[HN Gopher] Ask HN: Real-World Breaches from Speculative Executi...
       ___________________________________________________________________
        
       Ask HN: Real-World Breaches from Speculative Execution Vulns?
        
       For years we've been reading about how vulnerable so many computer
       systems, especially ones using Intel and AMD processors, are highly
       vulnerable to speculative execution attacks such as Spectre,
       Meltdown, Foreshadow and Fallout. Numerous demonstrations of the
       feasibility of these attacks have been published, seemingly showing
       their practicality (even in JavaScript). Microcode updates that
       partially mitigate them have meant significant performance
       slowdowns, also suggesting their practicality. Are there many cases
       where these vulnerabilities have led to actual security breaches of
       real-world systems?
        
       Author : PhantomPhreak
       Score  : 14 points
       Date   : 2022-03-20 19:40 UTC (3 hours ago)
        
       | gwd wrote:
       | Keep in mind that "breach" here is limited to an _information
       | leak_. Passwords could be read to achieve a privilege escalation;
       | but a more likely attack would be stealing private keys or other
       | sensitive information. The latter would leave no trace on the
       | target system. So how would you know if your private keys or
       | passwords had been stolen?
        
         | PhantomPhreak wrote:
         | My question is about publicized hacks of any kind, which I'd
         | still call "security breaches".
        
       | layer8 wrote:
       | I don't think so. Probably because it's still much easier to get
       | users to install ransomware by phishing or by disseminating USB
       | sticks.
        
       ___________________________________________________________________
       (page generated 2022-03-20 23:01 UTC)