It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Good point there, but wouldn't put the following past them:
originally posted by: TheAiIsLying
a reply to: JanAmosComenius
I agree with you on that one. It's not even really laziness on the part of developers but the demand from consumers that cpu's will always be backward compatible. How many years did the BIOS show that there was 640k of memory available?
Thoughts?
Is it possible that the guys that accidently unearthed these bugs stumbled upon a backdoor that the alphabet agencies demanded that chip makers put in?
originally posted by: tkwasny
Lessons to be learned: Don't type anything on any machine your are logged into or that can be somehow traced back to you as the source that you wouldn't want the NSA or your momma to see. That includes machine that are not online but at some point connect to the outside world via bluetooth, proximity sensor devices, Wifi, LAN, everything.
These are local attacks: Both Meltdown and Spectre are local attacks that require executing malicious code on a target machine. This means that these attacks are not (directly) drive-by style remote code execution attacks – think Nimda or Code Red – and that systems cannot be attacked merely by being connected to a network.
Conceptually, these are closer to privilege escalation attacks, a class of attacks that help you get deeper into a system you already have access to. With that said however, researchers have shown that they can perform Spectre-based attacks using JavaScript, so it is possible for a web browser to pull a malicious JavaScript file and then attack itself in that fashion.
These are read-only (information disclosure) attacks: Along with not directly being remotely exploitable, even if Meltdown and Spectre attacks are executed on a local system, the nature of the exploit is that these are read-only attacks. That is, they can only read information from a system. They cannot directly force code execution in the OS kernel, in other virtual machines, or other programs.
These sort of information disclosure attacks can still be devastating depending on what information is leaked – and there is always the risk of using that information to then chain it into a code execution attack – which is why they’re still concerning. But the real risk is in hostile parties using these attacks to steal information, not to control a system.
originally posted by: Maverick7
There are people out there who can reverse engineer these patches by decompiling them. I'd suggest waiting until they have some time to do that. Watch for suspicious deaths.
What would clue me in is if these were force-pushed on us, such that you can't not install them. If it's voluntary then it's less likely that they are backdoors, IMO.
Good post, OP.
originally posted by: bigfatfurrytexan
a reply to: KARARYU
30% loss in processing...when i read that my first 2 thoughts:
- thats gonna piss off gamers and people rendering 3d, maybe making their cpu obsolete for the technology being used
- sounds like someone is crowdsourcing processing power for some agregate tasks like a neural net
originally posted by: bigfatfurrytexan
a reply to: KARARYU
30% loss in processing...when i read that my first 2 thoughts:
- thats gonna piss off gamers and people rendering 3d, maybe making their cpu obsolete for the technology being used
Won't THE PATCHES THEMSELVES be SLAVEWARES in disguise that can thrive on the processing power of billions of machines simultaneously, once installed, aiming at, for instance, mining cryptocurrency or, compromising our already almost none online privacy?