Specter, Intel, Google discussed on Security Now

Security Now


Special and tell the world about intest so be really fun yes and lastly specter next gen now what we i guess it shouldn't be a surprise and it's really kind of not because as i said i was surprised that intel was even able to fix this kind of problem in the microcode and as we know they were not able to fix it on all of their architectures there earlier architectures didn't have the flexibility necessary in microcode to to essentially add unplanned for instructions to give operating systems the control needed over branch prediction in order to mitigate the vulnerability but the greater problem is that four ever ever since we began trying to squeeze more processing power out of our chips we've been willingly ignoring the fact that to do that processors have been storing the history of code execution in sort of doing a mini version of of on the fly compilation that is you know if if you're if you're watching branches that are taken and not and remembering whether that they're taken or not and then using them to speculatively execute the branch you expect to be taken next time then you're storing state based on what the code has done and if you then switched the context back to a different process it can cleverly figure out how the processors behavior has been modified by the code that was previously running that represents an a cross process boundary information leakage and that's specter so what has come to light the site hice dot d e h e i s e dot d e had the first coverage of this there are eight new cv e numbers that have been allocated bug identifiers but their contents are currently being kept secret google's project zero has discovered one of eight new spectre flaws this is they're being called spectre n g for next gen intel has internally classified and this is all still come as a complete kona silence.

Coming up next