|
|
Subscribe / Log in / New account

Meltdown strikes back: the L1 terminal fault vulnerability

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 15, 2018 13:26 UTC (Wed) by fuhchee (guest, #40059)
Parent article: Meltdown strikes back: the L1 terminal fault vulnerability

How many more such bugs are needed to undermine confidence in shared cloud servers, and have companies retrench to on-premises computing? It would be ironic if Intel were to benefit from their bugs by virtue of motivating a purchasing stampede for private data center hardware.

to post comments

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 15, 2018 14:02 UTC (Wed) by adam820 (subscriber, #101353) [Link] (1 responses)

They probably make more from the massive horizontal growth of cloud providers. They win either way, really; how many bugs are needed to make a shift to a different architecture (POWER, maybe?), or to stop using Intel-based arch's altogether?

Even better would be to spend more time with more researchers looking for this kind of stuff before these devices ever get released. Can't catch 'em all, though.

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 15, 2018 23:32 UTC (Wed) by rahvin (guest, #16953) [Link]

Simple, move to AMD, their processors are significantly different and have suffered from very few of the Spectre attacks to which Intel has been vulnerable. From what I've seen it looks like Intel took shortcuts for performance reasons where AMD appears to have done it as securely as possible for the most part. A move to AMD also keeps you on x86 which is significantly cheaper than moving to something like Power.

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 15, 2018 16:29 UTC (Wed) by zdzichu (subscriber, #17118) [Link]

If I've been stocking private DC, I would be buying AMD.

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 15, 2018 21:52 UTC (Wed) by NAR (subscriber, #1313) [Link] (3 responses)

The existence of bugs doesn't cause problems on their own. The actual exploitation of bugs would cause problems. So unless a worm comes around that steals credit card information from all AWS instances, people won't leave the cloud.

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 15, 2018 22:14 UTC (Wed) by marcH (subscriber, #57642) [Link] (2 responses)

Yeah, because we should be very careful to keep "top-secret" the credit card numbers, addresses, date of births and social security numbers that we... keep handing out left and right and that can all be bought for next to nothing on the dark web.

I get your actual point, it's just that you could have chosen a real example as opposed to propagating the American security myth that confuses login and password.

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 18, 2018 22:55 UTC (Sat) by gus3 (guest, #61103) [Link] (1 responses)

Or you could keep your credit rating as poor as possible. Then if someone steals your ID & tries to get a loan using it, the joke's on them. (I would love to see the bank manager's attempts to stifle the laughter...)

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 19, 2018 21:36 UTC (Sun) by zlynx (guest, #2285) [Link]

A friend of mine had his identity stolen and it actually improved his credit. It was probably an illegal immigrant who just wanted an SSN to get a job, etc.

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 16, 2018 15:51 UTC (Thu) by k8to (guest, #15413) [Link]

Keep in mind that "private clouds" often have real security concerns between their various workloads as well. When you're operating at significant scale you have a variety of problems. You have no idea what those various teams are doing, or what software they're running. They run at lot of third party software too, and no one has really analyzed it in every detail to know what it does.

This is mostly sane to do if you set policies that control what software can access what data, but this type of exploit is about circumventing that.

So I don't really see going private cloud as a solution for this type of problem.

You could go "non-converged" and isolate workloads, but I don't think that's on the cards.

Meltdown strikes back: the L1 terminal fault vulnerability

Posted Aug 23, 2018 10:20 UTC (Thu) by davidgerard (guest, #100304) [Link]

You can run AWS instances on separate hardware, or even dedicated hardware. It just costs more. (And some fancy AWS functions aren't available at the higher levels of separation, though I'm not sure on specifics.)

At this stage I think it'd be remarkable if IT in general goes back to in-house hosting from the cloud providers. Renting compute just makes IT management so ridiculously easier. Particularly when you get into Terraform etc, where you can literally program what infrastructure you have. I haven't been in a machine room for over five years now, and have no plans to go back.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds