Meltdown – The Intel CPU Security Flaw.

Meltdown – The Intel CPU Security Flaw.

Intel's Computer chip security flaw.
Intel’s CPU flaw

A critical design flaw in Intel based CPUs, going back ten years has been discovered by security researchers. Who have coined the name “meltdown” to describe the bug built into most Intel based chips and by extension most of the worlds computers.

The flaw allows the Kernel memory in most x86-64 operating systems, Windows, Macs and Linux, to be accessed by specially written malware that could then provide a users data to an attacker or allow the attacker to install other software on the compromised system.

While Intel has ramped up its PR machine to downplay the flaw. I find it a bit odd from an ethics viewpoint that their CEO Brian Krzanich, sold 24 million dollars in stock options AFTER Intel was informed of the flaw by Google. As reported by Business Insider…

http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1

As a physical replacement (after a redesign) of every CPU sold in the last ten years would be almost impossible to accomplish, its going to have to be a software fix implemented at the operating system level to address this blunder.

Linux programmers already have a Kernel replacement being tested while Apple and Microsoft have made statements their operating systems will be patched in the days and weeks to come.

But due to the nature of the flaw all these fixes will have to bypass or change the way the O/S will address each systems Kernel memory, resulting in a system slowdown of anywhere from 5% to 30%.

So for some end users their computer may lose close to 1/3 of their speed overnight, after the respective patches are applied to their operating system. All to address Intel’s massive screw up.

I am sure the lawyers are already preparing their class action lawsuits as I write this. But it won’t be much help to the regular computer user.

And from a computer repair and support viewpoint, this will mean IT support departments, computer stores and independent computer repair technicians will start to soon receive a large influx of support calls from users that have no idea Intel’s bug is the cause of the coming slowdown and will demand a fix.

And unfortunately one will not be coming soon from Intel, as it takes years to redesign and re tool production for a new or at least updated CPU. And while many people may run out and buy a new computer once they discover their current computer’s performance hit after the patches are installed. It will not really do that much good if they try and get a system with the same specs as they had before. As the chips will still be defective.

UPDATE 1/10/18

While Apple, Microsoft and others have pushed patches to address this issue, it seems that these fixes are not ready for primetime just yet. With AMD chipset users and other systems that use certain antivirus products either being bricked after being updated or stuck in a reboot loop.

At this time as no real world attack has been demonstrated to be out in the “wild” just yet. It may be a better idea to wait to install these patches until they can be demonstrated to be working on the vast majority of systems. Not 100% safe, but better than bricking your system. I am sure in the weeks to come working patches will become available.

Apple slows down iPhones?

Apple has, after a recent update been accused of intentionally slowing down it’s older iPhones. And after a few bloggers have tested their old phones, it seems to be the case.

So is this some conspiracy to get you to buy a new phone at almost $1000 a pop, or is their a reasonable explanation to this “update?”

It maybe a combination of both. Apple does not make any extra money if you hold onto your iPhone forever. And if you have seen the iPhone “Season” commercials it looks like your supposed to buy a new iPhone every year.  And I guess it’s to their advantage if they can get you to spend upwards of $1000 every 365 days. And all this blends in very well with the trash talk that Apple is slowing down your old phone to make you buy a brand new one.

But Apple claims that the update was to prevent older iPhones from shutting down unexpectedly. Which makes a little sense, knowing that older batteries do indeed discharge faster than newer ones will and a phone that quickly shuts down after a charge is inconvenient to use.

In my view it might be a mix of both reasons. Apple does want to increase sales year over year, but also needs to try and make sure their older products do not get a reputation for failing badly at the end of their life cycle. And I might 100% believe their claim of such if they had of implemented this update in a different way.

Instead of a update that installs this new battery management protocol in the background, I would have made some kind of popup asking the phone user if they would like to have their phone slowed down to increase battery life. Then the phone owner knows what is going on and made the choice themself.

By not asking for permission to implement a major change in the function of their phones, Apple left themselfs wide open to these claims against them. And I doubt if they will ever be able to get rid of these rumours without changing the update in the way I described above.

