Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says.
The details of TLBleed, which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache, were leaked to the British tech site, The Register; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs.
Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve "a ton of work to mitigate (mostly app recompile)".
But de Raadt was not so sanguine. "There are people saying you can change the kernel's process scheduler," he told iTWire on Monday. "(It's) not so easy."
(Score: 0) by Anonymous Coward on Tuesday June 26 2018, @08:59AM
You now know to avoid running arbitrary code on remote machines. So, remote RDP clients should be replaced with per-user machines and remote storage servers 90s style.
A mail server here... A CIFS servers there... Maybe the odd git/SQL server? University lab best practices baby. KERBEROS for life. Put on Sublime and mellow out to the screams of a thousand clients losing their one and only local copy since they're too stupid to save to the network drive.
Aha, I miss the good ol' days.