Spectre and Meltdown

January 20, 2018

Detroit’s hottest dubstep DJs Spectre and Meltdown live at the Music Institute Thursday, January 4th 2018. Get your tickets today at ticketmeister.org. Spectre and Meltdown are actually two serious security vulnerabilities discovered in nearly every computer processor made since 1995. So what does it mean? Is this the end of computing? Should we throw our computers on the campfire and live among mother nature? I wanted to find out, so I talked to security expert Wu-chang Feng at Portland State University. The verdict? You might just want to break out the abacus, because we’re all in big trouble. Spectre takes advantage of something called speculative execution. Processors make educated guesses about what’s going to happen next, then run through those steps to save time. It makes modern processors much faster, but it turns out that malicious code can sneak in during this speculation and reveal whatever’s floating around in memory—usernames and passwords, for instance. Meltdown breaks the barrier between applications and system memory, again letting malware take a peek at system memory. The vulnerabilities were found by university researchers and the security team Google Project Zero. As far as anyone knows, no hackers have taken advantage of either vulnerability, but Microsoft, Apple, and Linux distributors have released patches for meltdown and are working on ways to counteract Spectre. For more information on Spectre and Meltdown, I recommend http://meltdownattack.com by Graz University of Technology in Austria. The site has a breakdown of both vulnerabilities for laypersons and technical documents for computer scientists.