This is only a preview of the February 2018 issue of Silicon Chip. You can view 37 of the 104 pages in the full issue, including the advertisments. For full access, purchase the issue for $10.00 or subscribe for access to the latest issues. Items relevant to "A Water Tank Level Meter with WiFi and More!":
Items relevant to "El Cheapo Modules 13: sensing motion and moisture":
Items relevant to "Highly versatile & accurate dot/bar 10-LED Bargraph":
Items relevant to "The Arduino Mega Box Music Player revisited":
Purchase a printed copy of this issue for $10.00. |
SILICON
SILIC
CHIP
www.siliconchip.com.au
Publisher
Leo Simpson, B.Bus., FAICD
Yet another threat to surfing the net
Derby Street, Silverwater, NSW 2148.
Just as this issue was going to press, news broke about a
number of related vulnerabilities in Intel and compatible
CPUs. Known as “Spectre” and “Meltdown”, they allow
untrusted programs to read sensitive data.
These vulnerabilities exist in pretty much every desktop and laptop PC in use today and some tablets and
phones may also be affected. And there’s a problem with
the timing of this news because companies like Microsoft
had hoped to release fixes before these problems became
public knowledge. But now the cat is out of the bag.
While it should be possible to change operating systems to prevent malware
from exploiting these flaws, those changes are likely to degrade overall system
performance. Some estimates are that this could slow down your computer as
much as 30% but recent bulletins from companies like Apple suggest that this
won’t be the case.
So what can you do? Well, if you’re paranoid or dealing with top-secret information, you could stop using your computer until updates are available. However, at any given time, it’s virtually guaranteed that someone, somewhere knows
about a flaw in your operating system (whether it’s Windows, Linux, Mac OS or
something else) that could be exploited to access your private data.
These do eventually come to light and eventually they are patched. But there
may be a window of days, months or even years during which malicious parties
can take advantage of them to create viruses, worms, trojans and other assorted
nasties.
Unless you become a hermit and live in a cave in the mountains, I’m not sure
that you can ever be be completely safe from such flaws. You could keep a separate computer to use only for sensitive tasks (banking and so on), and keep it unplugged from the internet most of the time. That may not make you 100% safe
but it would probably help. But you would still need to keep the software on that
machine up-to-date.
So why didn’t anybody discover Spectre or Meltdown before? Apparently these
problems have existed in Intel CPUs as early as 1995 and possibly even earlier
but they are quite subtle flaws and difficult to exploit.
I do not think it’s very likely that we will see actual malware taking advantage
of these, especially now that operating systems are being desperately patched.
But I could be wrong.
Explaining the actual mechanism behind these flaws is difficult for all but the
most advanced programmers to understand. In brief, they take advantage of the
fact that you can get the processor to execute instructions which occur after accessing restricted memory, even though that access will trigger a fault interrupt.
This is due to the “speculative execution” mechanism built into modern CPUs
in order to speed them up.
While the CPU correctly discards the results of these invalid instructions, it
still has to spend time executing them and by arranging for them to have a certain
delay, then measuring that delay, it is possible to infer the contents of memory
that a process does not actually have permission to access. That memory could
belong to any process, including the kernel, and could contain sensitive data
such as passwords.
Researchers have created software which takes advantage of this to read normally inaccessible memory. However, as I said above, I still think (or is that hope?)
it’s too difficult to use in actual malware. Time will tell if I am right.
More than anything else, these revelations indicate just how easy it is for a potentially serious security flaw to escape notice for many years. For most people,
the best they can do it make sure that their computer always has the latest updates
– and don’t ever click on attachments in emails from people that you don’t know.
ISSN 1030-2662
Recommended & maximum price only.
Nicholas Vinen
Editor
Nicholas Vinen
Technical Editor
John Clarke, B.E.(Elec.)
Technical Staff
Ross Tester
Jim Rowe, B.A., B.Sc
Bao Smith, B.Sc
Photography
Ross Tester
Reader Services
Ann Morris
Advertising Enquiries
Glyn Smith
Phone (02) 9939 3295
Mobile 0431 792 293
glyn<at>siliconchip.com.au
Regular Contributors
Dave Thompson
David Maddison B.App.Sc. (Hons 1),
PhD, Grad.Dip.Entr.Innov.
Geoff Graham
Associate Professor Graham Parslow
Ian Batty
Cartoonist
Brendan Akhurst
SILICON CHIP is published 12 times
a year by Silicon Chip Publications
Pty Ltd. ACN 003 205 490. ABN 49
003 205 490. All material is copyright ©. No part of this publication
may be reproduced without the
written consent of the publisher.
Subscription rates: $105.00 per year
in Australia. For overseas rates, see
our website or the subscriptions page
in this issue.
Editorial office:
Unit 1 (up ramp), 234 Harbord Rd,
Brookvale, NSW 2100.
Postal address: PO Box 139,
Collaroy Beach, NSW 2097.
Phone (02) 9939 3295.
E-mail: silicon<at>siliconchip.com.au
Printing and Distribution:
2
Editorial Viewpoint
Silicon Chip
Celebrating 30 Years
siliconchip.com.au
|