Originally posted by Royi
View Post
I don't like having to follow what happens and what application suddenly becomes suspicious and what does not, or having to check for applications or sites or whatever. I don't run very intensive applications anyway, the bigger impact is for serious workloads, not for office work and watching cat videos.
I wonder how much of those attack are feasible not in a paper but actually used by hackers with limited resources (Not countries) without privileged access to the system.
The less skilled hackers only need to pay the price, add a payload and deploy it, so it's not like all hackers using some exploit are actually good enough to discover new stuff or be "real" hackers at all. It's a businness.
That said, malware using Spectre and Meltdown was detected in the wild pretty soon, around a hundred https://www.securityweek.com/malware...-flaws-emerges while still technically "using PoC code" (PoC = proof of concept, aka they took the same code used in the papers that found the vulnerabilities) it does mean there is interest in that, the malware found were mostly to "test the waters" so to speak.
Also javascript-based stuff.
At the end of january 2018.
Leave a comment: