If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
"RichA" wrote
| Not to mention every other system and service available. | Speak for yourself. AMD here. I wouldn't touch Intel with a 10-foot anti-static wrist strap. Not susceptible to Meltdown and Spectre is not a critical issue, so long as I don't enable script in the browser while visiting attack sites. Even then, it's not clear that Spectre can access any data outside the same process. So the risk? Apparently using an older version of Firefox and entering credit card info into one window while visiting a malware site in another. It's not enough to be putting your whole system at risk for. Even if you have an Intel CPU it might be best to wait awhile before doing anything. There seem to be a lot of problems with the fixes so far. |
#2
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
In article , Mayayana
wrote: Speak for yourself. AMD here. I wouldn't touch Intel with a 10-foot anti-static wrist strap. Not susceptible to Meltdown and Spectre is not a critical issue, so long as I don't enable script in the browser while visiting attack sites. if only were it that simple. microsoft just released new patches for (some) amd systems. maybe you should go tell them they shouldn't have bothered. https://arstechnica.com/gadgets/2018...-in-quest-to-g et-meltdown-and-spectre-patched/ The good news: Shortly after its initial release, Microsoft suspended shipping its Spectre and Meltdown Windows patches to owners of AMD systems after some users found that it left their systems unbootable. Microsoft partially lifted the restriction last week, sending the update to newer AMD systems but still leaving the oldest machines unpatched. Even then, it's not clear that Spectre can access any data outside the same process. it can. that's the whole point. a process already can access its own data. otherwise it wouldn't work particularly well. So the risk? Apparently using an older version of Firefox and entering credit card info into one window while visiting a malware site in another. it's quite a bit more than that. |
#3
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
"nospam" wrote
| Not susceptible to | Meltdown and Spectre is not a critical issue, so long | as I don't enable script in the browser while visiting | attack sites. | | if only were it that simple. | | https://arstechnica.com/gadgets/2018...-in-quest-to-g | et-meltdown-and-spectre-patched/ That doesn't say much, except to confirm that patches are risky. AMD themselves have explained that they're not vulnerable to meltdown. There's also this, from a trusted source that Windows users may be familiar with: https://www.grc.com/inspectre.htm So people can test for themselves. Since you don't bother to find the facts and don't understand them, anyway, you'd save everyone a lot of confusion if you'd just wait for Timmy Cook's "gift patch" for your Mac and let Windows/Linux users, who actually might have AMD CPUs, worry about their computers. This isn't a joke for your usual wiseacreing. People are having their computers fried with funky patches, despite very low risk in terms of security. |
#4
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
In article , Mayayana
wrote: | Not susceptible to | Meltdown and Spectre is not a critical issue, so long | as I don't enable script in the browser while visiting | attack sites. | | if only were it that simple. | | https://arstechnica.com/gadgets/2018...-in-quest-to-g | et-meltdown-and-spectre-patched/ That doesn't say much, except to confirm that patches are risky. everything is risky. AMD themselves have explained that they're not vulnerable to meltdown. yet microsoft released a patch for both. There's also this, from a trusted source that Windows users may be familiar with: https://www.grc.com/inspectre.htm yep, except that it gets flagged as malware. So people can test for themselves. Since you don't bother to find the facts and don't understand them, anyway, you'd save everyone a lot of confusion if you'd just wait for Timmy Cook's "gift patch" for your Mac and let Windows/Linux users, who actually might have AMD CPUs, worry about their computers. ad hominem. you also might want to take your own advice about finding the facts, since just about everything you say about apple (as well as other companies) has little to no basis in fact. This isn't a joke for your usual wiseacreing. People are having their computers fried with funky patches, despite very low risk in terms of security. nothing is perfect. the alternative, ignoring patches, is worse. |
#5
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
"RichA" wrote
| I switched to AMD when the 386DX-40 came | out. But other devices have Intel in them | besides home computers so you may have | one and not even know it. Other devices? You mean like phones? That wouldn't concern me, but I wonder if it's an issue. iPhones seem to use a Samsung CPU that Apple claims to "design". Androids also don't seem to use Intel. So what are you talking about? I can't think of anything I have with a CPU in it other than Windows computers. My pickup truck? I don't go online with that, so I'm OK. (Firefox is faster. |
#6
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
In article , Mayayana
