Meltdown and Spectre Analysis and Current Status

There seems to be a lot of complacent or feel-good news that Meltdown and Spectre will solve themselves or that no worry or care should be taken from users but this couldn’t be further from the truth.  In reality while CPU makers say “there are no known cases of exploits” doesn’t do much to allay fears of those in the know.  This is because Spectre and Meltdown will not leave any trace or evidence that you’ve been hacked.  Although it can be argued that there may be some signs of unauthorized access if that was how access was gained.

However, the nature of Spectre and Meltdown allow for normal authorized users, programs and even scripts on websites to exploit you.  This is why it is so scary as there’s really no way to be certain you haven’t been breached.

It’s an issue for everyone because these exploits could impact anything from your bank, transportation/transit, airplanes, nuclear power plants, and basically anything else that relies on computing security since Meltdown and Spectre are a complete breakdown of those barriers.  I won’t go into more of the basic details but I did make a quick “take on the issue here“.

The good news

There were patches quickly released for a lot of Linux, Windows and Mac devices.  However this doesn’t mean that the users installed the patches or that all users have the ability or access to do so.  Take for example physically remote computers, devices and perhaps some that are running headless that may not be easily accessible or that for some reason have patches disabled (this is more common than you’d think in production or mission critical environments).

Then what about old and unsupported versions of operating systems or that old security system, phone, or TV box, or even ATM whose manufacturer may not be around anymore or is just simply not offering support?

It’s the same issue with many common worms and viruses, patches, and fixes may be issued but millions or more are often still affected long after for various reasons.

The bad news

Even if we assume that Google discovered these flaws first, and if we assume they weren’t mandated to be put there via ARM, AMD and Intel what about insiders who know about this back in June or even earlier on?   From that point a number of individuals and groups could have compromised or damaged sensitive data and computer systems.  There’s still time since a lot of devices and people will not be patched yet.

And to make things worse, the only true way to solve this issue is with a CPU microcode update, which is not simple to deploy especially on embedded devices and any mistake can lead to a bricked device.

These OS patches are just that “patch work”, a hack or work around to mitigate the issue.

Then there’s the question of “we know there are 3 variants or vectors of attack”.  What if there are others that are not yet discovered?  You can be well equipped and funded organizations/hacking groups are working on this as we speak and they certainly won’t be disclosing it.  Until all devices have microcode updates there’s no way to certain we are safe from unknown vectors related to Spector and Meltdown.

What can you do?

Simply look out for the latest updates for your devices/phones/computers and install the update but don’t falsely assume a new update means you are protected unless you’ve read so that “this update fixes the Spectre and Meltdown” issue.

Google Pixel 2 for Business Use?

Source http://areebyasir.com/?p=218

I have to start off by saying I am surprised at the specs or lack of them right out of the box I wouldn’t buy because there is no value there and no compelling features over the average phone. The entry level 5″ model comes in at $899 and the XL 6″ at $1159 USD. What is especially disappointing is the lackluster 4GB of RAM in both models this is quite shocking for a flagship phone I would say it is a low-end phone in terms of RAM which is a big deal to me and I think most people. If you don’t have enough RAM your apps will slow down and start swapping. There is also nothing that I see is groundbreaking in this phone compared to the iPhone-X.

If this phone came in at a budget price I’d say it would be a good value but like many, I am comparing it against flagship Chinese phones such as my OnePlus 5 that I recently bought. In comparison my One Plus 5 came in at $540 USD has 8GB of RAM, 128GB of storage and dual-SIM slot (very hand when traveling abroad/on business).

I think Google is going to be creating more work for itself and it needs to decide if it’s competing against the OnePlus or Apple because both are very different types of market segments and this phone fits into the middle of the pack in terms of specs but at a premium price. It just doesn’t make sense because these phones don’t carry any prestige that say a Samsung or Apple would.

I’m sorry for not going into more depth but for the way I purchase I had to stop at the 4GB of RAM I cannot believe any 2017 flagship phone would have such little memory.
The Pixel 2 looks like a good phone but it is overpiced and underspec’d and usually I say specs are not an issue but at that price point it certainly is and I’d say the iPhone-X is the better value. Think of it this way though you could almost buy 2 OnePlus 5’s with 8GB of RAM for the price of one Pixel 2.