網頁

2018-01-05

CPU大漏洞,補丁抓漏

Comment
幾乎是界上所有電腦的CPU都有兩大安全漏洞—Meltdown and Spectre
漏洞,是自然存在—人非萬能,或是大約翰開鑿的,誰知道?
也絕不會有人承認。


CPU主要是誰設計的?IntelAMDAPPLE等等。所以中國要自己發展CPU
所以中國的CPU龍芯」比較安全?
放屁!

大廠出「補丁」了。但速度會慢2030%。
哈哈哈,「反正我是信了!」


Researchers Discover Two Major Flaws in the World’s Computers    NYT 20180103
SAN FRANCISCO — Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world’s computers.

The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks.

There is no easy fix for Spectre, which could require redesigning the processors, according to researchers.  As for Meltdown, the software patch needed to fix the issue could slow down computers by as much as 30 percent — an ugly situation for people used to fast downloads from their favorite online services.

“What actually happens with these flaws is different and what you do about them is different,” said Paul Kocher, a researcher who was an integral member of a team of researchers at big tech companies like Google and Rambus and in academia that discovered the flaws.

Meltdown is a particular problem for the cloud computing services run by the likes of Amazon, Google and Microsoft.  By Wednesday evening, Google and Microsoft said they had updated their systems to deal with the flaw.

Amazon told customers of its Amazon Web Services cloud service that the vulnerability “has existed for more than 20 years in modern processor architectures.”  It said that it had already protected nearly all instances of A.W.S. and that customers must update their own software running atop the service as well.

To take advantage of Meltdown, hackers could rent space on a cloud service, just like any other business customer.  Once they were on the service, the flaw would allow them to grab information like passwords from other customers.

That is a major threat to the way cloud-computing systems operate.  Cloud services often share machines among many customers — and it is uncommon for, say, a single server to be dedicated to a single customer.  Though security tools and protocols are intended to separate customers’ data, the recently discovered chip flaws would allow bad actors to circumvent these protections.

The personal computers used by consumers are also vulnerable, but hackers would have to first find a way to run software on a personal computer before they could gain access to information elsewhere on the machine.  There are various ways that could happen: Attackers could fool consumers into downloading software in an email, from an app store or visiting an infected website.

According to the researchers, the Meltdown flaw affects virtually every microprocessor made by Intel, which makes chips used in more than 90 percent of the computer servers that underpin the internet and private business operations.

Customers of Microsoft, the maker of the Windows operating system, will need to install an update from the company to fix the problem.  The worldwide community of coders that oversees the open-source Linux operating system, which runs about 30 percent of computer servers worldwide, has already posted a patch for that operating system.  Apple had a partial fix for the problem and is expected to have an additional update.

The software patches could slow the performance of affected machines by 20 to 30 percent, said Andres Freund, an independent software developer who has tested the new Linux code. The researchers who discovered the flaws voiced similar concerns.


10 則留言:

  1. 好奇,為啥雲程兄認為這個夠危險
    為啥沒有關注這個新聞
    https://www.ithome.com.tw/news/118487
    INTEL ME大漏洞,在使用者與作業系統未察覺的狀態下載入與執行任意程式

    即使CPU做出來,也要有搭配的主版,上面的南橋北橋對內對外溝通
    當年,是台灣的一堆廠商支持INTEL、AMD的主版,甚至讓INTEL自己做的主版銷售灰頭土臉
    有了主版,才能開始推展示場,只有CPU是不夠的

    另外談到龍芯,MIPS有的優缺點,他一樣繼承(就不說當初刻磨盜版的事情了)
    而且發展到現在,也沒有從裡面發展出什麼技術,整個「芯」產業只有做產品,唯一拿出上台面的,就是天河一號
    整個發展,比ARM架構的芯產業還慘......
    也沒看中國那到這個芯發展出什麼市場、架構

