fresh new vuln just dropped!
hertzbleed.com
github.com
M1/M2 users need not worry, amd-pajeets and incels on suicide watch.
Enjoy your locked 3GHZ CPU's KEK
Hertzbleed - it's over for x86lets
Joke's on you, my CPU runs at 2.8GHz.
don;t care, not patching and not updating anything
If it's not doable through browser JS, it doesn't matter for end users.
And all major browsers gimped timing attacks after Spectre.
mitigations=off
>physical access
not my problem, mitigations=off
HAHAHA I know it's just i'm not going to mitigate
>force CPU to run at max frequency all the time
:^)
so what does it do and how am i affected?
M1/M2 is vulnerable as well since it downclocks for power management.
This entire "vulnerability" affects every modern CPU and most not-so-modern ones.
It is literally impossible to exploit since even when running at locked frequency you will be deviating by mHz due to spread spectrum needed for EMI certification.
>M1/M2 users
>What is pacman
>:^)
Go back.
>>:^)
>Go back.
outed yourself as the one needing to go back
>turbo and powersaving are now security vulnerabilities
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>can't read
literally can be used as a remote oracle, which the authors claimed could be used to break SIKE over the network.
how does this affect me though?
>downclocks for power management.
apparently the downclock doesn't seem to be useful oracle, only the CPUs going into their "turbo" frequencies, hitting thermal limits and throttling back that is useful.
>rockstar vulnerability with its own website
>needs read access to root only MSR and RAPL interfaces
omg all your datas are belong to us!!
>Is Hertzbleed a bug?
>No. [It's a] feature
kek
see
Only if the attacked service is running alone on a physical core, which literally doesn't happen.
It doesn't. It's a PR smoke screen for Intel's other vulnerability that got released at the same time. A cherry on top is that this "affects" ARM and AMD.
This is why I don't store any important information on computers.
Then don't use a "post-quantum" rockstar security technology enabling pre-quantum security holes.