jm + spectre   3

‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown
“Our first priority has been to have a complete mitigation in place,” said Intel’s Parker. “We’ve delivered a solution.” Some in the cybersecurity community aren’t so sure. Kocher, who helped discover Spectre, thinks this is just the beginning of the industry’s woes. Now that new ways to exploit chips have been exposed, there’ll be more variations and more flaws that will require more patches and mitigation.
"This is just like peeling the lid off the can of worms," he said.
meltdown  spectre  speculative-execution  security  exploits  intel  amd  cpus 
3 days ago by jm
Notes from the Intelpocalypse [LWN.net]
What emerges is a picture of unintended processor functionality that can be exploited to leak arbitrary information from the kernel, and perhaps from other guests in a virtualized setting. If these vulnerabilities are already known to some attackers, they could have been using them to attack cloud providers for some time now. It seems fair to say that this is one of the most severe vulnerabilities to surface in some time.

The fact that it is based in hardware makes things significantly worse. We will all be paying the performance penalties associated with working around these problems for the indefinite future. For the owners of vast numbers of systems that cannot be updated, the consequences will be worse: they will remain vulnerable to a set of vulnerabilities with known exploits. This is not a happy time for the computing industry.
hardware  cpus  intel  amd  spectre  meltdown  security 
13 days ago by jm
Nicole Perlroth's roundup on the Spectre and Meltdown security holes
Excellent roundup -- this really is amazingly bad news for CPU performance and fixability
meltdown  spectre  nicole-perlroth  security  cpu  performance  speculative-execution  intel  amd  arm 
13 days ago by jm

Copy this bookmark:



description:


tags: