85716 Unterschleißheim, de
+49 (89) 2109-3275
Steve Grobman's explanation of the Spectre-Meltdown threatsUnterschleißheim, )
Both Spectre and Meltdown techniques are breaching the protections that separate apps and applications from the operating system as well as other applications.
One way to think about this is that if we consider the analogy of banking. We rely on the bank to perform operations on our behalf. When we request that a payment is made to our electric company, the bank performs many tasks behind the scenes to move funds such as updating financial records and ledgers.
I don’t have access to the sensitive data the bank manages, nor do I have access to information about any other customer accounts. I am relying on a privileged service to perform an action on my behalf.
This is exactly how operating systems work. Applications request the operating system to perform certain sensitive operations on their behalf when the application can’t perform the action directly.
These attacks “melt” the barriers between unprivileged applications and the privileged operating system. In the banking example, it would be like having normal users see all of the “behind the scenes” data that the bank has as well as other banking customer information.
On consumer devices, the attacks can potentially steal passwords, financial data or access to information in another application, there is definite cause for concern. Consumers should immediately apply whatever updates they receive from PC, phone and mobile app providers.
For businesses, there is potentially more risk because information could potentially be stolen from another business or department that is using the same physical device. The positive news on this front is that the major cloud providers behind the devices and apps we use have been proactive in applying the software fixes needed to mitigate much of this risk.”
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an firstname.lastname@example.org.