So is this a flat out fraud? Slowing down phones just to get people to buy the next one? I doubt it. My thinking takes me to a conclusion that they indeed were trying to fix something. But they’re weird implementation of the fix also implies to me that they had few qualms of hiding it in such a way that they would not be obverse to selling a few new phones along the way.

Update: 12/28/17

Apple has come out and apologized for their bad handling of this software update and is now offering consumers a $29 battery replacement. But I still have to wonder why they would not just adjust the software update to let end users decide if they want their iPhones speed changed or not. In the end still being forced to buy something or having your phone intentionally slowed down, would play into the rumors that they are just trying to find a way to force people to buy new equipment.

 

The FCC just killed Net Neutrality

It seems that once again the FCC has sided with big companies to take away the average computer users rights. With the end of Net Neutrality expect to see higher costs and slower service, presented in confusing packages. Also expect to see more big players kick out and stifle development by innovative, smaller companies.

Take note today of your current cost per month for the Internet. I can all but guarantee that next year you will be seeing higher prices, with less access than before.

Why Net Neutrality is Essential

Who cares about Net Neutrality? Why does it matter if companies get to do what they want. They own the networks right?

In a nutshell it’s all about being fair. Today every website in the world must be treated equally by your Internet Service Provider or (ISP). In other words Netflix gets the same priority and download speeds as Facebook or your aunt’s personal homepage about her cat, fluffy.

Without this rule your ISP can slow down a website, play your favorite movie in low resolution or even charge you extra money to go to Facebook, hulu etc…

They can even block websites so they can replace services you like with services that make them more money.  Want to start paying extra for every google search or have to use comcast’s search engine instead? This can (and will) happen if these rules are repealed.

Own a small website that helps you get new clients? You might have to pay extra to be seen on Charter, Comcast or AT&T. And if you don’t pay up you could lose all your viewers and customers that use these providers because they will never even see you. This makes the hassle of Search engine optimization (SEO) seem like a walk in the park compared to what might be coming.

Imagine you own a non-profit and have to pay extra money to each ISP just to get the word out. Would that hurt the money you will have available for your cause? I would think so.

What if these ISP’s decide that a secure connection to your credit card or bank account (HTTPS) should be a “premium” service and you have to pay $5.00 each time you want to check your balance or pay for a Amazon purchase? What will happen if you have to pay $1.00 for every cat video on YouTube or $5.00 for each porn video (I know it’s your teenage son doing it)? Maybe 25 cents for each email you get from that Nigerian Prince? Without Net Neutrality the sky is the only limit.

Worse yet, what about your first amendment rights? You think if you post a negative review about comcast that they won’t have some kind of automated filtering system in place so none of their customers ever even see it? Without Net Neutrality they would have nothing stopping them from blocking what they wish.

What if the Koch brothers (or insert here villain of your choosing) payoff AT&T a billion bucks to block all Pro Democrat advertising or comments on their network. Or somebody blocks the NRA, Peta, Planned Parenthood? What if a woman was searching for birth control information and got redirected to the Catholic Church?

It matters not, right / left or anarchist . The things you care about and wish to support or learn more about could vanish at the press of the “enter” key tomorrow.

As much as these companies will wish to have you fall for the “we built” the network and it should be “free” from all regulation ideal. It’s just plain wrong, and we are being willfully misdirected on this subject.

The original network (ARPANET) was paid for with your tax dollars. The Universities that then expanded it were paid for with your money. And every major ISP has taken government money (aka, YOUR MONEY) to develop and expand it into the Internet we all rely on today. The US Air Force is in charge of cyber security of the countries networks. And guess who pays for the Air Force?

The Internet belongs to you and me and anybody that says different is trying to scam you.

If we lose this rule, everything we do on the net will become a premium service or you will have to buy a package like we already do for cable TV. And as most know first hand, these packages are seldom fair to the customer. It will turn into buying HBO and getting 25 crappy channels with it that you never watch. And then having to do the same thing to get Showtime. Just Replace HBO and Showtime with Netflix and Facebook and you get an idea of what may come.

