zlacker

[return to "Intel x86 considered harmful – survey of attacks against x86 over last 10 years"]
1. jbob20+I2[view] [source] 2015-10-27 15:15:56
>>chei0a+(OP)
So I read the blog post and skimmed the PDF and I'm left with some questions. IF these security issues have been present for 10 years, but there hasn't been any widespread malicious action on them, are they really issues?

To create an analogy, my car doesn't have bullet proof glass, someone could easily shoot it up and i'd be dead. But nobody really goes around shooting up cars, so is it an issue?

◧◩
2. tptace+e5[view] [source] 2015-10-27 15:34:41
>>jbob20+I2
Of course they are. We ran the Internet on C code that was positively riddled with trivially exploitable stack overflows for 7 years after the Morris Worm demonstrated RCE through overflows --- 6 years after the "microscope and tweezers" paper explained how the attack worked.

Exact same story with error oracle attacks in cryptography.

Attackers go after the low hanging fruit first, and then they move up the tree.

[go to top]