No new coins or updates due to Meltdown vulnerability

News updates about the Prohashing pool
User avatar
Steve Sokolowski
Posts: 2818
Joined: Wed Aug 27, 2014 3:27 pm
Location: State College, PA
Contact:

No new coins or updates due to Meltdown vulnerability

Postby Steve Sokolowski » Tue Jan 09, 2018 2:47 pm

I just wanted to post a notice about this in the hopes of reducing the number of support tickets, and in the hopes that coin developers will take note and avoid forks.

We will not be installing any new coins, or upgrading any existing coins, until a resolution for the Meltdown vulnerability is available for Debian. The current version in the Linux repository causes boot problems, and when Chris tried to install it on a test system, it crashed the computer and required a reinstall. It is currently possible for coin developers to create "forks" that steal money from other coins installed on the same system, or on other virtual machines installed on the hypervisor. Therefore, we simply can't upgrade any coins until a fix is available.

We strongly recommend to all coin developers to hold off on new development until a well-tested fix for the vulnerability is available for Linux. We also recommend that exchanges reject all forks until this vulnerability has subsided. Any exchange or pool that installs coins on Linux systems is doing so at significant risk at the moment, unless the system is dedicated to running that single coin. By releasing forks during the next few weeks, developers risk splitting their networks or ending up with rejection of the new fork from security-minded exchanges and pools.

The following article: http://www.zdnet.com/article/the-linux- ... continues/, is a good overview of the current status of the Linux efforts. As you can see, Debian is still vulnerable to two of three major exploits. This issue is different than most vulnerabilities discovered for Linux because many of them are specific to particular services like Samba that are not installed on our barebones systems, or which would never affect us because the systems are not publicly accessible. With this issue, it's no longer possible to run untrusted code developed after the vulnerability became well known.

Some customers are owed payouts in coins that have forked since Meltdown was discovered. These payments will continue to be made on the fork we had installed on January 3. Once the vulnerabilities are fixed in Debian and that fix actually boots, we will also make the payments on the other fork, if all exchanges agree on that fork. We apologize for the inconvenience.
User avatar
Aura89
Posts: 211
Joined: Mon Oct 02, 2017 12:12 am

Re: No new coins or updates due to Meltdown vulnerability

Postby Aura89 » Wed Jan 10, 2018 12:28 am

Good ol' CPU vulnerabilities
spauk
Posts: 129
Joined: Wed Apr 27, 2016 7:33 pm

Re: No new coins or updates due to Meltdown vulnerability

Postby spauk » Wed Jan 10, 2018 7:36 pm

wow. mindblowing that linux has such vulnerabilities
User avatar
Aura89
Posts: 211
Joined: Mon Oct 02, 2017 12:12 am

Re: No new coins or updates due to Meltdown vulnerability

Postby Aura89 » Wed Jan 10, 2018 11:16 pm

spauk wrote:wow. mindblowing that linux has such vulnerabilities


It's not linux. I mean, sure, if they aren't able to patch and other OS's are able to, then it's a linux issue. But otherwise, this is a processor issue, mostly Intel, if not completely Intel.
spauk
Posts: 129
Joined: Wed Apr 27, 2016 7:33 pm

Re: No new coins or updates due to Meltdown vulnerability

Postby spauk » Thu Jan 11, 2018 2:02 pm

he said debian. where do you see anything related to cpu or intel?
spauk
Posts: 129
Joined: Wed Apr 27, 2016 7:33 pm

Re: No new coins or updates due to Meltdown vulnerability

Postby spauk » Thu Jan 11, 2018 2:30 pm

Aura89 wrote:
spauk wrote:wow. mindblowing that linux has such vulnerabilities


It's not linux. I mean, sure, if they aren't able to patch and other OS's are able to, then it's a linux issue. But otherwise, this is a processor issue, mostly Intel, if not completely Intel.

so what does this even mean for intel cpu owners? please specify
User avatar
AppleMiner
Posts: 739
Joined: Sat Sep 30, 2017 1:44 pm

