Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Thursday July 19 2018, @09:08PM   Printer-friendly
from the yes dept.

Phys.org:

[...] Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. The best known recent examples were the chip flaws nicknamed Spectre and Meltdown that affected billions of computers, smartphones and other electronic devices. On July 10, researchers announced they discovered new variants of those flaws exploiting the same fundamental leaks in the majority of microprocessors manufactured within the last 20 years.

This realization has led to calls from microchip industry leaders, including icons John Hennessy and David Patterson, for a complete rethinking of computer architecture to put security first. I have been a researcher in the computer architecture field for 15 years – as a graduate student and professor, with stints in industry research organizations – and conduct research in power-management, microarchitecture and security. It's not the first time designers have had to reevaluate everything they were doing. However, this awakening requires a faster and more significant change to restore users' trust in hardware security without ruining devices' performance and battery life.

Is Open Hardware the answer?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by darkfeline on Friday July 20 2018, @07:35PM (2 children)

    by darkfeline (1030) on Friday July 20 2018, @07:35PM (#710087) Homepage

    How is open hardware the answer? Linux is open, therefore it does not have security issues?

    Open software works because issues can be quickly fixed and patched once found (even then, old systems cause problems). For hardware, even if security issues are found quickly, fabricating and installing new chips is expensive, assuming everyone has a chip fab in their closet.

    The real solution is to not run untrusted code. Your software and hardware will always have vulnerabilities. So long as you avoid running untrusted code, a huge number of problems just go away.

    So long as we insist on running untrusted code on the same hardware that is handling trusted data, there will always be side channel attacks. Feel free to bookmark this post, when the next side channel RAM read vulnerability comes out or side channel CPU temperature/fan speed vulnerability, or disk vibration microphone vulnerability, or...

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Gaaark on Friday July 20 2018, @08:44PM

    by Gaaark (41) on Friday July 20 2018, @08:44PM (#710109) Journal

    Even trusted code can have security issues. My point is i'd rather trust open code and hardware then, say, MS code and Intel hardware.

    Open code usually gets fixed properly (the first time) and fast, unlike MS code, and just look at the Oracle article with, what, 300 security nightmares issues!

    Bookmark THIS post for the next Intel/Oracle/MS/Apple/?/.........

    Give me open hardware and software i can read about/through ANY DAY. YOU may trust... i don't.

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
  • (Score: 2) by AssCork on Tuesday July 31 2018, @02:53AM

    by AssCork (6255) on Tuesday July 31 2018, @02:53AM (#715040) Journal

    "Trusted Code" - maybe enforced by a Trust Platform Module [wikipedia.org], so that only modern BIOS (like UEFI [wikipedia.org]) will only load boot-code signed by the right authority?

    NICE TRY, MICROSOFT!

    --
    Just popped-out of a tight spot. Came out mostly clean, too.