Saturday, May 05, 2018

Use a Computer? You're Cooked.

Not that this is a BIG surprise--but it's a disappointment, anyway.

The so-called Spectre vulnerability, making it easier to hack into computer systems thanks to the way modern microprocessors handle branch conditions, has been of concern for several months.  However, it now appears that the problem is much, much worse than originally feared....

Spectre has a Big, Nasty, Brother:  Spectre-NG.  It eats Intel processors for breakfast.

One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap. Intel's Software Guard Extensions (SGX), which are designed to protect sensitive data on cloud servers, are also not Spectre-safe.
Peter comments, summing up:

...any program (or hacker) gaining access to the central processing unit at this level can bypass almost every computer security program ever written.  Its implications for data privacy and control are absolutely horrendous. ...

Have a nice day!

No comments: