You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Allow me to summarize x86 side channel attacks: Spectre v1: speculation is insecure by design Spectre v2: secure branch prediction matters Meltdown: Intel are dumbasses L1TF: Intel are monumental, inexcusable dumbasses PortSmash: hyperthreading is insecure by design
And yes, Spectre v1 and PortSmash aren't going away. Anyone who knows anything about CPUs knew PortSmash was theoretically possible for years (just someone bothered to finally implement it). Disable HT or petition OSes to do security-domain-aware HT by default.
Also PortSmash should be adaptable to AMD systems with HT (i.e. Zen) and also all the POWER stuff. And it gets worse, because under more specific circumstances and with cleverer exploits, the side channels go beyond HT and to shared caches too.
Ultimately, computing needs to come to terms with the fact that any time there is *any* shared resource, that's ripe for side channels. This includes main memory and peripheral devices. It's worse and more insidious the lower level and more tightly coupled you make it, like HT.
Are you sure it's not "Intel sacrifices security for performance and hopes nobody notices"? On second thought, that's just a more specific case of "monumental, inexcusable dumbasses", isn't it?
L1TF and Meltdown were caused by Intel not adding a bunch of AND gates into their CPU. I guess they saved some picoseconds in a critical path somewhere by not doing that? I think it's a cultural issue (not considering side channel security AT ALL).
ARM was affected by Meltdown as well ...
Only on one core, and yes, they're just as dumb for that one. There's the "a" variant but, while that was also dumb, the impact is a lot smaller (just ASLR leaking mostly).
and there are 10 other attacks that you didn't put in you summary!
CacheBleed, MemJam, PrefetchSideChannel, TLBleed, RetSpectre, Other spectre variants, various attacks on L1,L2,L3 cache, Various attacks on arithmatic units are all serious x86 side channels.
You realize that Apple, IBM, and probably a few others also had Meltdown vulnerabilities, right? It’s not like Intels engineers were unique in their TLB design.
Meltdown is not about the TLB, it's about their CPUs speculating on data that has not passed privilege checks. ARM also managed to screw it up but only on one core. Yes Apple and IBM also messed up. They're all dumbasses, but then Intel went "hold my beer" and L1TF happened.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
