Over the last few days I’ve collected a lot of Meltdown and Spectre links at 1984 and (IT) (in)security – Google+.
Most of them provide links to what happened this, year, but a few are also on the path leading to these vulnerabilities. In the links you will also find the affected architectures and patches by various vendors which I have tried to summarise below.
In the link collection, I’ve tried to keep the number of hops to the actual sources as short as possible (as many have re-shared original) links but still attribute to the first one I got the link from.
Since the WordPress “Press-This” functionality is limited, even after all these years, so for now it will be a one-time link dump; filling in more of the archival WayBack and Archive.is links and adding more context will hopefully come later.
I will try to keep links roughly in chronological order (please post a comment where I goofed up) and I hope to find some time to have a “most important” or “summary” list eventually.
A few notes first
- At the start of implementing any of these technologies, it was warned these could impose security risks:
- CISC by using a RISC microarchitecture
- processor and MMU level caching
- speculative execution
- indirect branch prediction
- All architectures involving these features are or will be involved over time.
- More of these vulnerability techniques are going to evolve beyond the architectures that have been found vulnerable now in alphabetical order:
- AMD x64/x86
- ARM AArch64
- IBM Power PC
- IBM Z series
- Intel x64/x86
- Patches will slow down things depending on the kinds of workloads.
- The only real solution is for CPU vendors to re-design their architectures so the problems are solved at the hardware levels.
This could take a few generations of CPU hardware, so until then, patches are needed.
- Like many cases of vulnerabilities, public relations by various vendors was handled in a bad way. Please try to read through them.
- Read/view:
Remember:
List
Read the rest of this entry »
The Wiert Corner - irregular stream of stuff 