Researchers Find Seven New Meltdown and Spectre Attacks
Click here to post a comment for Researchers Find Seven New Meltdown and Spectre Attacks on our message forum
Amx85
No no no no xD
fantaskarsef
These issues won't disappear in the years to come....
alanm
Yep, will always be something new. Even if spectre/meltdown resolved, something else will come along.
emperorsfist
Well, at least they're brand-agnostic 😉
fantaskarsef
Exactly. And Meltdown / Spetre are also here to stay as long as speculative execution / prefetching of certain things is a thing.
schmidtbag
Meanwhile, the mitigations revolving around the vulnerabilities HyperThreading are severe enough that you might as well just simply turn off HT in BIOS.
I'm not yet sure if Windows has been patched for that.
waltc3
Another false alarm, apparently, by "researchers" seeking publicity for themselves and their associated colleges. Intel writes:
The vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers. Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research
In other words, these holes have already been filled! ZDNet always seems to sensationalize things--I never go there, myself, anymore. Haven't for many years. Ah, the battle for page hits goes on! So funny how they put this response by Intel at the *bottom* of the article...;) There is nothing new to report here.
Yxskaft
Is the general consensus that the HT vulnerabilities are critical even for the average joe? Because 4C/8T CPUs would suffer a horrible performance decrease in modern games if losing HT.
Denial
What are you talking about?
https://arxiv.org/pdf/1811.05441.pdf
Here is the paper - Most of the authors were the ones who originally found spectre/meltdown. Doesn't seem like it's "seeking publicity".. just seems like they are publishing their research as any researcher would.
Also the paper concludes that the mitigations Intel is talking about don't block all the attacks here:
And even if they did block all the attacks how is that relevant to the research in the paper? Numerous machines aren't being updated and the attack vectors are new and can potentially lead other researchers into ideas that aren't mitigated. This is how science works, you build off the previous work of others and share it.
WareTernal
Should the 'average joe' even care?
To get 'hacked', a professional 'security researcher' would bring his lab to your house, then he would stay there for weeks while you play games as he tries to steal a few bytes from your CPU's cache in hopes of getting your Steam password to steal your trading cards :O
schmidtbag
I'm not really sure. I personally would argue no, but it would be irresponsible of companies like Intel, AMD, IBM, MS, and so on to say that it isn't, because in doing so, that basically just welcomes hackers to find a way to exploit it, where it is basically guaranteed to not be prevented. In other words, as long as malware devs are led to believe that a known vulnerability will go un-mitigated, they can effortlessly take advantage of that.
However, I don't think the average gamer really has anything to worry about at all (in terms of keeping HT on without mitigations). I would imagine that most single-threaded applications aren't really in danger either, so long as they lock down their core so another malicious thread in the pipeline can't sneak in with execution prediction.
Astyanax
This is exactly it, for the end user, protection mechanisms implemented in the browser code are enough for peace of mind.
schmidtbag
Actually no, it isn't. Kind of the point why these vulnerabilities are so scary is current protection mechanism can't detect them. This is why there's new microcode that basically causes unanimous performance losses.
Astyanax
Yes, actually it is. The only people who are at risk from this crap are companies at risk frpm long term espionage and spying.
No low profile hackers after a quick data leak will be using them, to claim otherwise is to be completely ignorant of the blackhat landscape.
Venix
Oh no no no, they will drink all my beer!
schmidtbag
I would agree with that (hence the post I made before yours). But, that doesn't mean your web browser is going to protect you from this kind of stuff, in the event such a thing were ever made in the first place.
tsunami231
and it begin again let public panic begin anew,
sverek
The scariest attack of them all.
sverek
Especially beware of triggered kids trying to hack your IP address (127.0.0.1) 😀
But yeah, as far as you keep your router well maintained and aware of basic security risks, getting into your PC from outside not gonna be an easy task.
Much easier to direct victim to phishing site / program and let it take care of itself.
emperorsfist
Well, good thing I don't frequent these communities at all, right? I mean, I don't even shitpost! In this day and age, where farting the wrong way on Facebook can get you kicked out of a job for being a "sexist fascist nazi pig", or a "marxist regressive leftist cuck", one has to be ever vigillant and careful of what (s)he says... Right...
