The Meltdown and Spectre attacks revealed earlier in 2018 kicked the year off with a concerning bang due to the wide range of hardware affected. Since they were disclosed, Microsoft, AMD, Intel, and other companies have managed to limit the potential for widespread attacks with a series of hardware and software mitigations. Still, new variants on the attack continue to be discovered, and the latest widens the potential pool of devices impacted.
Discovered by researchers at Graz University of Technology, the new attack, dubbed NetSpectre (via Ars Technica), has one major advantage over the previously disclosed attack vectors: it can be executed remotely. According to the researchers, NetSpectre allows an attacker to read the memory of a system without having to execute any code locally.
Fortunately for potential victims, there are two major aspects of this attack that bend fate in their favor. The first is that this method of attack is incredibly slow: researchers were only able to demonstrate leaking data at a rate of between 15 bits and 60 bits per hour. Second, because the method described relies on the Spectre variant 1 attack, existing mitigations, released after the original Spectre attack was first described earlier this year, should protect devices that have been patched.
For a detailed overview of the attack, you can read the white paper released by the team of researchers at Graz University of Technology.
Updated July 27, 2018: Intel has reached out with a statement on NetSpectre, confirming that it can be mitigated in the same manner addressed by previous Spectre patches. From Intel:
NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753), and is mitigated in the same manner – through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate. We provide guidance for developers in our whitepaper, Analyzing Potential Bounds Check Bypass Vulnerabilities, which has been updated to incorporate this method. We are thankful to Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp, & Stefan Mangard of Graz University of Technology for reporting their research.
These are all our picks for the very best Windows laptops available
The HP Spectre x360 13 is our pick for the best overall Windows laptop you can buy, but there are a ton of other great options if you need something different. If you're now working from home and need a quality device, you'll find it here.
Microsoft Flight Simulator VR finally has a release date (and a surprise)
Microsoft Flight Simulator's long-awaited VR mode is finally being released in the very near future and it comes with one huge surprise, too!
Check out they new HyperX Cloud Revolver + 7.1 gaming headset
This new headset from HyperX complements its Cloud Revolver lineup. It's a high-end option with virtual 7.1 surround sound and robust audio.
Here are the best Cyberpunk 2077 collectibles and merch
Cyberpunk 2077 is a huge game, and is accompanied by a massive pool of collectibles, accessories, and merch for everyone from hardcore collectors to dabbling fans. Here are the best collectibles and merch for Cyberpunk 2077.