undefined | Better HN

0 pointsviraptor1y ago0 comments

In practice probably not, as long as general population keeps it enabled. I mean, looking at effort required, it's not worth spending time exploiting spectre these days, because virtually everyone is protected. If you're not likely to be directly targeted, "herd immunity" will work.

0 comments

iforgot221y ago

If just visiting a webpage with some JS will let them do ACE on even 0.1% of visitors, hackers are probably still motivated enough to try it. But I vaguely remember these kinds of vulns can be patched in-browser for a perf hit instead of taking the hit system-wide, which sounds like an ok compromise.

Edit: Arbitrary memory access, not ACE

ActorNightly1y ago

>hackers are probably still motivated enough to try it.

The amount of actual exploit crafting that is needed to actually do something meaningful with a hack is pretty much not worth doing for any financial reason. The only time this happens now is when state funded actors or prominent groups with lots of manpower really want to take down an individual person.

iforgot221y ago

Depends how automated it can be. I know some non-spectre 0-days were used broadly, either via viruses or port-scanning. Is it possible to craft some JS that'll use a spectre-like vuln to reliably grab something important like Chrome passwords or credit cards? Idk, it's hard to prove otherwise, and hackers have more time to think about this than I do.

1 more reply

viraptorOP1y ago

Linux on its own isn't even 0.1% visitors normally. We're talking multiple orders of magnitude less for disabled mitigations. And on top of all that, it's possible that exploiting on that machine is going to be harder due to custom software with uncommon memory layout - i.e. it's probably not a stock Ubuntu. And finally, for accessing data outside of the page, you really want to have some specific target, so they'd have to guess that too.

iforgot221y ago

If only Linux is affected then sure. Was talking about spectre in general. Maybe only Linux users are turning the spectre mitigation flags off, but there are plenty of outdated Windows systems too.

bawolff1y ago

> If just visiting a webpage with some JS will let them do ACE on even 0.1% of visitors

Spectre is not an arbitrary code execution kind of attack.

iforgot221y ago

Oops, I meant arbitrary memory access.

j / k navigate · click thread line to collapse

0 comments

iforgot221y ago

Edit: Arbitrary memory access, not ACE

ActorNightly1y ago

>hackers are probably still motivated enough to try it.

iforgot221y ago

1 more reply

viraptorOP1y ago

iforgot221y ago

If only Linux is affected then sure. Was talking about spectre in general. Maybe only Linux users are turning the spectre mitigation flags off, but there are plenty of outdated Windows systems too.

bawolff1y ago

> If just visiting a webpage with some JS will let them do ACE on even 0.1% of visitors

Spectre is not an arbitrary code execution kind of attack.

iforgot221y ago

Oops, I meant arbitrary memory access.

j / k navigate · click thread line to collapse