wrote: | I switched to AMD when the 386DX-40 came | out. But other devices have Intel in them | besides home computers so you may have | one and not even know it. Other devices? You mean like phones? That wouldn't concern me, but I wonder if it's an issue. iPhones seem to use a Samsung CPU that Apple claims to "design". why the quotes? and as usual, completely wrong. maybe you should find out the facts before you spew. apple's a-series processors are designed entirely by apple for apple products, and not just cpus either. apple has over 10,000 employees designing all sorts of chips. the actual fabbing is outsourced to tsmc, samsung and others. some iphones have intel baseband modems, although that would be unaffected by meltdown/spectre. and by the way, amd is also fabless, so their 'designs' are also outsourced. https://www.engadget.com/2015/12/22/samsung-building-chips-for-amd/ With falling smartphone sales, Samsung has been trying to boost its chip manufacturing business. AMD, meanwhile, builds CPUs and GPUs for PCs and both major consoles, but doesn't have a fab business anymore. According to Korea's Electronic Times, that kind of synergy was too good to ignore, so Samsung will manufacture CPU and GPU chips for AMD on its 14-nanometer chip foundry starting in 2016. Androids also don't seem to use Intel. android phones & tablets mostly use qualcomm snapdragon or samsung exynos, but a few have used intel. qualcomm is also fabless. https://www.qualcomm.com/news/releas...m-and-samsung- collaborate-10nm-process-technology-latest-snapdragon Qualcomm Incorporated (NASDAQ: QCOM)* today announced that its subsidiary, Qualcomm Technologies, Inc. (QTI), *and Samsung Electronics Co., Ltd., have extended their decade-long strategic foundry collaboration to manufacture Qualcomm Technologies¹ latest Snapdragon premium processor, Qualcomm® Snapdragon 835, with Samsung¹s 10-nanometer (nm) FinFET process technology. So what are you talking about? I can't think of anything I have with a CPU in it other than Windows computers. My pickup truck? I don't go online with that, so I'm OK. (Firefox is faster. nases, routers/switches, tablets and many other products. synology, for example, uses intel processors in some of their nases. the next truck you buy might have intel inside: https://www.intel.com/content/www/us...omous-vehicles. html Intel® technologies power millions of in-vehicle experiences today, and nearly all autonomous test vehicles. Are you ready for the ride of the future? |
#7
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
"RichA" wrote
| I switched to AMD when the 386DX-40 came out. But other devices have Intel in them besides home computers so you may have one and not even know it. | You haven't bothered to answer my question, but I've been trying to keep up on this issue. It turns out you're right: https://www.techarp.com/articles/int...arm-cpu-bug-4/ That site even lists known CPUs at risk. With Apple it's pretty much everything. Android doesn't seem to be much better. That adds a whole new wrinkle. For anyone on a computer, especially using AMD, the actual risks are very slight: An attacker has to go through a browser, or similar Internet-connected software, or be installed. Installed software can already access data, so the real issue is script in the browser or malware. Script can be limited. Malware is already a risk. And browsers are being updated. Even if you allow script and get attacked, there's very little risk. An attack on AMD can only read random memory from other programs. An attack on Intel can read all memory, but there still has to be something worth reading. So a running password manager with your banking password might have a longshot chance of giving up that password. On the other hand, even if you're reckless enough to do online banking, what nut would put that password into a password manager? There is a tiny chance that your credit card number could be stolen if you shop with multiple browser windows open. Don't do that. There's no need. So the actual risk is very small, and very tiny for people who pay any attention to security. But on a phone.... If you shop and store lots of sensitive data on your phone that risk is more realistic, mostly because it's so hard to control access to your phone. Mal-apps have become a big problem. Non-mal-apps are still often spyware because they're ad-supported. The system is a sieve. On the other hand, if you're giving out your current location to every Tom, Dick and Harry app maker now, what info do you have that you consider sensitive? Maybe the moral of this story is don't shop or bank from your phone. In other words, common sense. You have to remember context in general. A "smart" door lock? It might be vulnerable, but there's nothing there to exploit it. A "smart" frig? Again, it's running alone. Even if such an item could be exploited, will Chinese hackers profit by knowing you're low on mayo? This is not a takeover bug. It's a data stealing bug. |
#8
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
In article , Mayayana
