undefined | Better HN

0 pointsdataflow5y ago0 comments

Spectre could too, but again, my point was that I didn't hear of actual attacks on people in the wild, at least not on any scale that seemed to make the news. Is there a reason to believe this will be different?

0 comments

5 comments · 3 top-level

baybal25y ago· 2 in thread

The first known Spectre-like concept was actually traced to Pentium 3 times in nineties.

It took 2 decades for everybody to forget about it before the vulnerability dismissed as "not exploitable in the practice" came back with a vengeance.

lilSebastian5y ago

I'd really appreciate a link to this, sounds really interesting.

mhh__5y ago

It's on Wikipedia (away from pc) on the meltdown article

panny5y ago

>I didn't hear of actual attacks on people in the wild

You never would. It's a passive attack. It's measuring response time to normal operations to discover secrets.

https://mlq.me/download/netspectre.pdf

"Software based side-channel attacks are particularly unsettling since they do not require physical access to the device."

1e-95y ago

It can take months or even years for proof-of-concepts to become widespread in the wild, particularly by those sloppy enough to be easily detected.

j / k navigate · click thread line to collapse