zlacker

[return to "Arm releases experimental CHERI-enabled Morello board"]
1. pluton+Y7[view] [source] 2022-01-20 12:21:59
>>zxombi+(OP)
I wager it will be hacked in under a year.
◧◩
2. jrtc27+Qc[view] [source] 2022-01-20 12:55:02
>>pluton+Y7
Nobody's claiming it's "hack-proof", that would be foolish, just that it removes certain classes of vulnerabilities that are the majority of CVEs for code written in memory-unsafe languages, thereby reducing the attack surface. Independent analysis by both Microsoft and Google has shown that's around 70% of vulnerabilities, which still leaves around 30%, but is a big step forward.
◧◩◪
3. lacksc+hf[view] [source] 2022-01-20 13:12:50
>>jrtc27+Qc
Not OP, but that's not how I interpreted their comment. I interepreted it as the 70% they hope to have fixed will end up having edge cases not yet considered, and the protections will end up weaker than desired. No-one designed a processor to be susceptable to spectre and meltdown, once something moves into production there is significantly more incentive to investigate and find these flaws.
◧◩◪◨
4. pjmlp+ei[view] [source] 2022-01-20 13:29:31
>>lacksc+hf
There are no CVEs related to Solaris SPARC Application Data Integrity, or Unisys ClearPath MCP.

Either they aren't interesting for hackers, or they actually did a good job with hardware memory tagging.

◧◩◪◨⬒
5. Trex_E+sq[view] [source] 2022-01-20 14:12:30
>>pjmlp+ei
I might imagine the former over latter
[go to top]