cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

TLBleed - surely it would be ethical to patch it?

Interesting article appeared this morning:  https://searchsecurity.techtarget.com/answer/How-does-TLBleed-abuse-the-Hyper-Threading-feature-in-I...

 

If it well known, then surely the emphasis should be on the manufacturer to resolve it, and not place the responsibility on organisations to mitigate it?

 

Regards

 

Caute_cautim

1 Reply
Early_Adopter
Community Champion

Ethics from a large company...? Devil’s advocate, sure, as Long as it doesn’t cost any money...

 

I would say that enough OEM Customers would need to ask for this to be resolved - get server and desktop producers asking for it then we might see something. Sort of cash for a secure cache... 

 

This was at black hat and mitigation’s didn’t seem to impress Ben Gras:

 

http://www.eweek.com/security/tlbleed-side-channel-cpu-attack-detailed-at-black-hat

 

maybe they will fix it going forward.