Update on Meltdown-Spectre security vulnerabilities

Anti-virus software makers are detecting malware that attempts to exploit the security vulnerabilities identified as Spectre and Meltdown. Since code must execute on the computer to exploit these vulnerabilities, anti-virus software is being updated to detect such malware attacks. Of course, some such malware may yet get through our defenses and could end up on machines.

Source: Meltdown-Spectre: Malware is already being tested by attackers | ZDNet

My view is that for most of us, its just another form of malware. We all need to be pro-active about avoiding malware by taking appropriate steps such as installing code we know to be good, using anti-virus software, and keeping our systems generally update. Meltdown and Spectre are just two more exploits that hackers can use.

Is your computer now protected from Spectre and Meltdown security vulnerabilities? 

Steve Gibson of Gibson Research Corporation has provided a downloadable program that says whether or not your Windows PC has been updated with fixes for Spectre and Meltdown. The program also offers, if possible, options to disable the security protections (such as you find the updates cause your computer to run slower).

Go here to read about and download the utility program: GRC | InSpectre  

High level look at the SPECTRE exploit

In early January, two security exploits were revealed, both of which take advantage of ways that processors work to improve their performance. This video looks at the SPECTRE exploit; the other exploit is called MELTDOWN. Rather than speculative execution, it exploits a feature of Intel processor known as “out of order” execution to gain access to protected system memory. MELTDOWN is not covered in this video, however.

 

High level overview of compiling a program into executable instructions

A high level look at the concepts of compilers, interpreters, byte codes and Just-in-Time compilation, as ways of converting our programs into executable programs or machine instructions processed by the CPU.

The first video provided a high level look at computer system architecture.

The second video introduced the concepts of the CPU or processor.

This video introduces the conversion of our high level programs into machine executable code. Note that this video does not cover specifically how App Inventor blocks code is converted into an executable program.

The fourth video, relying on the information covered in the first 3 videos, will explain the ideas behind the SPECTRE exploit.

 

Brief Introduction to Computer System Architecture

App Inventor is a “high level” programming language. That means we create programs without having to know about the underlying operating system or hardware components of our device. The software engineers that create operating system software are “low level” programmers who must be familiar with the details of the hardware.

To understand the SPECTRE and MELTDOWN exploits, we need to have a basic understanding of computer systems – particularly the CPU or processor – and how it operates.

This video is a high level, simplified introduction to the basic elements of a computer system. I emphasize “simplified”! I have an Intel processor manual from a couple of years ago that has over 3,400 pages!

A future video will look at how high level programs are converted into “machine instructions” that are processed by the CPU. After that, we will look at how SPECTRE works to read memory that should be protected.

Be sure to Click Subscribe on Youtube!

In the above video, I did not define “RAM” memory and what it means. RAM means “Random Access Memory”. A typical modern PC has 8 to 16 gigabytes of RAM memory. Many smart phones have 4 to 6 gigabytes of RAM memory. While both RAM and FLASH are types of memory, they are not the same thing.

This short video introduces types of memory used in computers, smart phones and electronic devices including ROM, PROM, EPROM, EEPROM, FLASH, RAM (both DRAM and SRAM), and a brief history of the now very old “magnetic core” memory.

The major difference between ROM, PROM, EPROM, EEPROM/FLASH is that these memories retain their stored values even if power is turned off.

RAM memory, however, loses its content if power is turned off. Some times a battery backup unit is attached to RAM to keep the memory “alive” even if the overall system power is turned off. RAM memory is otherwise fast to use and has become remarkably inexpensive.

“DRAM” means “dynamic RAM” and “SRAM” means “static RAM”.

Most of our devices use DRAM because it is cheaper and each bit takes up less circuit space (than SRAM) so more memory can be packed into a smaller space. The reason it is called “dynamic” RAM is because the memory must be continuously refreshed. Each bit is stored as a tiny capacitive charge. Because the charge slowly bleeds off, the charge must be periodically refreshed – if not, the values stored in memory will gradually fade away (so to speak).

A special circuit continuously reads and then rewrites each bit so that the charge stored at each bit location is refreshed and does not fade away.