​The Return of Spectre

214

The return of Spectre sounds like the next James Bond movie, but it’s really the discovery of two new Spectre-style CPU attacks.

Vladimir Kiriansky, a Ph.D. candidate at MIT, and independent researcher Carl Waldspurger found the latest two security holes. They have since published a MIT paper, Speculative Buffer Overflows: Attacks and Defenses, which go over these bugs in great detail. Together, these problems are called “speculative execution side-channel attacks.”

These discoveries can’t really come as a surprise. Spectre and Meltdown are a new class of security holes. They’re deeply embedded in the fundamental design of recent generations of processors. To go faster, modern chips use a combination of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it’s called on. This way, no time is wasted if your application goes down that path. Unfortunately, Spectre and Meltdown has shown the chip makers’ implementations used to maximize performance have fundamental security flaws.

Read more at ZDNet