undefined | Better HN

0 pointsforgot-my-pw8y ago0 comments

"We reported this issue to Intel, AMD and ARM on 2017-06-01"

What!

0 comments

cesarb8y ago

You know it's a bad one when Project Zero allows more than its usual 90-day deadline...

blattimwind8y ago

"Which systems are affected?" – "All systems." – "Come again?"

Ajedi328y ago

From the FAQ on spectreattack.com:

> Q: Am I affected by the bug?

> A: Most certainly, yes.

Scary.

Symmetry8y ago

If you're using an in order processor, a Nexus 9 tablet say, then you should be safe.

1 more reply

jsmthrowaway8y ago

Then front-runs the negotiated timeline anyway, catching projects like Xen off guard (it seems like)[0]. Will be interested to read the postmortem of the entire process from start to finish, and Xen is promising one from their perspective. I'd be especially interested to understand whether public intel was concrete enough to rush this out the door, because it didn't seem like it was, but I probably missed something.

[0]: https://xenbits.xen.org/xsa/advisory-254.html

londons_explore8y ago

I reimplemented variant 3 based solely on clues from twitter posts yesterday.

I am by no means a computer security guru - I just did a CPU architecture course at uni and figured I'd cowboy up an implementation. It worked nearly first time, and can read both kernel and userspace pages from userspace by fooling the branch predictor into going down the wrong path, and relying on the permission checks to be slower than the data reads from a virtually addressed cache. It can only access stuff already cached though, so you can't do a full memory dump with it.

baq8y ago

speculation was apparently hitting very close to home allowing attackers with resources (think nation states) to start developing their own tooling. at least this early announcement allows people with sensitive data to quickly move to dedicated instances.

edit: well it didn't take a nation state after all: https://twitter.com/brainsmoke/status/948561799875502080 - given that, you can be sure that everybody who counts is frantically launching these on your clouds gathering whatever they can.

static_noise8y ago

How much in advance do the intel managers have to register a stock sell?

taurath8y ago

The CEO dropped his stock holdings down to the minimum allowed by their board bylaws in December.

https://www.fool.com/investing/2017/12/19/intels-ceo-just-so...

PuffinBlue8y ago

For his sake, I hope longer than 6 months!

chc8y ago

You mean without getting whomped for insider trading? I don't think they're allowed to do it in advance at all.

static_noise8y ago

As far as I know they HAVE to register a trade in advance. I.E. three months ahead: "I will sell 600 shares on 15th of December if the share price is above 50". This information is public and other people can use this information before the trade actually happens.

2 more replies

j / k navigate · click thread line to collapse