computers and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.