Intel, Specter, Spector discussed on Security Now

Security Now


Lid on this nothing being said yet publicly hice got on the inside and had some dialogues and under agreement of complete secrecy is as like no there's no specifics yet but they have verified with second and third parties that the all of their coverage of this intel has internally classified four of the eight new spectre n g vulnerabilities as high risk the remaining four r rated as medium according to hisas research the risks and attack scenarios for the specter engy flaws are similar to those for specter with one important exception one of the specter n g flaws simplifies attacks across system boundaries to such an extent i can't wait to learn what this is because i'm really curious i mean that they you know as we know there there was some early meltdown proof of concept because it was easy to do but it was also easier to mitigate that was the the cash the caching attack a an attack against cashing that was easier to fix there were never really any specter proof of concepts there was just the specter of specter this looks like something easy they said it it simplifies attacks across system boundaries to such an extent that the threat estimate is significantly higher than it ever was with spector specifically an attacker could launch exploit code in a virtual machine and attack the host system from there the server of a cloud host for example alternatively it could attack the vm's for other customers running on the same server and intel's software guard extensions which are designed to protect sensitive data on cloud servers are not specter safe heiss believes that intel is planning.

Coming up next