Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday June 26 2018, @12:40AM   Printer-friendly
from the I-predict-another-one-in-six-months-tops dept.

Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says.

The details of TLBleed, which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache, were leaked to the British tech site, The Register; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs.

Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve "a ton of work to mitigate (mostly app recompile)".

But de Raadt was not so sanguine. "There are people saying you can change the kernel's process scheduler," he told iTWire on Monday. "(It's) not so easy."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday June 26 2018, @01:41AM (1 child)

    by Anonymous Coward on Tuesday June 26 2018, @01:41AM (#698523)

    Invest in ARM? I saw some real nice 32-core workstations the other day...

  • (Score: 3, Touché) by Knowledge Troll on Tuesday June 26 2018, @02:23AM

    by Knowledge Troll (5948) on Tuesday June 26 2018, @02:23AM (#698540) Homepage Journal

    Invest in ARM?

    That might help my pocket book but not maintaining some level of sanity at work, at least in the immediate term. Also ARM was victim to Spectre/Meltdown and probably more in the future so the problem still remains that we use CPUs that we can't trust to actually maintain the security models we require.