The discovery of yet another variant of Spectre vulnerability is not good news for already exhausted security experts or reporters, but there is something new in this story which offers a glimmer of hope. A collaborative team of researchers from Northeastern University and IBM found this newest design law using an automatic bug finding tool they designed, called Speculator.
They designed the tool to get around the largest hurdle security researchers face, the secrecy of AMD, Intel and ARM who are trying to keep the recipe for their special sauce secret, and rightly so. Protecting their intellectual properly is paramount to their stockholders and there are arguments about the possible effectiveness of security thorough obscurity in protecting consumers from those with nefarious intent but it does come at a cost for those hunting bugs for good.
"SplitSpectre is a proof-of-concept built from Speculator, the team's automated CPU bug-discovery tool, which the group plans to release as open-source software."
Here is some more Tech News from around the web:
- MAMR Mia – it's not just WD: Toshiba's popped to the microwave too @ The Register
- At least one major carrier lied about its 4G coverage, FCC review finds @ Ars Technica
- APC UPS 600VA BE600M1 Battery Backup & Surge Protector Review @ Legit Reviews
- Hydrogen Powered Nerf Blaster Is Dangerously Awesome @ Hackaday
- Ars Technica’s ultimate board game gift guide, 2018 edition