The discovery of yet another variant of Spectre vulnerability is not good news for already exhausted security experts or reporters, but there is something new in this story which offers a glimmer of hope. A collaborative team of researchers from Northeastern University and IBM found this newest design law using an automatic bug finding tool they designed, called Speculator.
They designed the tool to get around the largest hurdle security researchers face, the secrecy of AMD, Intel and ARM who are trying to keep the recipe for their special sauce secret, and rightly so. Protecting their intellectual properly is paramount to their stockholders and there are arguments about the possible effectiveness of security thorough obscurity in protecting consumers from those with nefarious intent but it does come at a cost for those hunting bugs for good.
Pop by The Register for details on how Speculator works.
"SplitSpectre is a proof-of-concept built from Speculator, the team's automated CPU bug-discovery tool, which the group plans to release as open-source software."
Here is some more Tech News from around the web:
- MAMR Mia – it's not just WD: Toshiba's popped to the microwave too @ The Register
- At least one major carrier lied about its 4G coverage, FCC review finds @ Ars Technica
- APC UPS 600VA BE600M1 Battery Backup & Surge Protector Review @ Legit Reviews
- Hydrogen Powered Nerf Blaster Is Dangerously Awesome @ Hackaday
- Ars Technica’s ultimate board game gift guide, 2018 edition
The “newest design law” that
The “newest design law” that they discovered is that all CPUs will have flaws or is there another “design law” that they discovered?
so, not funny then?
so, not funny then?
“Protecting their intellectual properly is paramount to their stockholders and there are arguments about the possible effectiveness of security thorough obscurity in protecting consumers from those with nefarious intent but it does come at a cost for those hunting bugs for good. “
I thoroughly dependent on security through obscurity. Thoroughly.
Ugh. Just stop sharing the
Ugh. Just stop sharing the damn cache. Simple fix and effective mitigation. There is no valid reason to share the cache and it’s simply creating these security holes. The cpu could still speculate but keep separate copies of the cache data if needed. Or not parallel execute threads that need access to the same memory.