Activity

A pair of security vulnerabilities, Meltdown and Spectre, could compromise basic security for practically all computers. Meltdown allows malicious programs snoop around high-privileged parts of your computer’s memory, like your private files, passwords, or cryptographic keys, while Spectre lifts data from the memory of other applications you’re running. The problem springs from a decades-old bug in Intel chips that was uncovered near-simultaneously by multiple researchers last week. “It was really, really scary,” says Daniel Grüss, one of the researchers who discovered Meltdown. “You don’t expect your private conversations to come out of a program with no permissions at all to access ven as everyone from hardware companies to cloud computing services race to issue emergency patches, one enti is probably not especially surprised. “If you asked me whether intelligence agencies found this years ago, I would guess certainly yes,” Paul Kocher, a well-known security researcher, says. “And if they found something like this, as long as it’s yielding good intelligence, they don’t tell anyone.” From Wired cover to 1-8-18 pub.