Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Spectre could too, but again, my point was that I didn't hear of actual attacks on people in the wild, at least not on any scale that seemed to make the news. Is there a reason to believe this will be different?


>I didn't hear of actual attacks on people in the wild

You never would. It's a passive attack. It's measuring response time to normal operations to discover secrets.

https://mlq.me/download/netspectre.pdf

"Software based side-channel attacks are particularly unsettling since they do not require physical access to the device."


The first known Spectre-like concept was actually traced to Pentium 3 times in nineties.

It took 2 decades for everybody to forget about it before the vulnerability dismissed as "not exploitable in the practice" came back with a vengeance.


I'd really appreciate a link to this, sounds really interesting.


It's on Wikipedia (away from pc) on the meltdown article


It can take months or even years for proof-of-concepts to become widespread in the wild, particularly by those sloppy enough to be easily detected.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: