The Meltdown and Spectre attacks revealed earlier in 2018 kicked the year off with a concerning bang due to the wide range of hardware affected. Since they were disclosed, Microsoft, AMD, Intel, and other companies have managed to limit the potential for widespread attacks with a series of hardware and software mitigations. Still, new variants on the attack continue to be discovered, and the latest widens the potential pool of devices impacted.
Discovered by researchers at Graz University of Technology, the new attack, dubbed NetSpectre (via Ars Technica), has one major advantage over the previously disclosed attack vectors: it can be executed remotely. According to the researchers, NetSpectre allows an attacker to read the memory of a system without having to execute any code locally.
Fortunately for potential victims, there are two major aspects of this attack that bend fate in their favor. The first is that this method of attack is incredibly slow: researchers were only able to demonstrate leaking data at a rate of between 15 bits and 60 bits per hour. Second, because the method described relies on the Spectre variant 1 attack, existing mitigations, released after the original Spectre attack was first described earlier this year, should protect devices that have been patched.
For a detailed overview of the attack, you can read the white paper released by the team of researchers at Graz University of Technology.
Updated July 27, 2018: Intel has reached out with a statement on NetSpectre, confirming that it can be mitigated in the same manner addressed by previous Spectre patches. From Intel:
NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753), and is mitigated in the same manner – through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate. We provide guidance for developers in our whitepaper, Analyzing Potential Bounds Check Bypass Vulnerabilities, which has been updated to incorporate this method. We are thankful to Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp, & Stefan Mangard of Graz University of Technology for reporting their research.
The 300Hz display on the Razer Blade 15 is way ahead of its time
Our favorite gaming laptop now has a 300Hz display option and it's smoother than your eyes can really see.
Microsoft aims to compete with PS5 in Japan with Xbox Series S price drop
Microsoft is cutting the cost of the PS5 in Japan to better position the console as a cheaper alternative to the PS5. The price drop was announced during the company's first appearance at the Tokyo Game Show in six years.
Review: Serious Sam 4 is seriously lame
Serious Sam 4 marks the return of Serious Sam and his brand of old-school arena shooter carnage. But how does it compare to its contemporaries? Unfortunately, Seriously Sam has aged less than gracefully.
The best third-party NVIDIA GeForce RTX 3090 GPUs for 4K gaming
The NVIDIA GeForce RTX 3090 series of graphics cards are incredibly powerful, unlocking 4K gaming at high frame rates. If you want to experience the best PC gaming has to offer, you'll want one of these GPUs.