I strongly belives that this news should have been exposed more. Not only it could potentially affect PC performance but it could also exposing crucial data, such as passwords and encryption keys.
BLOOMBERG
BLOOMBERG
Last week, his worst fears were proved right when Intel, one of the world's largest chipmakers, said all modern processors can be attacked by techniques dubbed Meltdown and Spectre, exposing crucial data, such as passwords and encryption keys. The biggest technology companies, including Microsoft Corp., Apple Inc., Google and Amazon.com Inc.are rushing out fixes for PCs, smartphones and the servers that power the internet, and some have warned that their solutions may dent performance in some cases.
"The processor people were looking at performance and not looking at security."
Spectre fools the processor into running speculative operations -- ones it wouldn't normally perform -- and then uses information about how long the hardware takes to retrieve the data to infer the details of that information. Meltdown exposes data directly by undermining the way information in different applications is kept separate by what's known as a kernel, the key software at the core of every computer.
On Dec. 3, a quiet Sunday afternoon, the Graz researchers ran similar tests, proving Meltdown attacks worked. "We said, 'Oh God, that can't be possible. We must have a mistake. There shouldn't be this sort of mistake in processors," recalled Schwarz.
Despite Fogh's encouragement, the Graz researchers still didn't think attacks would ever work in practice. "That would be such a major f*ck-up by Intel that it can't be possible," Schwarz recalled saying. So the team didn't dedicate much time to it.
The difference this time was that their work ended up "in the spotlight," according to Smith. They would have preferred to complete the work in secret.
Some in the cybersecurity community aren't so sure. Kocher, who helped discover Spectre, thinks this is just the beginning of the industry's woes. Now that new ways to exploit chips have been exposed, there'll be more variations and more flaws that will require more patches and mitigation.
"This is just like peeling the lid off the can of worms," he said.