About the Author: Simha Sethumadhavan is an associate professor in the Computer Science Department at Columbia University. His research interests are in computer architecture and computer security. He is @thesimha on twitter.
Two high impact microarchitectural timing attacks were disclosed yesterday. (https://nyti.ms/2EOX03d).
10000 ft overview: This is a very intricate attack but the root cause is unflushed speculative state from the cache resulting in a timing variations.
Apparently the issue is impacting the stock prices (https://reut.rs/2lYGFRR);
Questions to ponder as the community considers the implications:
– Is this enough for processor vendors to consider microarchitectural timing attacks in their threat model?
– How are companies going to handle hardware 0-days? More frequent microcode patching? disabling/fuzzing timing sources to frustrate attackers? AV signatures for spy code? compiler fixes?
More here from last year on this topic: