New Spectre attack variants leave AMD, Intel, and Arm processors exposed [Updated]

Update May 4, 2022 at ix:15 a.m. ET: Ashish Venkat, a reckoner scientist from UVA with a credit on the research paper, has provided a statement in response to Intel's response to the original story.

"We're enlightened of these guidelines from Intel suggesting software developers to write code in a way that is not vulnerable to side-aqueduct attacks. Here's an excerpt from the Intel article -- 'Developers who wish to protect secret information confronting timing side channel methods should ensure that their lawmaking runtime, data access patterns, and lawmaking access patterns are identical independent of secret values.'

Certainly, we agree that software needs to exist more secure, and we agree as a community that constant-time programming is an effective means to writing code that is invulnerable to side-channel attacks. However, the vulnerability we uncover is in hardware, and information technology is of import to also design processors that are secure and resilient against these attacks.

In improver, constant-time programming is non only hard in terms of the actual developer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software. The percentage of code that is written using Abiding Time principles is in fact quite small. Relying on this would exist unsafe. That is why we yet demand to secure the hardware."

Intel's initial response statement and the original article follow below:

Update May 3, 2022 at 4:05 p.m. ET: Intel has provided the post-obit statement.

"Intel reviewed the report and informed researchers that existing mitigations were non being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed."

The original story can be found below:

Researchers from the Academy of Virginia and the Academy of California, San Diego, have published a newspaper entitled "I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches," which explores the latest Spectre attacks and how the threat they pose is distinctly different than the ones from 3 years agone (via PC Gamer).

Spectre takes reward of and exploits modern CPU prediction techniques that are designed for optimization but give hackers a way to read cardinal data if the processor makes an wrong prediction. The researchers who've published the same research paper cite iii main attacks as part of the current moving ridge of Spectre threats.

The issue with combating these attacks is that the major counters involve disabling the source of the readable information or limiting the aforementioned predictive techniques such equally speculative execution. All of these solutions would drastically slow performance since they'd be actively undoing key elements of existing processors' optimization efforts.

The full paper is a highly technical read and hard to parse if you're not up to speed on reckoner security technical terminology, simply the long and brusk of it is that the Spectre threats listed require quite a bit of effort and dedication on the hacker's function, so the average PC user likely won't have to worry too much — for now. Hopefully there isn't another Spectre-fueled scramble to protect PCs on the horizon.

Post-launch roadmap for Final Fantasy XIV: Endwalker revealed

Future plans for FFXIV

Post-launch roadmap for Concluding Fantasy Fourteen: Endwalker revealed

The latest Letter of the alphabet from the Producer livestream has simply aired, and it comes with a plethora of news for Last Fantasy XIV. This includes plans for updating all the main scenario quest dungeons, improving the graphics, implementing new sidequests, and much more than.