Web lists-archives.com

“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws




https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-fladdws/U


TL;DR

 Windows, Linux, and macOS have all received security patches that
 significantly alter how the operating systems handle virtual memory in
 order to protect against a hitherto undisclosed flaw.
...
 In the immediate term, it looks like most systems will shortly have
 patches for Meltdown. At least for Linux and Windows, these patches
 allow end-users to opt out if they would prefer. The most vulnerable
 users are probably cloud service providers; Meltdown and Spectre can
 both in principle be used to further attacks against hypervisors,
 making it easier for malicious users to break out of their virtual
 machines.
...
 For typical desktop users, the risk is arguably less significant. While
 both Meltdown and Spectre can have value in expanding the scope of an
 existing flaw, neither one is sufficient on its own to, for example,
 break out of a Web browser.

Apparent moral of story for CPU: don't speculate (but it's significantly
*slower*).

-- 
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell