SparkyLinux Forums

General => 0ther => Topic started by: paxmark1 on May 04, 2018, 01:48:41 AM

Title: spectre-ng Security
Post by: paxmark1 on May 04, 2018, 01:48:41 AM

https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

This is an English trans. of a German source.  Picked it up on another forum

May 03 2018 

QuoteOne of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap. Intel's Software Guard Extensions (SGX), which are designed to protect sensitive data on cloud servers, are also not Spectre-safe.