The Spectre/Meltdown naming makes it easy to forget there are in fact *three* distinct vulnerabilities, each requiring separate mitigations. Here’s an overview:https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html …
-
Show this thread
-
Variant 1 enables out-of-bounds memory reads in code that was previously thought to be safe. This vulnerability affects specific sequences within compiled applications, which must be addressed on a per-binary basis (e.g. browser patches).
1 reply 2 retweets 2 likesShow this thread -
Variant 3 is analogous to variant 1, except it enables reading from kernel memory that’s available in the same address space. For Linux, the fix is KPTI (Kernel Page Table Isolation); other operating systems have similar mitigations.
2 replies 2 retweets 1 likeShow this thread -
Replying to @mathias
i’m sorry, can you put this in terms of bathroom usage at a party?
1 reply 1 retweet 6 likes -
Replying to @jedschmidt
Variant 1: someone falsely convinces
@jaffathecake he’s presenting in 5 minutes, making him want to speculatively pee. While doing so, he accidentally drops his password-engraved headphones in a urinal. An attacker perusing the next urinal observes this and steals the password.1 reply 3 retweets 13 likes -
Replying to @mathias @jedschmidt
Variant 2: the same, except the attacker was in a closed toilet stall, and
@jaffathecake didn’t even want to pee at all.2 replies 1 retweet 7 likes
Variant 3: the same, except the attacker was in another bathroom.
-
-
Replying to @mathias
this may well be this issue’s most accessible-to-laymen summary on the internet.
0 replies 0 retweets 9 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.