Thursday, 28 February 2019
Software alone can’t save us from Spectre-class vulnerabilities in modern CPUs. That’s the scary conclusion from a bone-dry research paper penned by Google engineers.
Be afraid. Be very afraid. Because there’s no evidence that CPU vendors are actually taking this thing seriously—even though they’ve known about it since June 2017 (perhaps even longer than that).
So all we have are code fixes that slow down our infrastructure without fixing the underlying problem. In this week’s Security Blogwatch, we run for the hills.
Read more: techbeacon.com/security/google-spectre-cant-be-fixed-panic-now