Meltdown – The Intel CPU Security Flaw.

Meltdown – The Intel CPU Security Flaw.

Intel's Computer chip security flaw.
Intel’s CPU flaw

A critical design flaw in Intel based CPUs, going back ten years has been discovered by security researchers. Who have coined the name “meltdown” to describe the bug built into most Intel based chips and by extension most of the worlds computers.

The flaw allows the Kernel memory in most x86-64 operating systems, Windows, Macs and Linux, to be accessed by specially written malware that could then provide a users data to an attacker or allow the attacker to install other software on the compromised system.

While Intel has ramped up its PR machine to downplay the flaw. I find it a bit odd from an ethics viewpoint that their CEO Brian Krzanich, sold 24 million dollars in stock options AFTER Intel was informed of the flaw by Google. As reported by Business Insider…

As a physical replacement (after a redesign) of every CPU sold in the last ten years would be almost impossible to accomplish, its going to have to be a software fix implemented at the operating system level to address this blunder.

Linux programmers already have a Kernel replacement being tested while Apple and Microsoft have made statements their operating systems will be patched in the days and weeks to come.

But due to the nature of the flaw all these fixes will have to bypass or change the way the O/S will address each systems Kernel memory, resulting in a system slowdown of anywhere from 5% to 30%.

So for some end users their computer may lose close to 1/3 of their speed overnight, after the respective patches are applied to their operating system. All to address Intel’s massive screw up.

I am sure the lawyers are already preparing their class action lawsuits as I write this. But it won’t be much help to the regular computer user.

And from a computer repair and support viewpoint, this will mean IT support departments, computer stores and independent computer repair technicians will start to soon receive a large influx of support calls from users that have no idea Intel’s bug is the cause of the coming slowdown and will demand a fix.

And unfortunately one will not be coming soon from Intel, as it takes years to redesign and re tool production for a new or at least updated CPU. And while many people may run out and buy a new computer once they discover their current computer’s performance hit after the patches are installed. It will not really do that much good if they try and get a system with the same specs as they had before. As the chips will still be defective.

UPDATE 1/10/18

While Apple, Microsoft and others have pushed patches to address this issue, it seems that these fixes are not ready for primetime just yet. With AMD chipset users and other systems that use certain antivirus products either being bricked after being updated or stuck in a reboot loop.

At this time as no real world attack has been demonstrated to be out in the “wild” just yet. It may be a better idea to wait to install these patches until they can be demonstrated to be working on the vast majority of systems. Not 100% safe, but better than bricking your system. I am sure in the weeks to come working patches will become available.

Create a family and friends password today!

Just got my 3rd scam phone call today. Which turned out to be the classic grandparents scam. Some SOB screaming on the other end of the line that something happened and he need granddads (I have no kids) credit card info right away to get out of some jam. This and other scams like it work because they can stress older people into thinking something is wrong with their kids, grand kids or friends.

Almost everybody has gotten calls like this in the past and unfortunately a number of my customers fall for it because with practice these scammers put on a good show.

But here is a quick thing you can do for all your family that can stop scams like this cold in their tracks. Set up a family password that you only share with your family and close friends. It’s dirt simple, make a easy to remember phrase like “pink orange juice” and share it with the people close to you. Tell them if there is some future emergency to use that phrase so you know it’s really them and not a scammer. Then if (or when) one of these losers call, ask them for the “Family Password” and wait for them to hang up the phone.

Christmas Gadget Help

Don’t forget to plan ahead and schedule with RenoGeek to set up all your new devices and computers. Most computer technicians are very busy the first few weeks of the new year, so make sure you’re prepared ahead of time. Having a pro setup your new equipment will save you lots of time, while also making sure your new toys are secure.

Comcast, Verizon, and AT&T all down

There are reports from all over the Internet that major ISP’s are down or experiencing major connectivity issues. So it’s not you this time.

A Comcast tweet is calling it an “external network issue”. While first reports seemed to suggest an attack of some kind it seems to be a switching error on the Internet backbone.

WPA WiFi standard has been compromised

Rumors floating around the computer security world the last few days have been verified. Researchers have found a way to bypass the security used on most wireless routers, laptops and cell phones.

The flaw is in the WiFi standard itself and not with any make or brand of routers. So it may take some time before a wide release of a fix becomes available.

A first look at what sort of attack may be used against this flaw seems to indicate that an attacker would have to be in range of a WiFi device. So while still serious, it would limit attacks to hackers within a few hundred feet of your router.

For now I am sure that the WiFi standard will be worked on as well as a rush by manufactures to implement patches. As this flaw has just been found there are only a few things an end user may do at this point…

  1. Update your security patches for routers and other WiFi devices.
  2. Limit your public WiFi use until patches are released (AND INSTALLED).
  3. Make sure the websites you’re using are secure by logging onto only secure sites that use the HTTPS protocol. If you do not know how to do this then install a plugin for your browser such as HTTP Everywhere that will make sure your connected securely.

UPDATE: 1:16 PM 10/16/2017

It seems Microsoft had a heads up with this problem and has some fixes. You can choose just to do a regular update to get your computer patched or go here and download for your “flavor” of Windows.

Taking out the trash

Seems in the past few weeks a bunch of old tech favs have fallen by the wayside.

Piriform’s Ccleaner had a bad security breach that left it’s utilities hacked and without a clear response and explanation on how their security failed so badly are now off my list of recommend software.

AIM Messenger, once a classic instant messaging platform is calling it a day. Now if AOL will just stop scamming all the computer illiterate with their AOL Desktop software I will be happy.

And Today Microsoft admits that they are now out of the phone business. Letting Windows 10 mobile die off. If not so gracefully.

The one rule in technology is it always changes, and I am happy to see the above fade away in favor of more modern,  secure and helpful technology that I can tell my computer repair clients about.



Homeland Security and US-CERT forward nonsense alert

Just got an email from US-CERT forwarding a FTC alert stating that you should use Equifax to monitor the effect of the Equifax breach on your credit accounts?!?!?!

See this line in the email…
Alternative security recommendations include using fraud alerts and free credit monitoring from Equifax.

Forgive me if I don’t get it. But this seems to me like letting the doctor that left the scalpel inside your gut, go back in for another try. It is the industry standard to have an outside agency or company monitor a break of this magnitude. Until they have proven they have fixed the breach AND a resolution has been implemented for ALL those that have been affected.

jeeesh !!!

CCleaner Hacked

If your using CCleaner, know that the company that produces it has said it’s been hacked. Uninstall ASAP and if you wish to still use it download the latest version.

Watch out for fake antivirus programs

Just came across this Fake antivirus / scamware
“professional cleaning software”.

Could you be any more creative with a name?

If you decide to install security / antivirus software consult an expert first or you may end up with a fake that does nothing but take your money.


From Homeland Security / US-CERT

If your using Thunderbird to check your email…

Original release date: August 21, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3 and apply the necessary update.

Get the update version here