Announcement

Collapse
No announcement yet.

Google Engineer Uncovers Holes In Linux's Speculative Execution Mitigations

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by hotaru View Post
    these are just gaps in the mitigations that allow people to exploit the underlying flaws that the mitigations are supposed to protect against in certain circumstances.
    Ahhh. In other words, the mitigations have their own security holes, exactly like I said and like many of us predicted. Thank you for verifying that.

    Comment


    • #12
      Originally posted by andyprough View Post
      Ahhh. In other words, the mitigations have their own security holes, exactly like I said and like many of us predicted. Thank you for verifying that.
      The point is that these aren't bugs that allow someone to exploit the mitigations themselves, there is no new vulnerability. So in what way are they creating "their own security holes" as you previously stated?

      Comment


      • #13
        2,5 years after all these vulnerabilities were discovered we still have zero exploits using them. So much drama every time.

        Comment


        • #14
          Originally posted by birdie View Post
          2,5 years after all these vulnerabilities were discovered we still have zero exploits using them. So much drama every time.
          [citation needed]

          Comment


          • #15
            Originally posted by pixelherodev View Post

            [citation needed]
            You can buy these citations on the black market & dark web, as usual. If the exploits exist. Also, if you need extra cash, try creating the exploits yourself, then sell them. So easy now for anyone & everyone. Tha;'s why USA's DARPA invented the Internet & TOR.

            Comment


            • #16
              Originally posted by birdie View Post
              2,5 years after all these vulnerabilities were discovered we still have zero exploits using them. So much drama every time.
              you have zero exploits using them. don't project your own inadequacies onto others.

              Comment


              • #17
                Originally posted by birdie View Post
                2,5 years after all these vulnerabilities were discovered we still have zero exploits using them. So much drama every time.
                "I've been drinking water my whole life, but I haven't gotten dehydrated. Therefore, dehydration must be exaggerated."

                Most systems have the mitigations on, thus attackers won't realistically be using them since the attack surface is so small. As a result, the lack of an exploit would mean that the mitigations are working.

                Comment


                • #18
                  Originally posted by andyprough View Post
                  Ahhh. In other words, the mitigations have their own security holes, exactly like I said and like many of us predicted. Thank you for verifying that.
                  ...no. To make it clearer: this was an issue where the mitigations did not fully cover all it was supposed to. If your oven gloves have a hole in them, does that mean that the gloves make burns worse than without? No, but it does mean that there is a small surface area where the glove's protection does not apply.

                  Comment


                  • #19
                    Originally posted by pixelherodev View Post

                    [citation needed]
                    Security researchers at major AV companies have discovered none to this date. Again, so much drama.

                    Comment


                    • #20
                      Originally posted by re:fi.64 View Post

                      "I've been drinking water my whole life, but I haven't gotten dehydrated. Therefore, dehydration must be exaggerated."

                      Most systems have the mitigations on, thus attackers won't realistically be using them since the attack surface is so small. As a result, the lack of an exploit would mean that the mitigations are working.
                      100% of successful hacking attempts to this date have been accomplished using vulnerabilities other than than the ones related to transient execution. To run transient execution exploits you need to get into the system first. For Phoronix "experts" it looks like a non-issue. Go hack Pentagon or Microsoft then, what are you doing here? "Experts", my ass.

                      I do not say certain setups should be running free from these mitigations - some absolutely have to employ them, e.g. shared hostings, VMs, cloud computing platforms, etc.
                      Last edited by birdie; 10 June 2020, 06:21 AM.

                      Comment

                      Working...
                      X