All Questions
Tagged with spectre vulnerability
12
questions
4
votes
1
answer
5k
views
Sacrificing 30% of my CPU performance (by disabling Hyper-Threading) to fully mitigate CPU vulnerabilities, necessary?
I used the spectre-meltdown-checker, version 0.42, without any option resulting in all-green results. But, in a help page, I found the --paranoid switch, which resulted in about a half of later CVEs ...
2
votes
1
answer
635
views
What is NetSpectre?
A new attack was revealed in a document titled NetSpectre: Read Arbitrary Memory over Network (PDF warning). I've seen a few non-technical writeups about the fact that it's a pretty slow attack:
The ...
-1
votes
2
answers
229
views
Extracting passwords from recycled machine using Spectre and Meltdown
With Spectre and Meltdown, hackers can extract your password from the CPU cache. If I give someone my computer without the hard drive, can he extract my passwords through the CPU?
0
votes
1
answer
485
views
What is the attack vector for CVE-2018-3639 Speculative Store Bypass?
We use Web Application deployed on a CentOS server.
Can the attack will be performed via a browser?
Or the attacker need a physical access to the CentOS server?
I cannot understand the attack vector ...
1
vote
2
answers
340
views
What is the significance of Spectre and Meltdown?
Reading up on Spectre and Meltdown attacks again, I don't get why they were hyped so much.
These are cache attacks that take advantage of the instruction pipeline processing implementation in ...
35
votes
6
answers
10k
views
On Windows boxes, is patching for Spectre and Meltdown necessary?
From what I've read, Spectre and Meltdown each require rogue code to be running on a Windows box in order for attacks to take place. The thing is, once a box has rogue code running, it's already ...
5
votes
1
answer
447
views
Are mitigations for Spectre and Meltdown needed in the VMs for dynamic languages other than JavaScript?
Mitigations for Spectre and Meltdown are being added to the JavaScript VMs in Chrome, Firefox, IE/Edge and WebKit.
Are similar mitigations also needed in the VMs for other dynamic languages?
For ...
5
votes
1
answer
542
views
Why were Meltdown and Spectre disclosed at the same time?
Both the Meltdown and Spectre vulnerabilities were publicly disclosed on January 3, 2018. (6 days ahead of the originally planned January 9).
Since their public reveal, there has been some confusion ...
3
votes
1
answer
303
views
Are Meltdown and Spectre complementary and used together
Meltdown and Spectre have both been announced at the same time, almost always in the same sentence. Is there a connection, other than timing and the fact that they attack chips? Are they used together ...
7
votes
2
answers
2k
views
Can Javascript engines that run on the JVM be used to implement the Spectre exploit?
I see that Chrome and Mozilla have added mitigations into their javascript engines for the Spectre vulnerabilities (CVE-2017-5753 & CVE-2017-5715). However I cant find anything regarding ...
172
votes
3
answers
17k
views
Meltdown and Spectre Attacks
Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one.
Main concerns
What ...
5
votes
2
answers
1k
views
Are VIA CPUs vulnerable to Spectre/Meltdown attacks?
I couldn't find any information about the recently published Spectre/Meltdown attacks affecting VIA CPUs.
Are they also affected by this vulnerabilities?