@r3pek i can't believe a 30+ year old platform that has hardly attempted to modernize or remove any backwards compatibility has had this many security flaws.

@r3pek so far my favourite bit:

> The first attack extracts key bits fromvulnerable RSA and EdDSA implementations. Specifically, itabuses mitigations to preemptive scheduling cache attacks tocause the victim’s loads to miss in the cache

Mitigations for previous CPU-based side-channel attacks are used in this one.

We are really and truly fscked (in general, not just by this particular side-channel).

#InfoSec

@rysiek I'm really beginning to think that x86 is dead and we actually need a brand new cpu architecture or just ditch it all together for ARM.

@r3pek there was a great talk at (I think) #36C3 about academic research into new CPU architecture along with programming language, bth designed for security. But can't find it, and can't remember the specifics, only that it made a lasting impression of "yeah that's exactly what we need".

@r3pek get ready for the "noisy by nature" hit single: 4Mbs covert channel!

Sign in to participate in the conversation
r3pek's Mastodon

Personal server for r3pek.org