Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • SplitSpectre, a new Spectre-like CPU attack

    Home Forums Code Red – Security advisories SplitSpectre, a new Spectre-like CPU attack

    This topic contains 1 reply, has 2 voices, and was last updated by  mn– 1 week, 1 day ago.

    • Author
      Posts
    • #238598 Reply

      Kirsty
      AskWoody MVP

      Researchers discover SplitSpectre, a new Spectre-like CPU attack
      Spectre-like variations continue to be discovered, just as academics predicted at the start of 2018.

      By Catalin Cimpanu | December 4, 2018

       
      Three academics from Northeastern University and three researchers from IBM Research have discovered a new variation of the Spectre CPU vulnerability that can be exploited via browser-based code.

      The research team says this new CPU vulnerability is, too, a design flaw in the microarchitecture of modern processors that can be exploited by attacking the process of “speculative execution,” an optimization technique used to improve CPU performance.

      The vulnerability, which researchers codenamed SplitSpectre, is a variation of the original Spectre v1 vulnerability discovered last year and which became public in January 2018.

      More on SplitSpectre can be found in an academic paper entitled “Let’s Not Speculate: Discovering and Analyzing Speculative Execution Attacks.”

      It’s no surprise that a new Spectre variation has come to light. The research team who found the initial Meltdown and Spectre attacks predicted this was going to happen. Members of that original research team published seven Meltdown and Spectre variations last month.

       
      Read the full article here

      3 users thanked author for this post.
    • #238800 Reply

      mn–
      AskWoody Lounger

      Yes, this was a known possible avenue of attack already in January.

      Firefox versions since then have a much-reduced timer resolution in the JavaScript engine to prevent this kind of thing, in Firefox 59 it’s 2 milliseconds… down from 5 microseconds in pre-Spectre releases. Interim versions have had resolutions like 20 microseconds (harder to attack but not completely secure).

      The ZDNet article notes that too.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: SplitSpectre, a new Spectre-like CPU attack

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.