Cueball: The Meltdown and Spectre exploits use “speculative execution?” What’s that?
Ponytail: You know the trolley problem? Well, for a while now, CPUs have basically been sending trolleys down both paths, quantum-style, while awaiting your choice. Then the unneeded “phantom” trolley disappears.Ponytail: The phantom trolley isn’t supposed to touch anyone. But it turns out you can still use it to do stuff.
Ponytail: And it can drive through walls.Cueball: That sounds bad.
Ponytail: Honestly, I’ve been assuming we were doomed ever since I learned about Rowhammer.Cueball: What’s that?
Ponytail: If you toggle a row of memory cells on and off really fast, you can use electrical interference to flip nearby bits and—
Cueball: Do we just suck at…computers?
Ponytail: Yup. Especially shared ones.Cueball: So you’re saying the cloud is full of phantom trolleys armed with hammers.
Ponytail: …Yes, that is exactly right.
Cueball: Okay. I’ll, uh… install updates?
Ponytail: Good idea.(Alt text: New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.)
Look, today’s xkcd comic involves Coil’s power! Sort of.
[…] [reblogging the xkcd comic post from here] […]
LikeLike