A class action filed in a US federal court in San Jose, California, states that Intel was informed about the Downfall vulnerability in 2018, but the company...
I think people seriously underestimate how difficult speculation bugs are/were to predict and to fix, particularly in the first few years after Spectre. Spectre effectively opened up a whole new field of research into vulnerabilities and prevention.
It’s not about whether the exploit works but about how well you can retrieve actionable data using it.
Most of these exploits rely on the data being accessed by the same core that’s running the exploit. That greatly limits their practicality in an attack on a client system.
Not really, there are plenty of things you can do to get around that. It also has been proven many of these bugs, while hard to pull off, can be used to great effect. Most security practitioners don’t have the technical understanding to accurately understand the impact of these types of vulnerabilities and are used to being the smartest people in the room, so sometimes understate the impact of these vulnerabilities.
This exact thing played out with a number of silicon or microcode vulnerabilities… “well, it only impacts cloud providers, oh, I guess it does impact desktops, but it’s limited to a single core, oh, there is a memory controller that can access things across cores, oh…”.
Unless someone has experience with HDL or has an extensive low level background, I would encourage people to take what they say with a grain of salt.
I think people seriously underestimate how difficult speculation bugs are/were to predict and to fix, particularly in the first few years after Spectre. Spectre effectively opened up a whole new field of research into vulnerabilities and prevention.
They’re basically impossible to exploit in the real world. They’re really just a minor issue overall, but still an issue.
Uh, no they aren’t. If code can be executed, these bugs can be exploited.
Like how everyone said spectre was a nothingburger and then there was a JS based POC.
It’s not about whether the exploit works but about how well you can retrieve actionable data using it.
Most of these exploits rely on the data being accessed by the same core that’s running the exploit. That greatly limits their practicality in an attack on a client system.
A server environment is more vulnerable, though.
Not really, there are plenty of things you can do to get around that. It also has been proven many of these bugs, while hard to pull off, can be used to great effect. Most security practitioners don’t have the technical understanding to accurately understand the impact of these types of vulnerabilities and are used to being the smartest people in the room, so sometimes understate the impact of these vulnerabilities.
This exact thing played out with a number of silicon or microcode vulnerabilities… “well, it only impacts cloud providers, oh, I guess it does impact desktops, but it’s limited to a single core, oh, there is a memory controller that can access things across cores, oh…”.
Unless someone has experience with HDL or has an extensive low level background, I would encourage people to take what they say with a grain of salt.