Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. spectre
    Log in to post

    • Spectre, Meltdown researchers unveil 7 more speculative execution attacks
      News • security ars technica intel cpu meltdown spectre • • mlnews  

      1
      1
      Votes
      1
      Posts
      155
      Views

      No one has replied

    • Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical
      IT Discussion • intel amd meltdown spectre • • IRJ  

      7
      3
      Votes
      7
      Posts
      607
      Views

      @kelly said in Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical: @tim_g said in Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical: Wow.... But how practical is it to not only first exploit the Spectre vulnerability, but then to get any useful data from most likely other unknown shared VMs on the same box? (really, only on a shared hosting provider host is where 99.9% of the threat is) This stuff is discarded speculative cached data... maybe a thumbnail you won't be viewing (if it goes that big), or maybe a few bits leading in that direction... maybe credentials (that are encrypted anyways)... It seems like all you can do is "fish" for unknown discarded speculative data... it doesn't really sound like a huge practical threat, however, I do see the severity and horrible potential of it, just not the practicality. Here is how I see it playing out in the larger world. Bad actors will be spinning up VMs on hosting providers' hardware, and then trolling for data of cohosted VMs. It isn't a large problem in a secure environment where the list of people who can spin up VMs also have the credentials necessary to make a Spectre-ng attack a waste of time and energy. Also worth noting, in a cloud environment the data that can be caught this way is essentially random and ephemeral. What works today won't work tomorrow, and whose data you are getting is normally unknown. The scale and anonymity of cloud computing makes these attacks more possible, but less effective, almost to the point of useless.
    • ML May 2 Planned Downtime
      Announcements • mangolassi patching meltdown spectre • • steve  

      9
      7
      Votes
      9
      Posts
      745
      Views

      FFS that is when I was planning to tag all my old threads.
    • Spectre and Meltdown Patches Causing Trouble as Realistic Attacks Approach
      News • security ars technica intel meltdown spectre • • mlnews  

      1
      0
      Votes
      1
      Posts
      477
      Views

      No one has replied

    • Basics of Spectre and Meltdown Video
      News • intel video cpu meltdown spectre • • mlnews  

      20
      2
      Votes
      20
      Posts
      1248
      Views

      @scottalanmiller said in Basics of Spectre and Meltdown Video: or not on Intel, Spectre is everyone. So my point still stands here.
    • Intel Meltdown and Spectre Vulnerabilities and the Scale HC3
      Scale Legion • scale scale hc3 intel meltdown spectre • • scale  

      1
      3
      Votes
      1
      Posts
      419
      Views

      No one has replied

    • Spectre and Meltdown fixes: How will they affect storage?
      News • storage el reg meltdown spectre • • scale  

      1
      2
      Votes
      1
      Posts
      559
      Views

      No one has replied