If you don’t like what will happen without Net Neutrality, then you need to do something to keep the Internet the way you like and have grown to use it. Or it will all go away.

Sign the petition below and write or call your representatives, ASAP!

NET NEUTRALITY Petition to Congress

Create a family and friends password today!

Just got my 3rd scam phone call today. Which turned out to be the classic grandparents scam. Some SOB screaming on the other end of the line that something happened and he need granddads (I have no kids) credit card info right away to get out of some jam. This and other scams like it work because they can stress older people into thinking something is wrong with their kids, grand kids or friends.

Almost everybody has gotten calls like this in the past and unfortunately a number of my customers fall for it because with practice these scammers put on a good show.

But here is a quick thing you can do for all your family that can stop scams like this cold in their tracks. Set up a family password that you only share with your family and close friends. It’s dirt simple, make a easy to remember phrase like “pink orange juice” and share it with the people close to you. Tell them if there is some future emergency to use that phrase so you know it’s really them and not a scammer. Then if (or when) one of these losers call, ask them for the “Family Password” and wait for them to hang up the phone.

Christmas Gadget Help

Don’t forget to plan ahead and schedule with RenoGeek to set up all your new devices and computers. Most computer technicians are very busy the first few weeks of the new year, so make sure you’re prepared ahead of time. Having a pro setup your new equipment will save you lots of time, while also making sure your new toys are secure.

Comcast, Verizon, and AT&T all down

There are reports from all over the Internet that major ISP’s are down or experiencing major connectivity issues. So it’s not you this time.

A Comcast tweet is calling it an “external network issue”. While first reports seemed to suggest an attack of some kind it seems to be a switching error on the Internet backbone.

WPA WiFi standard has been compromised

Rumors floating around the computer security world the last few days have been verified. Researchers have found a way to bypass the security used on most wireless routers, laptops and cell phones.

The flaw is in the WiFi standard itself and not with any make or brand of routers. So it may take some time before a wide release of a fix becomes available.

A first look at what sort of attack may be used against this flaw seems to indicate that an attacker would have to be in range of a WiFi device. So while still serious, it would limit attacks to hackers within a few hundred feet of your router.

For now I am sure that the WiFi standard will be worked on as well as a rush by manufactures to implement patches. As this flaw has just been found there are only a few things an end user may do at this point…

  1. Update your security patches for routers and other WiFi devices.
  2. Limit your public WiFi use until patches are released (AND INSTALLED).
  3. Make sure the websites you’re using are secure by logging onto only secure sites that use the HTTPS protocol. If you do not know how to do this then install a plugin for your browser such as HTTP Everywhere that will make sure your connected securely.

UPDATE: 1:16 PM 10/16/2017

It seems Microsoft had a heads up with this problem and has some fixes. You can choose just to do a regular update to get your computer patched or go here and download for your “flavor” of Windows.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Taking out the trash

Seems in the past few weeks a bunch of old tech favs have fallen by the wayside.

Piriform’s Ccleaner had a bad security breach that left it’s utilities hacked and without a clear response and explanation on how their security failed so badly are now off my list of recommend software.

AIM Messenger, once a classic instant messaging platform is calling it a day. Now if AOL will just stop scamming all the computer illiterate with their AOL Desktop software I will be happy.

And Today Microsoft admits that they are now out of the phone business. Letting Windows 10 mobile die off. If not so gracefully.

The one rule in technology is it always changes, and I am happy to see the above fade away in favor of more modern,  secure and helpful technology that I can tell my computer repair clients about.

 

 

Homeland Security and US-CERT forward nonsense alert

Just got an email from US-CERT forwarding a FTC alert stating that you should use Equifax to monitor the effect of the Equifax breach on your credit accounts?!?!?!

See this line in the email…
Alternative security recommendations include using fraud alerts and free credit monitoring from Equifax.

Forgive me if I don’t get it. But this seems to me like letting the doctor that left the scalpel inside your gut, go back in for another try. It is the industry standard to have an outside agency or company monitor a break of this magnitude. Until they have proven they have fixed the breach AND a resolution has been implemented for ALL those that have been affected.

jeeesh !!!