Skyfall and Solace Could be the First Attacks Based on Meltdown and Spectre?

[btarunr]

Out of the blue, a website popped up titled "Skyfall and Solace," which describes itself as two of the first attacks that exploit the Spectre and Meltdown vulnerabilities (it doesn't detail which attack exploits what vulnerability). A whois lookup reveals that the person(s) behind this website may not be the same one(s) behind the Spectre and Meltdown website. The elephant in the room, of course, is that the two attacks are named after "James Bond" films "Skyfall" and "Quantum of Solace." The website's only piece of text ends with "Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches," and that one should "watch this space for more." We doubt the credibility of this threat. Anyone who has designed attacks that exploit known vulnerabilities won't enter embargoes with "chip manufacturers and operating system vendors" who have already developed mitigation to the vulnerabilities.



View at TechPowerUp Main Site

 

[Prima.Vera]

 

[londiste]

Please try to split the text into paragraphs a bit

We doubt the credibility of this threat. Anyone who has designed attacks that exploit known vulnerabilities won't enter embargoes with "chip manufacturers and operating system vendors" who have already developed mitigation to the vulnerabilities.

I cannot agree with this editorial note. Spectre is a class of vulnerabilities, so more vulnerabilities/attacks or their variants were and are likely to appear sooner rather than later.

With the problem being in hardware and hardware design rather than specific bugs, software patches are mitigation measures not a complete fix. Even with current (rushed and incomplete) patches, both chip and operating system vendors may want to take additional measures when new ways to attack are found. Embargoes are also pretty standard operating procedure in these situations.

 

[close]

Smells like a hoax if you ask me.

 

[R0H1T]

Please try to split the text into paragraphs a bit
I cannot agree with this editorial note. Spectre is a class of vulnerabilities, so more vulnerabilities/attacks or their variants were and are likely to appear sooner rather than later.

With the problem being in hardware and hardware design rather than specific bugs, software patches are mitigation measures not a complete fix. Even with current (rushed and incomplete) patches, both chip and operating system vendors may want to take additional measures when new ways to attack are found. Embargoes are also pretty standard operating procedure in these situations.

Yup 200% this, many people do not understand this ~ Spectre 1 & 2 are just ways to exploit the speculative execution flaws in OoO chips, like CFL or indeed Ryzen. There can technically be as many variants of spectre as there are (different) chips, meltdown patches are also probably not 100% secure without a hardware fix.

 

[THU31]

Was there a "Meltdown" Bond movie that I missed?

 

[remixedcat]

is this gonna be like "muh russia" conspiracy theory the fake news networks are obsessed with?

 

[R-T-B]

is this gonna be like "muh russia" conspiracy theory the fake news networks are obsessed with?

Not sure how to take this, except to point out these vulnerabilities are not conspiracy theories. Neither is Russian meddling in the election likely to be, ironically. The idea Russia "rigged" the election is pretty BS though.