Has anyone seen spectre/meltdown used by an attacker in the wild yet? Also curious about rowhammer.
-
Show this thread
-
How come as a community we are willing to hype an attack to no end but never feel a responsibility to emprirically evaluate whether the hype was real?
5 replies 3 retweets 16 likesShow this thread -
Replying to @dwizzzleMSFT
What evaluation do you suggest? It's a useful primitive, but investing in developing it into a full attack when defenders are trying to mitigate it obviously reduces its value.
1 reply 0 retweets 2 likes -
Replying to @taviso
I have the example of negatively sampling attempts with instrumentation as part of the patch. That won’t measure successful attempts but could approximate volume. I’ll be the first to say it’s not perfect and I don’t have a perfect suggestion
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
We don't measure severity by number of compromises anymore, and competent attackers aren't just blindly running autopwn. If for some reason you just want a guesstimate for how many kiddies there are, then that's much easier but doesn't seem useful.
1 reply 5 retweets 17 likes -
Replying to @taviso
If you think measuring widespread attacks is not valuable I dunno what to tell you
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
I said "we don't measure severity by number of compromises", how do you get to "measuring widespread attacks is not valuable" from that?
1 reply 0 retweets 2 likes -
-
Replying to @dwizzzleMSFT
I meant isn't useful in this context - how many kiddies there are doesn't have any relationship to how bad things would have been if we didn't invest the effort into cleaning up rowhammer, but the instrumentation only measures how many kiddies there are.
1 reply 0 retweets 6 likes
Give me a guesstimate how much it would cost to turn speckhammer into a profitable professional azure compromise - $1M? You need staff, dev, ops, etc and it's risky. But once you patched it, seems really hard to recoup that. Instrumentation only measures opportunistic attempts.
-
-
Replying to @taviso
agree measurement has tons of limitations and also agree with costs. So let’s not measure anything?
1 reply 0 retweets 0 likes -
Replying to @dwizzzleMSFT
I want the data as much as you do, I just don't see how to get it. Is the popemobile useless because nobody has tried to shoot it? No, that doesn't prove the threat was overblown, if it wasn't there, someone could have tried...right?
2 replies 0 retweets 5 likes - 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.