Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Badfilemagic
Contributor II
‎01-18-2018 11:38 AM
‎01-18-2018 11:38 AM

Heads up: New speculative execution bugs in the pipeline

Details are almost non-existant as the bugs are currently embargoed. However, it appears that there are a pair of additional attacks taking advantage of speculative execution issues in CPUs.

 

They are branded as Skyfall and Solace, which will, of course, making playing "Bond Movie or Branded CVE" more difficult. The page to watch is here: https://skyfallattack.com, so we'll see how this unfolds.

 

If, like the last two, these are really just read-only attacks then at least that is something. However, depending on difficulty and reliability of the exploit, I expect that cloud providers will once again provide the juiciest attack surface.

-- wdf//CISSP, CSSLP
Reply
1 Reply
Badfilemagic
Contributor II
‎01-18-2018 12:35 PM
‎01-18-2018 12:35 PM

The colleague who pointed me to this is thinking it may be a hoax. I certainly hope so, but it is better to wait and see at this point, given the recent issues. Hope for the best, plan for the worst and all of that.

-- wdf//CISSP, CSSLP
Reply
0 Kudos