wrote: | I switched to AMD when the 386DX-40 came out. But other devices have Intel in them besides home computers so you may have one and not even know it. You haven't bothered to answer my question, but I've been trying to keep up on this issue. It turns out you're right: https://www.techarp.com/articles/int...arm-cpu-bug-4/ That site even lists known CPUs at risk. With Apple it's pretty much everything. Android doesn't seem to be much better. it affects just about everything from everyone. also note that amd initially said it wasn't a problem and then changed their tune. they're being sued over that bit of misrepresentation, btw. at least the apple watch is safe. the real problem is that older devices are unlikely to be patched, a very big problem for android. most android devices currently in use will remain vulnerable, making for a *huge* target surface, more so than it already is. other devices, such as routers and nases are also at risk, however, they don't normally run third party apps, so although the flaw exists, it's unlikely to be used. that is, unless one installs a compromised app on one. That adds a whole new wrinkle. For anyone on a computer, especially using AMD, the actual risks are very slight: An attacker has to go through a browser, or similar Internet-connected software, or be installed. Installed software can already access data, so the real issue is script in the browser or malware. Script can be limited. Malware is already a risk. And browsers are being updated. it's more than slight and not just scripting, but yes, everything is being updated. except for windows xp, so you're screwed. Even if you allow script and get attacked, there's very little risk. An attack on AMD can only read random memory from other programs. An attack on Intel can read all memory, but there still has to be something worth reading. the problem is there's no way to know what data you're going to get. it might have passwords or other useful data, or it could be a couple of frames of a youtube cat video. it might even be one of your usenet posts. So a running password manager with your banking password might have a longshot chance of giving up that password. On the other hand, even if you're reckless enough to do online banking, what nut would put that password into a password manager? There is a tiny chance that your credit card number could be stolen if you shop with multiple browser windows open. Don't do that. There's no need. online banking and shopping is not reckless and using a password manager is a *very* *good* idea, one which makes you *less* at risk. there's also no need to enter in a credit card number anymore for most sites (although it often remains an option for the unaware). as usual, you don't understand how things work. the actual risk is how secure the merchant's system is, not yours, as the merchant is a *much* bigger and far more valuable target. one exploit can net a *lot* of card numbers, as it did with oneplus: https://www.tomsguide.com/us/oneplus-credit-card-fraud,news-26466.html OnePlus is investigating complaints from at least 170 customers who encountered fraudulent charges on their credit accounts shortly after buying items on the OnePlus website. Earlier today (Jan. 16), OnePlus said it's temporarily halting credit card payments at its website while it continues to investigate. just three days later: https://forums.oneplus.net/threads/j...e-on-credit-ca rd-security.752415/ We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users. .... Some users who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018, may be affected. You have to remember context in general. A "smart" door lock? It might be vulnerable, but there's nothing there to exploit it. other than the contents of your house, you mean. but there's no need to have a smart lock to be vulnerable. just about every lock is easily picked in just seconds. including the one on your front door. or just break a window and climb in. even the strongest lock won't prevent that. A "smart" frig? Again, it's running alone. Even if such an item could be exploited, will Chinese hackers profit by knowing you're low on mayo? This is not a takeover bug. It's a data stealing bug. at least one smart fridge has a camera inside it that identifies what food you have in it and lets you know when you're running low on stuff. it's a marketer's dream, because now they know what brands you buy *and* when and how often you open the fridge. and since the fridge is on your local network, there may be other stuff it can find out... of course, this is easily secured, but most people don't bother. |
#9
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
"nospam" wrote | the actual risk is how secure the merchant's system is, not yours, as | the merchant is a *much* bigger and far more valuable target. | Nothing to do with the topic at hand. That's about a hacked website. The thread is about Meltdown/Spectre. |
#10
|
|||
|
|||
Your computer will be slllowwwwing dooowwwnnnnnn....
In article , Mayayana
wrote: | the actual risk is how secure the merchant's system is, not yours, as | the merchant is a *much* bigger and far more valuable target. | Nothing to do with the topic at hand. That's about a hacked website. The thread is about Meltdown/Spectre. *you* brought up credit cards and online shopping. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Will a new computer help? | Alan Justice | 35mm Photo Equipment | 69 | February 29th 12 03:44 PM |
Computer | Irby | Digital Photography | 194 | March 19th 07 01:38 PM |
Computer?? | jd | Digital Photography | 46 | October 23rd 06 10:58 AM |
2 Scanners To One Computer | Tim Forehand | Digital Photography | 16 | January 10th 05 03:23 PM |
Computer maintenance | Aerticeus | Digital Photography | 32 | December 8th 04 05:56 PM |