Massive Intel Chip Flaw

Intel Logo

Intel Logo since 2006.

Some of the worst security news I have ever had, Intel CPUs Have a Major Security Flaw, Fixing It Causes a Huge Performance Hit.

“…Intel chips suffer from a fundamental flaw that affects all of the company’s modern CPUs…requires a software-based solution through the operating system, which in turn causes a performance hit of up to 30 percent.”

The flaw allows any regular program to write directly to protected kernel memory! Basically, forget sandboxes and isolation levels, any malware can do anything. This bug is a major MUST PATCH security issue!

“In the best-case scenario on Linux, performance takes a minimum hit of 17 percent. On Windows, that performance handicap can be 30 percent or higher. Newer processors may have the impact somewhat lessened, but not by much.”

“The problem does not affect AMD processors due to security protections baked within the company’s processors. If you’re running a Ryzen, you should be good to go.”

This is a disaster. The game players will be the first to absolutely lose it. Tech support centers fielding calls about how slow their user’s computer are will looking for cynide pills.

30% HIT IN SPEED IS GOING TO HAVE SOME LONG TERM CONSEQUENCES. AMD processors anyone?

To quote from the movie Aliens:

“That’s it, man. Game over, man. Game over! What the f**k are we gonna do now? What are we gonna do?”

Office 2007 Still In Use

IT Portal reports Two thirds of businesses still run Office 2007.

Spiceworks found that:

… 82 per cent of businesses in the UK, US and Canada are still using older, on-premise version of Office, with Office XP, Office 2003 and Office 2007 being used. Office 2010 is most commonly used, 43 per cent use Office 2013 and 17 per cent run Office 2016.

As a developer, I have one computer that still runs Office 2007 because I may end up writing a .net program that needs to access that version.

As to other companies using Office 2007, there are reasons. Some people don’t want to change. They know how to get what they need to get done done. Many companies figure that they have spent the money, have the product, and have no reason to change. Others don’t want to spend the time or money to re-train staff and spend money on upgrades. Neither is a small expense. There are lot of other solid reasons for not changing.

My attitude is that almost all companies should choose one of two paths. Either get on a Microsoft Office 365 program or go with LibreOffice. Either way, you will be far ahead of where you are now. The Office 365 program offers a lot of bang for the buck and is not so expensive as to be prohibitive. Office 365 is from $8.25 per user per month to $35 per user per month. I and my clients usually opt for “E3” $20 per month per user packages that cover everything I would ever need. LibreOffice is free and very powerful. LibreOffice is open source and has a very active developer base.

Do yourself, your employees, and your clients a favor, look into your options.

The Internet will eventually go down, but the world will continue

I’ve always believed that the internet will be taken down by a worm/virus/botnet, whatever. I assume, that after a while, it will return stronger and more secure. The fact that it has not happened in all of these years is a tribute to both TCP/IP design and operating systems that basically do what they are supposed to do.

A article in the Sun talks about the possibility that a gigantic new reaper botnet could bring down the internet. It could happen but probably won’t. Eventually, there will be world wide incident.

Businesses need to make sure they have, at least, the framework of a plan to cover while the internet is down. Those with cloud solutions should make sure they have local resources and the ability to access local backups.

If you are a individual user, you need to plan for a few issues. The ATMs might be down for a few days, so have a couple weeks of cash around the house. You may have trouble making online payments, so have the latest bills in hard copy. Make sure to patch your equipment as best you can with the latest updates. You might want to make sure you have a few books and movie DVDs laying around.

Final piece of advice, remember one thing. The world existed before the internet. It really is true! While the internet makes things run at a much faster pace, the world can take a step back and get things done without it for a while.

English MEP Windows XP Nightmare

I would hate to be an undercover cop in England!

Slashdot’s article, London Metropolitan Police’s 18,000 Windows XP PCs Is a Disaster Waiting To Happen points out a big problem. That is 18,000 potential nightmares that have access to highly private data.

They are working on upgrading to Windows 8.1. If they are as efficient as I expect them to be, the upgrade could be completed just after hell freezes over…

Unlike many, I’m not all that worried about the OS issue. I figure they have a Muhammadan insurgency about to kick off, so the police buildings will all be fire-bombed anyway. Maybe the decision makers are smarter than I thought.

Latest Threat: International Domain Name Attack

International characters in domain names can do things like make an address LOOK like apple.com but it is really in the Russian character set and has NOTHING to do with apple.com.

If you are using Chrome, no problems. Google has made it far more difficult for the bad guys. Firefox is not quite up to spec. In firefox type about:config in your url. Find the set network.IDN_show_punycode setting and change it to TRUE. Most browsers should be releasing a patch within the next week to deal with this security issue in a more robust manner. Update your browsers next week.

NSA Hacking Tools are Now In The Wild

An April 14, 2017 article in The Intercept states the worst case scenario has occurred with the NSA’a cyber attack package. According to the article, an entity called “The ShadowBrokers”,

“…today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.”

While the world has been worrying about North Korea, a potentially far worse disaster is in the making. A digital attack package, created by some of the most brilliant talent the United States has, is now in the hands of everyone. Script kiddies will shortly have access to an attack suite that has the potential to spread havoc around the world. The Russian hackers who specialize in cyber-crime have just been handed a tool package better than they have ever had access to before. Hostile governments will now have access to parts of the United States infrastructure that I do not want to even think about.

Instead of spending the next hour telling you just how bad this could be, just trust me, it is really bad. The important question right now is what to do about it?

My understanding is that the attack modules are just for “computers running version of the Windows operating system earlier than the most recent Windows 10”. If your computer is running Windows 10 with all of the patches, you may be safe… I doubt that you are, you will need to decide for yourself. Servers, especially Windows 2008, the most used version, are definitely vulnerable!

Individual home users, if possible, should strongly consider using Linux, Macs, and Chromebooks as much as possible and just don’t use Windows.

Office environments and servers are going to be a tricky problem. Many are still running Windows 7, 8, and 8.1. Pretty much all Windows servers are vulnerable. Now is the time to consider thinking outside the box. I consider good backups to be the first step in ANY security plan. If you are responsible for your company’s network, NOW is the time to leverage online, real-time backups of data. Consider upgrading to the latest and greatest version of Windows if you believe that the latest version is safe. If you are not current on updates, make that your first priority. I would have a couple of live versions of Linux ready to go. It is cheap insurance and will allow people to do some Office 365 stuff online while you are dealing with any issues that pop up.

While it is not much, that is all we can do for now. Realize that there are going to be major data leaks and disruption in the near future. If I was Microsoft, I would be pulling out all of the stops right now. If I were the NSA, I would be doing everything I could to help Microsoft BEFORE everything goes south…

Good luck!