MODS: sorry if this posted about already or in wrong place - I did a search for spectre and meltdown, found no post yet with same. ALSO ..I am having issues with my posts disappearing if I edit them ..
 
‘Spectre’ and ‘Meltdown’: New CPU vulnerabilities affect most smartphones and computers
 

The tech industry has been all a buzz over the last 48 hours with talk about a fundamental flaw in Intel’s CPUs that makes it easy for malware to steal sensitive data (like passwords, cryptographic keys and banking information) directly from memory, memory that would normally be off limits. We now have the first concrete details about the issue, and as it turns out, there are actually two vulnerabilities, dubbed by security researchers ‘Meltdown’ and ‘Spectre’ and they affect other platforms besides Intel’s.

 
These two vulnerabilities are HARDWARE VULNERABILITIES independent of your OS & software. They effect all your devices whether Windows, OS X, Linux and Android.
 
From the other article below:
 

A complete fix for Meltdown and Spectre is going to require a CPU replacement. As CERT says, the solution is to “Replace CPU Hardware”.

 
The Impact of Meltdown & Spectre Vulnerabilities
 
I urge ye to read both or especially the Defiant article on this.
 
By the looks of this .. it could be MASSIVE. It potentially renders many legacy devices in place as major security risks and untrustable?
 
Apparently the OS patches coming shortly could also drop the machines performance by up to 30%
 
Again i stress .. these are HARDWARE VULNERABILITIES in your Processor Chip & it effects Apple, Windows, Linux & Android plus I imagine any other device using similar intel chips ..
 
Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers
 

Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM.

 
So thats pretty much affecting everything?
 
With this 30% performance hit and new major OS patches coming fast .. I wonder could this have major affect on SONAR? Could this be the one??

For Windows 5-30% performance hit.
Sonar runs on Windows.
Patch will be applied this Tues or first Tues in Feb.
You could try to delay updates if you Windows 10 Pro via group policy.

https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/
 
How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws
 
 

Meltdown and Spectre: How chip hacks work

As technology companies race to fix two major vulnerabilities found in computer chips, the ways in which those chips could theoretically be targeted by hackers are becoming clear.
Collectively, Meltdown and Spectre affect billions of systems around the world - from desktop PCs to smartphones.
So why are so many different devices vulnerable - and what is being done to fix things?

 
Quick interesting article for you if into wanting to know how these two vulnerabilities work and how they can be used. Not too technical.
 
It would seem the patches coming out resolve meltdown, but Spectre will be harder to fix.
 

Patching Spectre is going to be harder because the weaknesses it exploits are used so widely on modern machines.
Processors try to break requests into multiple tasks they can deal with separately to gain any amount of speed improvement where they can, even on a small scale.
Many of the ways they do this look like they can be monitored via Spectre to gain information about what the chip is up to.
Patching this directly - essentially changing the way these chunks of silicon work - probably won't be attempted initially, but altering the way that other bits of software on computers work to prevent exploitation of Spectre should help limit the risk to users.
More worryingly, the researchers who found the bug said the "practicality" of producing fixes for existing processors was "unknown".

CakeAlexSHere
For Windows 5-30% performance hit.

More accurately, it’s a potential 5-30% (some industry sources say 200%) performance hit on some operations carried out by cpus. Software that calls a lot of those operations will be hit harder than software that doesn’t.

For what it’s worth Apple released High Sierra 10.13.2 update nearly a month ago and it contained their Meltdown patch. The noticable effect on any of our Macs has been zero. The one running Logic has needed no increase in audio buffers, and seems quite unaffected in any other way.

It seems the other computer use that hits cpus hard, gaming, isn’t affected much either.

It’s server/Cloud farms handling big databases and web servers that will he hit hardest because what they do does use the affected cpu calls a lot.

Yes .. the Meltdown vulnerability is the easiest one to resolve it seems. The OS patches should sort.
 
However the problem one is SPECTRE. Seems no patch for this yet and maybe never which gives us headlines like in this fridays FT:
 

Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch
 

Because of the nature of Meltdown and Spectre, the patches have to come at the OS level, and there's a possibility of performance loss. On the upside for consumers, desktop computing and gaming may not be as affected as other intensive tasks more commonly seen in server and database applications.

 
For those interested .. Loads of tests on the before / after applying MELTDOWN patch with respect to performance.
Note - there is no SPECTRE patch as of yet as far as I know. The above is just the recent patches released which apparently just patched MELTDOWN.

Just received an update to my Firefox browser today that is intended as a short term mitigation for the Spectre attack.
 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
 
 

An added problem is that there is speculation that an OS software patch alone will not work without an updated BIOS. Considering the incredible variety of motherboards and BIOS versions available, and the limited resources of many motherboard manufacturers, it is likely that no such BIOS updates will be available in the near future (if ever) for many systems.

Best advice...remain calm, don't panic! 
 
This is click bait news at the moment!  The exploits are theoretical proof of concepts, that will be mitigated eventually.
 
I will keep up with the news, and update as needed.  Using system images from which I can easily roll back the updates from, if needed due to problems introduced by the updates.