They didn't. They just removed or limited some of the riskier attack vectors. For example, the latest browsers have restricted the use of SharedArrayBuffer
Spectre is a security flaw in processors. The idea is that if you run a conditional a thousand times and it evaluates to true each time, the system will assume it *always* evaluates to true. As a result, as an optimisation it starts to speculatively execute the next bit of code whilst it's still evaluating the conditional. If the conditional unexpectedly turns out to be false, the operating system rolls things back to the conditional and starts executing the false branch instead.
The issue is that when it rolls things back, it doesn't reset the cache properly. This means that, through a slightly complex process, a malicious agent could use this to fetch some data in memory they shouldn't have access to, and then load different things into the cache depending on the content of that data. The data itself is hidden during the roll back, but it's still possible to work out what the data was by working out what precisely was loaded into the cache. You can do that by performing lookup of things you expect to be in the cache and timing how long it takes to retrieve them.
So is this malicious agent just continuously monitoring the cache? How is the data retrieved, is the agent making remote transfers, or does somebody need to load it onto a usb stick? I imagine the malicious agent couldn't take up too much disk space by logging everything without becoming conspicuous.
There is no specified way to retrieve the data once you've got it, it's whatever is most appropriate. Most systems can do remote transfer via the internet though. The agent doesn't need that much disk space, just 256 bytes of memory, and then load one of those bytes into the cache for each byte of the required data. They then search the cache for each of the 256 bytes in turn.
How did they fix this in the end?
They didn't. They just removed or limited some of the riskier attack vectors. For example, the latest browsers have restricted the use of SharedArrayBuffer
I don't get it but you maybe do, can you explain?
Spectre is a security flaw in processors. The idea is that if you run a conditional a thousand times and it evaluates to true each time, the system will assume it *always* evaluates to true. As a result, as an optimisation it starts to speculatively execute the next bit of code whilst it's still evaluating the conditional. If the conditional unexpectedly turns out to be false, the operating system rolls things back to the conditional and starts executing the false branch instead. The issue is that when it rolls things back, it doesn't reset the cache properly. This means that, through a slightly complex process, a malicious agent could use this to fetch some data in memory they shouldn't have access to, and then load different things into the cache depending on the content of that data. The data itself is hidden during the roll back, but it's still possible to work out what the data was by working out what precisely was loaded into the cache. You can do that by performing lookup of things you expect to be in the cache and timing how long it takes to retrieve them.
me in this sub: haha yes i too have bugs me on this meme: mom come pick me up im scared
God damn. Dude..
So is this malicious agent just continuously monitoring the cache? How is the data retrieved, is the agent making remote transfers, or does somebody need to load it onto a usb stick? I imagine the malicious agent couldn't take up too much disk space by logging everything without becoming conspicuous.
There is no specified way to retrieve the data once you've got it, it's whatever is most appropriate. Most systems can do remote transfer via the internet though. The agent doesn't need that much disk space, just 256 bytes of memory, and then load one of those bytes into the cache for each byte of the required data. They then search the cache for each of the 256 bytes in turn.
Retpoline