    回覆刪除
    回覆
    1. 這是屬於同類的新聞。

      中國的發展,到今天為止,都還只是在衝「量」:你有,我多、我快10倍。怎樣?
      如此而已

      這是追隨者的典型特徵。
      從網路、鐵路,到望遠鏡、經濟計劃、支付手段都是如此。

      這樣的文明發展,到最後
      會塞住:因為沒有可以學的、偷的。
      會內爆:因為胃口被養大,無新管道抒解。

      正在北京越來越猖狂的時候,我對中國卻是越來越悲觀。
      這是從文明與創新角度判斷的。

      刪除
    2. 這就是如劉仲敬所說同技術輸入到秩序輸入, 大東亞天朝政府的秩序和管理並非自行發明產生,而是由外來文明所輸入進口的。
      這種進口的方式路径一旦被斬斷,天朝政府就只有自行分裂的情況,因為各地方會自行引進更先進文明的秩序,來取代天朝的秩序,所以中國現在盡可能的打斷人民与地方官僚和外界的接觸的管道,如網路。中國現在正一步一步的朝這個方向走,從民族主義大力推行開始,天朝中央將秩序進口的路給堵住,分裂崩解還遠嗎?

      刪除
    3. 雲程所說的現象己經3000年了,這就是漢人所說天下合久必分,分久必合,從大柬亞來看根本不是這麽回事。

      刪除
  2. 說個非常外行人的觀察:以前XP時,經常受到病毒襲擊,一直到Vista到Window 7。而後當Window 10出來之後,智能手機大流行。微軟也宣布停止Vista和7的更新了。這下反而突然覺得Window Vista, Window 7,都不再受到病毒襲擊。

    這現象給俺一個印象,或許效率進步到一個層次即可,不需再越求越新。因為越新的版本,只帶給自己越多被掌控的機會罷了。

    俺純粹是一個白痴電腦大叔,只是感覺而已!

    回覆刪除
    回覆
    1. 非常有價值的觀察。

      但,電子業者也注意到此,所以製造出
      1. 「流行」的氛圍,讓多數人捨棄可用的,去追求「更好的」。
      2. 「不相容」的軟硬體環境,讓舊的使用者無法修理、沿用。

      這樣,就完成了電子業主導的現代總體經濟:創造需求。
      然後,這個大餅,卻由少數人享受。

      有關監控,不僅PC、手機,連Cable TV上面的資訊盒,都有可能具有錄音功能。
      掃地機器人或AI狗,在家中走來走去,誰知道有沒有3D掃描功能?

      刪除
    2. 是被入侵而不知還是不再被侵襲?有人專門攻舊系統

      刪除
  3. 中國的商業策略。
    先低價殺入現有市場,不求完美,擴大市佔為目標,讓客戶去殺價其他廠商。當其他廠商無法支撐時,自然退出市場,中國廠商就持續有資金再來改進性能。
    以農產選別機為例,日本製300萬,台製200萬,中製150萬。客戶要求台製廠降價為150萬,但台製廠保固期2年,成本也接近150萬,無法降價,除非資本雄厚養市場。客戶買了中製品,半年後就陸續出問題,維修費加起來都超過買台製品的價格,長期下來都可以買日製品了。

    回覆刪除
    回覆
    1. 一般而言,這是常見的商業手法。

      通常,正派廠商只要忍過兩年,亂搞者就會被消費者擠出去(或倒閉)

      因為中國是以國家力量在支持企業的國際活動,所以,不會倒,
      從而,能繼續行騙

      這就是影響到長遠的商業公平競爭,以及公平的商業模式

      這是中國崛起對各國(國際)商業風險最大的威脅。

      刪除
  4. 據報導:
    美國已有3個州出現對英特爾的集體訴訟案,他們指控英特爾欺騙民眾購買含有缺陷晶片的電腦設備,「迫使」民眾必須更換設備或承受巨大的資安風險。
    http://m.ltn.com.tw/news/world/paper/1166575

    回覆刪除

請網友務必留下一致且可辨識的稱謂
顧及閱讀舒適性,段與段間請空一行