
German CT-Magazine says 8 new Spectre Vulnerabilities are found in Intel CPUs - growt
https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html
======
InternetOfStuff
Some context on the source:

c't is a German computer magazine that has been around since the early 80s. It
has a very good reputation for journalistic quality, expertise and
thoroughness of investigations.

heise is the publisher that owns c't, hence the url.

------
davrosthedalek
There is now an official english translation:
[https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-
Multipl...](https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-
Intel-CPU-flaws-revealed-several-serious-4040648.html)

c't and heise are not known to make statements like this willy-nilly. If they
say it's serious, I would assume it is indeed serious.

------
dmichulke
Does anybody know why this is still not page 1?

Current Place 41:

33 points 3 hours ago, 4 comments

For comparison:

25\. Differentiable Programming: A Semantics Perspective
(barghouthi.github.io) 54 points by matt_d 12 hours ago | flag | hide | 11
comments

26\. The Pain Hustlers (nytimes.com) 62 points by farseer 10 hours ago | flag
| hide | 17 comments

Looks like there is some penalty involved.

------
dmichulke
TLDR;

The bugs are currently exclusive to c't (a German IT magazine closely linked
to heise.de) and they could confirm those bugs "in several ways".

[IMO: c't and heise.de are considered both first class sources in Germany]

Technical details won't be published in order to give manufacturers time to
respond.

Still, they are a consequence of the same architectural problem as Specter,
hence labelled Specter-NG

There are indications that at least some ARM CPUs are vulnerable and AMD CPUs
are still being tested.

Intel estimates the risk to be "high" for four and "medium" for another four.

C't itself considers at least one "extremely high" because it would allow for
controlling the host system from within a VM, or accessing other VMs on the
same system. This was also possible for the original specter bugs but this
specific attack would be much easier as it required "much less detailed
knowledge".

------
growt
Here is the google translation:
[https://translate.google.com/translate?hl=de&sl=de&tl=en&u=h...](https://translate.google.com/translate?hl=de&sl=de&tl=en&u=https%3A%2F%2Fwww.heise.de%2Fct%2Fartikel%2FSuper-
GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html)

------
pella
Guru3d: [http://www.guru3d.com/news-story/eight-new-spectre-
variant-v...](http://www.guru3d.com/news-story/eight-new-spectre-variant-
vulnerabilities-for-intel-discovered-four-of-them-critical.html)

