This article made it easier for me to understand how various independent researchers could have arrived at the same discovery around the same time. It seems like Fogh was informally pushing the idea in private discussions, and then after Horn found the first PoC and notified Intel, other researchers got suspicious by the patches being submitted and put 2 and 2 together.
"Last week, his worst fears were proved right when Intel, one of the world’s largest chipmakers, said all modern processors can be attacked by techniques dubbed Meltdown and Spectre".
Seems like a sneaky reporting by Bloomberg - has Intel actually said that "all modern processors can be attacked by ... Meltdown"?
> Spectre fools the processor into running speculative operations -- ones it wouldn’t normally perform -- and then uses information about how long the hardware takes to retrieve the data to infer the details of that information.
After reading several in-depth analysis of this vulnerability and then trying to explain my non-tech friends what this is all is about (disclaimer: I'm just a developer and don't work with assembly, processors or security), I have to admit that it's a pretty awesome executive summary of the issue for a non-technical reader.
> Last week, his worst fears were proved right when Intel, one of the world’s largest chipmakers, said all modern processors can be attacked by techniques dubbed Meltdown and Spectre, exposing crucial data, such as passwords and encryption keys.
Intel was extremely lucky that Spectre was discovered at the same time as Meltdown, otherwise Intel would've been standing alone facing the industry.
Having read the tech reports myself, the interviewee on the Bloomberg report seemed to be most sensible talking head I've yet seen in the media. While most of the press are shouting that we're all pwned and it's Intel's fault or Apple's fault, or whoever, I'm of the opinion that this is one seriously difficult bug to exploit.
The speculative branch predication vulnerability seems to basically depend on finding a specific instruction sequence in the target code and then going to some extraordinary lengths to exploit it via a highly convoluted side-channel.
My first thought when I started to appreciate the technical details were that this was a Bletchley Park level of exploit, or "nation state" as the man in the interview said. And whilst it's completely possible that the exploit could be packaged up for script kiddies, it seems to me unlikely that someone with the necessary skills would do that, because the return would be too low. But states spying on each other: that seems a much more likely scenario for this.
Is this Brian White for real?
Host: Who could exploit this vulnerability...? White: Those that have significant resources, for instance, Google... (mentions nation-states much later)
Nice FUD there.
White: what is important here, there are no known attacks ongoing right now...
Nice argument from ignorance there.
White: there is a lot of things we don't know but it reinforces two things to me, one is that increasingly the software we are operating is quite secure, coz now we are looking at kernel level problems...
Nice false cause fallacy.
Is it just me who now thinks there should be some gigantic holes in processor security, which were just never stumbled upon before, but now will?
Similarly how there was a long and happy life of flash plugin before it was recognized as a massive vulnerability surface?
I didn't see any mention of weather Linus et al were on the inside of this. The impression I get from the article is that they weren't. But that must be wrong, right?
Headline hyperbole. Applications of high end CPU suffer. That AVR-equipped light bulb doesn’t, nor do voltage regulators or DRAMs (though they could suffer if fewer devices are built...which won’t happen)
Not really a semiconductor issue. I doubt the guys working on analogue ICs are working overtime on this.
How long have the intelligence agencies known about and been exploiting these defects?
The narrative sounds a bit like the story of Chernobyl. Except with less (for now) human suffering.