Who do you trust? Apple? Google? Amazon? Samsung? Intel? We may have reached a point where nobody in technology can be trusted and we, as customers and users, need to be ever more vigilant with how we use technology.
Remember Meltdown and Spectre?
These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Serious, right? Or, maybe not so serious because Meltdown and Spectre are both vulnerabilities for which there is no exploit. Yet. And the likelihood of someone using either vulnerability to hack data from your Mac seems rather thin to unlikely. Yet, what did hundreds of millions of computer users do in the weeks after the discovery?
We upgraded our systems and didn’t give it a second thought. At least, until some of those systems were bricked by inadequate fixes.
Linux founder Linus Torvalds, the keeper of Linux code, the world’s most used operating system, on Intel’s patches:
The patches are COMPLETE AND UTTER GARBAGE. Has anybody talked to them and told them they are f*cking insane?
Whoa. Harsh words, right? Devin Coldewey kinda sorta mostly unmasks the whole fix conversation.
What we saw a few weeks back was the initial wave of craziness and the first line of defense being established. But the work of protecting the billions of devices affected by these problems is going to go on for years as conflicts like this work themselves out.
What does Intel Itself have to say about all this after-the-fact noise?
We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.
In other words:
Here’s a patch. Fix it. Quickly.
Followed up by:
It doesn’t work right. Stop. Now.
Anybody else besides me see a problem here? Our household has two Macs, a few iPads, and two iPhones. All received the appropriate patches in recent updates. While I’m not too worried about someone sniffing out my iPhone or even my Mac to hack into what belongs to me, I do use the interwebs for personal commerce and corporate business so now we have to ask, “Just how safe is it to go online anymore?”
Amazon, Google, Facebook, and social media websites want to abscond with my personal information, the very chips that run everything in the world are subject to hacking, and the fixes by the powers that be may not be fixes after all.
For now, Apple remains silent. They say “silence is golden.” In this case it is not. Why? It’s been eight months already.
Meltdown and Spectre were discovered by Project Zero researcher Jann Horn, who reported the flaws to Intel, AMD, and ARM on June 1, 2017.
So, Apple. What’s going on? What about those patches? As of today, for the first time in a long time, I’m going to wait to apply any patches and updates to anything until after the digital dust settles awhile.