Re: No new coins or updates due to Meltdown vulnerability

Postby AppleMiner » Thu Jan 11, 2018 6:11 pm

From wiki: https://en.wikipedia.org/wiki/Meltdown_ ... nerability)


Meltdown is a hardware vulnerability affecting Intel x86 microprocessors and some ARM-based microprocessors.[1][2][3] It allows a rogue process to read any kernel memory, even when it is not authorized to do so.[4]

Meltdown affects a wide range of systems. At the time of disclosure, this included all devices running any but the most recent and patched versions of iOS,[5] Linux, macOS,[5] or Windows. Accordingly, many servers and cloud services were impacted,[6] as well as a potential majority of smart devices and embedded devices using ARM based processors (mobile devices, smart TVs and others), including a wide range of networking equipment. A purely software workaround to Meltdown has been assessed as slowing computers between 5 and 30 percent in certain specialized workloads,[7] although companies responsible for software correction of the exploit are reporting minimal impact from general benchmark testing.[8]

Meltdown was issued a Common Vulnerabilities and Exposures ID of CVE-2017-5754, also known as Rogue Data Cache Load,[2] in January 2018. It was disclosed in conjunction with another exploit, Spectre, with which it shares some, but not all characteristics. The Meltdown and Spectre vulnerabilities are considered "catastrophic" by security analysts.[9][10][11] The vulnerabilities are so severe that, initially, security researchers believed them to be false.[12]

Several procedures to help protect home computers and related devices from the Meltdown and Spectre security vulnerabilities have been published.[13][14][15][16] Meltdown patches may produce performance loss.[17][18][19] Spectre patches have been reported to significantly slow down performance, especially on older computers; on the newer 8th generation Core platforms, benchmark performance drops of 2–14 percent have been measured.[20]
spauk
Posts: 129
Joined: Wed Apr 27, 2016 7:33 pm

Re: No new coins or updates due to Meltdown vulnerability

Postby spauk » Thu Jan 11, 2018 8:25 pm

x86, so not the 64 bit processors?
User avatar
Aura89
Posts: 211
Joined: Mon Oct 02, 2017 12:12 am

Re: No new coins or updates due to Meltdown vulnerability

Postby Aura89 » Fri Jan 12, 2018 4:56 am

spauk wrote:he said debian. where do you see anything related to cpu or intel?


Because i know what he's talking about....?

It's a CPU issue that OS's are having to patch and fix. Though from what i've read, i'm not certain OS's will be able to fully patch all of them, i believe a BIOS update will be required to fully patch these issues completely. Not certain of that, though. If so, however, it does make me a little worried for prohashing in regards to, they have (if i remember correctly) relatively old hardware. What this means is, there may never be a BIOS update for their hardware, and if that means it can't be fully updated, they'll likely need to purchase new hardware. Hopefully that's not the case as obviously that would be a financial expenditure as well as take time. If they do, if they go AMD, they won't have these issues it would seem.

spauk wrote:x86, so not the 64 bit processors?


x86 is the instruction set architecture(s), does not care if your PC is 64 bit, because it's still x86. In fact, 64-bit is actually x86-64.

Both intel and AMD processors are x86 processors. However, these issues, are really mostly affecting, if not only affecting, Intel processors, possibly as far back as 1995.

The reality is, if you are not that familiar with computers, the hardware, etc. And are trying to pick apart what people are saying to see if you are vulnerable or not (my only guess as to why you'd ask if it would not affect 64-bit processors), this is all you need to know:

If you have Windows, Linux, iOS and probably (but not guaranteed) any other potential OS out there, and you have an Intel processors that is either current, at or least from 1995 or later (if you have one before 1995, kudos to you...? lol) then these vulnerabilities affect you. What does this mean for you? Well, hopefully nothing. Hopefully before it starts actually affecting people, the OS's will be patched, and if it requires a bios update, hopefully the bios updates are released.

Who is online

Users browsing this forum: No registered users and 1 guest