2 Replies - 999 Views - Last Post: 04 January 2018 - 05:04 PM

#1 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14238
  • View blog
  • Posts: 57,114
  • Joined: 12-June 08

Is anyone tracking the Meltdown and Spectre vulnerabilities?

Posted 04 January 2018 - 02:53 PM

The going tag line is "javascript exploit can snag your OS memory dumps".. on all three major platforms... with the three major chip manufacturers..

Eeesh.

https://arstechnica....security-flaws/
https://arstechnica....merous-patches/
https://www.bleeping...pectre-attacks/

Is This A Good Question/Topic? 0
  • +

Replies To: Is anyone tracking the Meltdown and Spectre vulnerabilities?

#2 Martyr2   User is offline

  • Programming Theoretician
  • member icon

Reputation: 5257
  • View blog
  • Posts: 14,069
  • Joined: 18-April 07

Re: Is anyone tracking the Meltdown and Spectre vulnerabilities?

Posted 04 January 2018 - 03:14 PM

I have been following it and all I can say is what a mess. Takes me back to the time of heartbleed. :splat:
Was This Post Helpful? 0
  • +
  • -

#3 jon.kiparsky   User is online

  • Beginner
  • member icon


Reputation: 11126
  • View blog
  • Posts: 19,069
  • Joined: 19-March 11

Re: Is anyone tracking the Meltdown and Spectre vulnerabilities?

Posted 04 January 2018 - 05:04 PM

Each of them is potentially much worse than heartbleed, but it looks like they've got their arms around Meltdown, which was the immediate concern. The fact that they got so long to work on a remedy before it became public was a big help - all of the big cloud providers look like they're going to get the fixes in before anyone is able to really exploit this.
Apparently the fixes are a little painful from a speed perspective, so all of your web content is going to be pokey for a while, but there you go.

I'm still getting up to speed on Spectre, but it looks like that'll be a long slow heartburn.

More useful information at https://spectreattack.com (aka https://meltdownattack.com)


Key links:

Quote

Yes, there is an academic paper and a blog post about Meltdown, and an academic paper about Spectre. Furthermore, there is a Google Project Zero blog entry about both attacks.



The Register's reporting has been good, but somewhat hyperbolic. As far as I can see, their facts are fine but their editorializing should be ignored.
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1