Friday, January 19th 2018

Skyfall and Solace Could be the First Attacks Based on Meltdown and Spectre?

Out of the blue, a website popped up titled "Skyfall and Solace," which describes itself as two of the first attacks that exploit the Spectre and Meltdown vulnerabilities (it doesn't detail which attack exploits what vulnerability). A whois lookup reveals that the person(s) behind this website may not be the same one(s) behind the Spectre and Meltdown website. The elephant in the room, of course, is that the two attacks are named after "James Bond" films "Skyfall" and "Quantum of Solace." The website's only piece of text ends with "Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches," and that one should "watch this space for more." We doubt the credibility of this threat. Anyone who has designed attacks that exploit known vulnerabilities won't enter embargoes with "chip manufacturers and operating system vendors" who have already developed mitigation to the vulnerabilities.
Add your own comment

7 Comments on Skyfall and Solace Could be the First Attacks Based on Meltdown and Spectre?

#2
londiste
Please try to split the text into paragraphs a bit ;)
We doubt the credibility of this threat. Anyone who has designed attacks that exploit known vulnerabilities won't enter embargoes with "chip manufacturers and operating system vendors" who have already developed mitigation to the vulnerabilities.
I cannot agree with this editorial note. Spectre is a class of vulnerabilities, so more vulnerabilities/attacks or their variants were and are likely to appear sooner rather than later.

With the problem being in hardware and hardware design rather than specific bugs, software patches are mitigation measures not a complete fix. Even with current (rushed and incomplete) patches, both chip and operating system vendors may want to take additional measures when new ways to attack are found. Embargoes are also pretty standard operating procedure in these situations.
Posted on Reply
#3
close
Smells like a hoax if you ask me.
Posted on Reply
#4
R0H1T
londistePlease try to split the text into paragraphs a bit ;)
I cannot agree with this editorial note. Spectre is a class of vulnerabilities, so more vulnerabilities/attacks or their variants were and are likely to appear sooner rather than later.

With the problem being in hardware and hardware design rather than specific bugs, software patches are mitigation measures not a complete fix. Even with current (rushed and incomplete) patches, both chip and operating system vendors may want to take additional measures when new ways to attack are found. Embargoes are also pretty standard operating procedure in these situations.
Yup 200% this, many people do not understand this ~ Spectre 1 & 2 are just ways to exploit the speculative execution flaws in OoO chips, like CFL or indeed Ryzen. There can technically be as many variants of spectre as there are (different) chips, meltdown patches are also probably not 100% secure without a hardware fix.
Posted on Reply
#5
THU31
Was there a "Meltdown" Bond movie that I missed?
Posted on Reply
#6
remixedcat
is this gonna be like "muh russia" conspiracy theory the fake news networks are obsessed with?
Posted on Reply
#7
R-T-B
remixedcatis this gonna be like "muh russia" conspiracy theory the fake news networks are obsessed with?
Not sure how to take this, except to point out these vulnerabilities are not conspiracy theories. Neither is Russian meddling in the election likely to be, ironically. The idea Russia "rigged" the election is pretty BS though.
Posted on Reply
Dec 18th, 2024 10:59 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts