@kelly said in Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical:
@tim_g said in Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical:
Wow....
But how practical is it to not only first exploit the Spectre vulnerability, but then to get any useful data from most likely other unknown shared VMs on the same box? (really, only on a shared hosting provider host is where 99.9% of the threat is)
This stuff is discarded speculative cached data... maybe a thumbnail you won't be viewing (if it goes that big), or maybe a few bits leading in that direction... maybe credentials (that are encrypted anyways)...
It seems like all you can do is "fish" for unknown discarded speculative data... it doesn't really sound like a huge practical threat, however, I do see the severity and horrible potential of it, just not the practicality.
Here is how I see it playing out in the larger world. Bad actors will be spinning up VMs on hosting providers' hardware, and then trolling for data of cohosted VMs. It isn't a large problem in a secure environment where the list of people who can spin up VMs also have the credentials necessary to make a Spectre-ng attack a waste of time and energy.
Also worth noting, in a cloud environment the data that can be caught this way is essentially random and ephemeral. What works today won't work tomorrow, and whose data you are getting is normally unknown. The scale and anonymity of cloud computing makes these attacks more possible, but less effective, almost to the point of useless.
