Hacker News new | past | comments | ask | show | jobs | submit login

What pain, no exploits have ever been documented. These mitigations are makeshift insurance for datacentres.



The operative word in my sentence is "may," indicating a level of uncertainty.


You can download PoCs from GitHub right now.


I've yet to see reports of one running involuntarily in the wild.


Probably because most systems quickly adopted mitigations and attackers then moved back to lower-hanging fruit.


So you are saying the anti-vaxxers of the linux world are protected by herd immunity? Interesting angle for sure!


I'm truly shocked by the comments I'm seeing here. When did so many people forget everything we've learned about security? You know what a zero-day attack is right? You know how fast those can cover the whole internet these days right? So why would you purposely leave a gaping security hole in your system to get some performance on a CPU that's probably too fast for your realistic workload already?


I've never seen reports indicating any exploit running involuntarily in the wild, ever.

That fact, however, does not validate my position.


"I've yet to see a horse run out, so why would I bolt this barn door?"


It's a special type of horse that won't run out unless aliens from another galaxy throw space hay at the door.


In March of 2019 there were no world wide pandemics forcing hundreds of millions to shelter in place.

The point is you vaccinate before a illness starts spreading if you can, because things spread quickly when you do not and can create quite a mess.


These academic PoCs read data that they themselves have staged during execution. This is very different from reading arbitrary, random memory that contains something like a cookie for another web site, password, or SSH key. When someone is looking for a real world exploit, this is what they want.


I don't think anyone has actually bothered to a microarchitectural side channel in practice yet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: