Hacker News new | past | comments | ask | show | jobs | submit login

Spectre marks the beginning of a new bug class. It's more like "to write secure program on processors with speculative execution you must not do A, B and C". New processors fixed known bugs in the implementation of the silicon itself, but some of them can only be fixed in software.

See https://leaky.page




I use only noscript/basic (x)html browsers.

I heard from Zen3 silicon, spectre and friends are fixed.


Spectre as a general vulnerability class is NOT fixed. And you can write perfectly vulnerable-to-Spectre code in Rust, or anything you like. As long as there are "virtual" privilege separations under the same hardware privilege level, which is extremely common nowadays (hey, it's called sandbox). It would be vulnerable on ANY processor with speculative execution, including past, current and future Intel, AMD processors, M1, M2 and you name it. No need for JavaScript in browsers. Please just read the page, it's not browser specific.

In this case the only thing one can fix is, surprise, the vulnerable code!


Wow, it is even worse, with such well known silicon vulnerabities, it seems it is not legal to sell such CPUs in my country.


So rumors are wrong, or even worse, AMD lied.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: