Threatpost, 7/23/18, guest article at Threatpost by Willy Leichter;
Just as the issues underpinning Spectre started a long time ago – going back to the first Intel Pentium processors developed in 1995 – the problem we now face as a result will stretch forward for a long time as well.
Users have blissfully been benefitting from a performance gain in our processors that we’ve taken for granted for decades, not understanding the technicalities behind it. Users at large had no need to wrap their heads around the clever ways the chip designers boosted processor speeds, and they certainly had no way of knowing these speed gains would eventually come at a steep security cost.
The performance gain leverages unused processor cycles, creating a caching model that allows the chipset to make assumptions about what’s coming next. These assumptions are called branch prediction and speculative execution and have been built into millions upon millions of processes ever since. The sacrifice is that the speed gains jump past security checks, leaving gaps (side channels) attackers can exploit to steal confidential information from the user’s machine, stored in program memory, including passwords, customer data, IP information and more.
Patches have not been effective, causing more problems than remedy. Pretending the problem doesn’t exist won’t protect either, as more variants of Spectre continue to emerge. Increasing awareness, seeking solutions in processors while also applyhing protective measures are the only reasonable avenues.
Read the full Spectre Will Haunt Us for a Long Time article by Willy Leichter on Threatpost or on our blog