
New Spectre attack enables secrets to be leaked over a network - maltalex
https://arstechnica.com/gadgets/2018/07/new-spectre-attack-enables-secrets-to-be-leaked-over-a-network/
======
curiousgal
I am starting to believe that safety and security online are unattainable.
Every approach one can take to protect themselves seems like a castle built on
sand.

~~~
ta346934634
We've built a big mud-pie with gaping holes everywhere it seems. Initially
getting things working and networked was the goal I guess; security wasn't
something people had really worried about (look at earlier network protocols -
a lot of trusted stuff just by virtue of being on the same lan/wan).
Mitigating timing attacks and branch prediction attacks over a network etc I
don't think had even been heard of.

The virus maker/anti-virus vendor self-feeding thing/arms-race is another
crackup.

~~~
mindfulhack
I wonder if it's scientific at all to speculate* that this computer security
situation is an extension of the fact that biologically, we are built more to
destroy (in our cells, and thus our evolutionary psychology) than create (i.e.
stay healthy, endure, and be indestructible).

Sure, we _re-create_ , but that cycle aside, it's easier to attack and kill
than to defend and live. In all of nature, it is easier to destroy than it is
to create.

Thus, our human-created systems of information technology are fundamentally
trapped in the same paradigm as we are, with the same characteristics
described as above.

If that is true, then truly secure systems may only be possible if an 'AI'
singularity occurs, i.e. once a tipping point of self-improving software to
fundamentally happens in which it becomes able to re-invent itself as fast as
it needs to be (a million times a second until ad infinitum), only then will
computer security truly exist, because such a system of creation of no longer
bound by nature's cells and earlier evolution.

Until then, computer security is way too limited to our very primitive selves
that it suffers from now.

(*) sigh...

------
jlebar
Direct link to the paper:
[https://misc0110.net/web/files/netspectre.pdf](https://misc0110.net/web/files/netspectre.pdf)

