A research paper describing new timing side-channel attacks derived from Meltdown and Spectre has been published. Here's a natural-language description.
My first insight is that this only applies to multi-core processors, (but how many people are running those?) My second insight is that cache coherency strategies are very similar in many multi-core chip designs, including some that have not seemed vulnerable to date. Expect this problem, and the approach to finding it, to keep producing new vulnerabilities.
From experience dealing with cache coherency problems I have to say that this is not something the classic teenage hacker working after school in his parent's basement will figure out. That won't matter if anyone anywhere does figure out how to exploit this proof of concept, and this escapes onto the Internet, the teenager will simply copy code and modify it for his own nefarious purposes.
If you want tight security, I would recommend processors with physically-isolated memory in separate boxes from those running untrusted code. This would present problems for little things like Google, Facebook or AWS.
New versions of Meltdown and Spectre
For discussions about security.
Message
Author
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
Jump to
- House Training
- ↳ Beginners Help ( Start Here)
- ↳ Users ( For the regulars )
- ↳ Für deutschsprachige Anhänger
- ↳ Pour les francophones
- ↳ Usuarios de habla Hispana
- ↳ HOWTO ( Solutions )
- ↳ Bugs ( Submit bugs )
- Advanced Topics
- ↳ Additional Software (PETs, n' stuff)
- ↳ Package Collections / Repositories
- ↳ REQUESTS
- ↳ Browsers and Internet
- ↳ Business
- ↳ Compiling
- ↳ Desktop
- ↳ Documents
- ↳ Drivers
- ↳ Educational
- ↳ Engineering/Science/Simulation
- ↳ Eye Candy
- ↳ Filesystem
- ↳ Games
- ↳ Graphics
- ↳ Multimedia
- ↳ Network
- ↳ Security/Privacy
- ↳ System
- ↳ Utilities
- ↳ Virtualization
- ↳ Unsorted
- ↳ Cutting edge
- ↳ Multi-session live-CD/DVD
- ↳ Hardware
- ↳ Audio
- ↳ Networking
- ↳ Dialup
- ↳ Ethernet
- ↳ Wireless
- ↳ Printers
- ↳ Video
- ↳ Puppy Derivatives
- ↳ Puppy Projects
- ↳ Next Puppy Development
- ↳ 4.x
- ↳ Bugs (4.x dev)
- ↳ Usability Issues (4.x dev)
- ↳ 5.x
- ↳ Bugs (5.x dev)
- ↳ Usability Issues (5.x dev)
- ↳ Localization Project
- ↳ Documentation Project
- Taking the Puppy out for a walk
- ↳ Announcements
- ↳ Puppy Power
- ↳ Suggestions
- ↳ Misc
- Off-Topic Area
- ↳ Programming
- ↳ Security
- ↳ Truly off-topic conversations
- ↳ Spam reports